Cloud Backup — OPNsense documentation (2024)

OPNsense

Wiki & Documentation
0f558cd

Introduction
Security
Releases
Business Edition
Installation and setup
Official hardware
Lobby
Reporting
System
- Access / User Management
- Configuration
  - Backup
    - Cloud Backup
    - Traceability of configuration changes using Git
  - Defaults
  - History
- Firmware
- Gateways
- Gateway groups / Multi WAN
- High Availability
- Routes
- Settings
- Trust
- Log Files
- Diagnostics
- Setup guides
Interfaces
Firewall
Virtual Private Networking
Services
Community Plugins
Third-party Plugins
Troubleshooting
Development Manual
Project Relations
Legal notices
Support Options
Contribute
History

»
System »
Configuration »
Cloud Backup

Google Drive and Nextcloud¶

Google Drive is a digital file storage and management service by theinformation technology company Google. Amongst other features, likecollaborative editing of documents, spreadsheets, and presentations, itallows signed up users with an account to store and share files in thedigital cloud.

Nextcloud is also an online storage but in contrast to Google Driveit is intended for self hosting. You can download it freely from theirwebsite and install it on your webserver.

The OPNsense configuration can be stored as a backup file in XML format,to your PC on an USB stick or remotely in the digital Google Drivecloud.

Free online storage¶

Because Google officially offers a free storage of 15 GB and nearlyunlimited traffic, a remote backup of an OPNsense configuration file isfree of charge, the only thing you need is an account at Google(Google Drive Signup) .

Easy API¶

An application programming interfaces (API) for Google Drive wasreleased in 2013. This API empowers third-party developers to easilywrite apps for Google Drive.

Nextcloud is using WebDAV which works without a special libraryso data can be sent directly to the server without a special clientlibrary (for example, a file upload is just a HTTP PUT call).

Remote backup¶

In OPNsense¹ you can backup your configuration directly andautomatically to Google Drive and Nextcloud, using the new backupfeature. Every backup to Google Drive will be encrypted with the samealgorithm used in the manual backup so it’s quite easy to restore to a newinstalled machine.

After set-up, the backup feature will run a first backup of the OPNsenseconfiguration file. Then, if the configuration is subsequently changed, a new backup will be run once per day early in the morning.

Setup Google API usage¶

The instructions below apply to a standard Google account. Some of the settings appear slightly differently for Google Workspace (formerly G Suite) accounts.

A standard Google account can be created here.

1. Set up a Google Project¶

First you need to set up a project in the Google developer console.

Go to the developer console and log into your Google account.
On the “Manage resources” page that appears, click on the + CREATE PROJECT button:
On the next page enter a name for your project, for example “OPNsense Backups”. You may leave it as the default name (“My Project #####”), as it does not really matter. Then click on the CREATE button:
Now enable the Google Drive API for your project. In the search bar at the top of the page, search for “Google Drive API” and click on the corresponding search result:
On the next page, make sure your project name (for example “OPNsense Backups”) is displayed at the top of the page - if not, select it in the dropdown. Then click the ENABLE button:
Now create a service account for your project. In the search bar at the top of the page, search for “service accounts” and click on the corresponding search result:
Click on the + CREATE SERVICE ACCOUNT button:
Enter an account name (for example “OPNsense”) and a description (for example “OPNsense Backups service account”), then click the CREATE button:
Click the CONTINUE button on the next page:
Then click the DONE button:
On the next page, take a note of the email address for your new service account - you will need it later. Then click on the three vertical dots under the Actions heading for your service account, then click on Create key:
In the popup screen, select P12, and click CREATE:
You will be prompted to download the key. Do so, and then click CLOSE in the popup screen.
Now click on the newly created Service Account:
Write down the Unique ID of the Service Account. This ID will be your Client-ID in the OPNSense Google Drive backup:

2. Set up a Google Drive folder¶

The next thing is to create a folder in Google Drive and share it to the service account you’ve just created.

Go to https://drive.google.com. You should be still logged into your Google account, otherwise log in.
Click + New (upper left of the screen) and select Folder in the dropdown menu that appears:
Enter a name for the folder (for example “OPNsense Backups”, it doesn’t really matter) and then click the CREATE button:
Right-click the newly created folder and click Share in the dropdown menu that appears:
Paste the email address for the service account into the “Add people and groups” box, press Enter and then click the Send button that appears:
Now double-click on the folder to open it and take a note of the folder ID from the URL - you will need it later. The folder ID is the last piece of the URL after /folders/:

3. Set up the account in OPNsense¶

Now put it all together in OPNsense.

Log into your OPNsense firewall and go to the backup feature. It is located at System ‣ Configuration ‣ Backups.

Scroll down to the Google Drive section and and enter the following values:

Enable
checked
Email Address
enter the Unique ID number of the service account you created
P12 key
click the Choose file button and select the P12 key you saved earlier to upload it
Folder ID
paste the Google Drive folder ID that you copied earlier
Prefix hostname to backupfile
checked or unchecked as desired (useful if you have multiple OPNsenses)
Backup Count
enter the number of backups you want to keep
Password
choose a strong password to encrypt the backup
Confirm
re-enter the strong password

Then click the Setup/Test Google Drive button. OPNsense will automatically save and test your settings and you will receive either an error (connectivity issues) or a message saying “Backup successful” with a list of files currently in the backup.

The moment the feature is enabled, it will do a daily compare of the last file in backup and the current configuration and create a new backup when something has changed.

Setup Nextcloud API usage¶

1. Step Create a new user¶

Click on the user icon top right and click “Users”.In the new page, enter an username and a password into the boxes and clickcreate to create a new user.

2. Step Create an Access Token¶

Close the modal dialog and remove the default files.Then open the Settings menu (also in the menu top right).Switch to security and generate a App password.

Copy and store the generated password.

3. Step Connect OPNsense with Nextcloud¶

Scroll to the Nextcloud Section in System ‣ Config ‣ Backup and enter thefollowing values:

Enable	checked
URL	Base URL of your Nextcloud installation like https://cloud.example.com
User	your choosen username
Password	paste your app password from step 2
Backup Directory	a name consisting of alphanumeric characters (keep default)

4. Step Verify the Configuration Upload¶

When everything worked, you will see the newly created directory after savingthe settings:

If you open it, you will see at lease a single backed up configuration file:

References

Official website of Google Drive

Notes

¹ As of OPNsense version 15.1.8.2 (25 March 2015)

Enable	checked
Email Address	enter the Unique ID number of the service account you created
P12 key	click the Choose file button and select the P12 key you saved earlier to upload it
Folder ID	paste the Google Drive folder ID that you copied earlier
Prefix hostname to backupfile	checked or unchecked as desired (useful if you have multiple OPNsenses)
Backup Count	enter the number of backups you want to keep
Password	choose a strong password to encrypt the backup
Confirm	re-enter the strong password