My solution was to allow creating a configuration backup archive through the web interface that could then be downloaded, uploaded, and restored. This would allow for configuration backups and restores to be done from any machine that could access the IPCop web interface. The first implementation was based on IPCop v1.2. It provided the basic functionality, but was not secure, and was not especially easy to install as that had to be done manually. The current implementation is based on IPCop v1.3.0, provides the missing security, and has an install script to make that part a little easier. IPCop v1.2 is also supported.

Note: This functionality is included in IPCop starting with v1.4.0. Because of this, the files that were here are no longer available for download. This page is left for documentation purposes.

Functionality

The basic feature set consists of:

1. Backup configuration to an archive
2. Restore configuration from an archive
3. Download configuration archive
4. Upload configuration archive

This provided the core functionality and the first implementation had this capability. To that, we need to add security, but still keep flexibility for setting up new IPCop machines and for managing multiple IPCop machines.

The basic requirement for security is:

• Do not allow restoring an archive not created on that IPCop machine.

This requirement is met by encrypting/decrypting the archive using a random key that is generated and stored in a file on that IPCop machine. The randomness helps ensure uniqueness among different IPCop machines. Storing the key in a file allows restoring archives without having to manage the specifics of each individual archive that is created. Encrypted configuration archives have a .dat file extension.

The flexiblity requirements are:

• If it is a new IPCop setup, the configuration from another machine should be installable.
• Make managing multiple IPCop machines easier in this implementation compared with the first implementation.

The determination as to whether it is a new setup is whether the generated encryption key file exists. Once a configuration archive has been created and an encryption key file has been generated, that machine is no longer considered new. Unencrypted configuration archives have a .tar.gz file extension. In an effort to make the downloading/uploading of configuration archives easier for multiple machines, the base of the configuration archive file name is the name of the machine. For example, if an IPCop machine is named ipcop123, the configuration archives will be named ipcop123.dat and ipcop123.tar.gz on that machine.

To briefly recap what gets created and what gets restored, it is this:

1. Creating a configuration archive results in both encrypted and unencrypted archives.
2. If an encryption key file does not exist (new IPCop setup), creating configuration archives will generate the file.
3. An unencrypted archive (.tar.gz) can only be restored on a machine that does not have an encryption key file, i.e., an archive has not yet been created on that machine.
4. An encrypted archive (.dat) can only be restored on the machine it was created on because a matching encryption key file is required to decrypt the archive.

Using The Backup Web Interface

A web interface is provided for using the configuration backup functionality. It is located by navigating to System and to backup from the menus. A box surrounds the backup information and controls. The information box at the bottom of the page displays the output performed during a backup to floppy disk. If an error occurs during the upload, creation, or restoration of an archive, a message will be displayed in an error box above the backup configuration box. Normally, the error box is not displayed.

The backup configuration box is divided into three sections. The top section identifies the configuration archive files. The names used for the archive files are displayed on separate rows for the encrypted and unencrypted archives. If the archive file does not exist, a message to that effect is displayed. If the file does exist, the date and time of the file is displayed along with an Export link for downloading the file.

The center section contains the controls for managing the archives. The first row has the Create and Restore buttons. The Create button creates new configuration archives on the IPCop machine. If it is the first archive creation on that machine, the encryption key file is also created. The Restore button restores the configuration from one of the archive files displayed in the top section of the box. After restoring an archive, a reboot is suggested.

Below the row of Create/Restore buttons are controls for importing/uploading an archive file. An entry field for a local file name is on the left side. Immediately to the right of the entry field is a Browse button for locating a file on your computer. On the right side is an Import button. The full name of the button indicates what type of file to import. It will say Import .tar.gz if an unencrypted .tar.gz archive file can be imported. It will say Import .dat if a matching, encrypted .dat archive is required.

The bottom section is for backing up to a floppy disk. The Backup to floppy button initiates the process. In order to back up to a floppy disk, the floppy disk must be in the drive before the button is pressed.

Implementation Details

In addition to the changes to the backup.cgi web page, there are two new binary files for backing up a configuration and restoring a configuration. These are named ipcopbkcfg and ipcoprscfg respectively. The source code for these is available separately. The backup web directory is protected with an httpd.conf entry. Additional languages entries are added to the en.pl file.

The encryption key file is generated by using ipsec ranbits 256. The encryption/decryption of the .dat archive is done using openssl des3.

ipcopbkcfg — If the encryption key file does not exist, one is created. The unencrypted .tar.gz archive is created and then encrypted to the .dat archive.

ipcoprscfg — If the encryption key file exists, the encrypted .dat must also exist. If it does, it is unencrypted to a temporary .tar.gz file. if the encryption key file does not exist, the encrypted .dat file must not exist either. The unencrypted .tar.gz is copied to a temporary .tar.gz file. A temporary directory is created for testing the .tar.gz file, which is untarred to that directory. The temporary directory is then removed and the real untar done to replace the configuration files.

install.sh — The install script handles untarring the archive, creating the backup directory, setting the file and directory, permissions, adding the ignore entry to exclude.system, including the backup.conf in httpd.conf and adding the new language entries to the en.pl language file. This makes for a much simpler installation process than the prior implementation.

Download Files

These files work with IPCop v1.2 through v1.3.0. If you have a problem with them, please let me know. Caveat: Only the English language text is included at this time. Note: This functionality is included in IPCop starting with v1.4.0. Because of this, the files that were here are no longer available for download. This page is left for documentation purposes.

• ipcopbkcfg.tar.gz (New backup files)
• install.sh (Installation script)
• ipcopbkcfg_src.tar.gz (Source files for new binaries)

Installation Instructions

1. Use SCP to put the files on the IPCop machine.SCP ipcopbkcfg.tar.gz to /tmp/ipcopbkcfg.tar.gzSCP install.sh to /tmp/install.sh
2. SSH to the IPCop machine and log in as root
3. Change to the /tmp directory# cd /tmp
4. Make the install script executable# chmod +x install.sh
5. Run the install script# ./install.sh

After the above, the new backup functionality should be installed and ready to use.