Adam's blog: Backing up the router configuration

01 Jul 2022, 348 words

Recently, I have been fond of with Mikrotik routers and their enterprise-grade RouterOS system. There is plenty of possible configuration, which gives me great freedom of choice in how I want my home network to operate. Because setting everything, including VPN, guest network and more may take quite a lot of time, it is a good idea to backup the configuration.

The idea

My idea is to have a scheduled script that will save the router configuration to a directory inside my self-hosted NextCloud instance. This will also save me the hassle with versioning the backups, as NextCloud itself takes care of this.

The backup on the router is saved to its disc, which is accessible trough SFTP protocol, while the NextCloud can be accessed through WebDAV. RClone is an open-source solution that can manage both.

The implementation

  1. Create a new account and group on the router – config-backup. When creating the group, I have to make sure to check ssh, ftp, read, write, policy, test and sensitive permissions.

  2. Add router entry to a ssh config on the machine on which will the scheduled script run:

    Host router
     HostName router
     User config-backup
     IdentityFile /secret/ssh_id_rsa
     IdentitiesOnly yes
     StrictHostKeyChecking yes
    
  3. Create new RClone remote for the router using SFTP

    [router]
    type = sftp
    host = router
    user = config-backup
    disable_hashcheck = true
    key_file = /secret/ssh_id_rsa
    
  4. Create new RClone remote for the NextCloud using WebDAV

    [adam-cloud]
    type = webdav
    url = https://cloud/remote.php/dav/files/Adam/
    vendor = nextcloud
    user = Adam
    pass = *****
    
  5. Finally, combine all these setting inside a single Bash script

    #!/bin/bash
    ssh router -- /system/backup/save name=config.backup dont-encrypt=no password=123456 &&
    rclone copy router:/config.backup adam-cloud:/Archive/router-config/ &&
    ssh router -- /file/ remove config.backup
    

And that’s it. After running the Bash script, the router configuration backup is saved into my NextCloud.