Hi Michael, The only other tarsnap-like solution I'm aware of is "duplicity", but that requires a lot of packages/libraries we don't have in AstLinux.
** perform you own due diligence with the untested code below ** You could create a tar archive of /mnt/kd/openvpn/ and encrypt it using openssl using a password, something like ... First generate a persistent local random password: -- openssl rand -base64 33 > /mnt/kd/openssl-backup.key -- Don't lose this password !!! Back it up elsewhere. Generate a tar.gz file, encrypt and copy, then remove: -- cd /tmp tar czf openvpn.tar.gz -C /mnt/kd/ openvpn openssl enc -aes-256-cbc -salt -in openvpn.tar.gz -out openvpn.tar.gz.aes -pass file:/mnt/kd/openssl-backup.key scp openvpn.tar.gz.aes u...@example.com:/backup/dir/ rm openvpn.tar.gz openvpn.tar.gz.aes -- To decrypt: (Use /mnt/kd/openssl-backup.key contents as password) -- mkdir restore openssl enc -aes-256-cbc -d -in openvpn.tar.gz.aes -out restore/openvpn.tar.gz enter aes-256-cbc decryption password: -- ** perform you own due diligence with the untested code above ** Lonnie > On Jul 30, 2018, at 5:01 PM, Michael Knill > <michael.kn...@ipcsolutions.com.au> wrote: > > Hi thanks Lonnie and Michael. > > Sorry I should have mentioned that I actually already have a backup solution > which uses SSH and SCP. > I am just concerned about storing these files securely on the backup host? > > Regards > Michael Knill > > On 31/7/18, 12:15 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: > > >> On Jul 30, 2018, at 3:46 AM, Michael Keuter <li...@mksolutions.info> wrote: >> >> >>> Am 30.07.2018 um 02:17 schrieb Michael Knill >>> <michael.kn...@ipcsolutions.com.au>: >>> >>> Hi Group >>> >>> I have a number of sites that have phones connected via OpenVPN and I would >>> like to back up the cert files on the Astlinux OpenVPN server e.g. >>> /mnt/kd/openvpn/webinterface/keys. Is there anything else I should be >>> backing up if I need to completely rebuild the Astlinux server? >>> I am also concerned about the security of doing so in case my backup server >>> is compromised. >>> Any recommendations on what I should do? >>> >>> Regards >>> Michael Knill >> >> Hi Michael, >> >> one easy solution would be our included tarsnap-backup. You can backup >> multiple systems with a single tarsnap-account: >> >> https://doc.astlinux.org/userdoc:tt_tarsnap_online_backup >> >> We have already pre-configured the most important files. >> >> Michael > > +1 for Tarsnap > > It has been almost one year since I started Tarsnap backups on 7 boxes > nightly (mostly default settings, prune at 30 days), started my Tarsnap > account with $5.00, my account is now $4.83 . > > I trust Tarsnap's crypto, perform your own due diligence. > > Any "backup service" can discontinue a product at any time, you only hope > you have time to migrate elsewhere. Colin and his brother Graham seem to have > a good, low-overhead business model with Tarsnap, fortunately not all their > users are like myself. :-) > > > Michael (AU), to your first question, you should backup all of > /mnt/kd/openvpn/ in a secure end-to-end method. > > Lonnie > > PS, these are the standard tarsnap-backup /mnt/kd/ directories > (recursively) and files automatically backed up ... > -- > dirs="rc.conf.d crontabs arno-iptables-firewall avahi monit keepalived > openvpn ipsec wireguard snmp ssl ssh ssh_keys ssh_root_keys ups" > if [ "$ASTERISK_DAHDI_DISABLE" != "yes" ]; then > dirs="$dirs asterisk dahdi fop2 custom-agi phoneprov/templates" > fi > files="*.conf *.script rc.elocal rc.local rc.local.stop blocked-hosts > dnsmasq.static webgui-prefs.txt" > -- > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
