Menu
▾
▴
Re: [Astlinux-users] Storing OpenVPN certs
|
From: Lonnie A. <li...@lo...> - 2018-07-30 14:14:42
|
> On Jul 30, 2018, at 3:46 AM, Michael Keuter <li...@mk...> wrote: > > >> Am 30.07.2018 um 02:17 schrieb Michael Knill <mic...@ip...>: >> >> Hi Group >> >> I have a number of sites that have phones connected via OpenVPN and I would like to back up the cert files on the Astlinux OpenVPN server e.g. /mnt/kd/openvpn/webinterface/keys. Is there anything else I should be backing up if I need to completely rebuild the Astlinux server? >> I am also concerned about the security of doing so in case my backup server is compromised. >> Any recommendations on what I should do? >> >> Regards >> Michael Knill > > Hi Michael, > > one easy solution would be our included tarsnap-backup. You can backup multiple systems with a single tarsnap-account: > > https://doc.astlinux.org/userdoc:tt_tarsnap_online_backup > > We have already pre-configured the most important files. > > Michael +1 for Tarsnap It has been almost one year since I started Tarsnap backups on 7 boxes nightly (mostly default settings, prune at 30 days), started my Tarsnap account with $5.00, my account is now $4.83 . I trust Tarsnap's crypto, perform your own due diligence. Any "backup service" can discontinue a product at any time, you only hope you have time to migrate elsewhere. Colin and his brother Graham seem to have a good, low-overhead business model with Tarsnap, fortunately not all their users are like myself. :-) Michael (AU), to your first question, you should backup all of /mnt/kd/openvpn/ in a secure end-to-end method. Lonnie PS, these are the standard tarsnap-backup /mnt/kd/ directories (recursively) and files automatically backed up ... -- dirs="rc.conf.d crontabs arno-iptables-firewall avahi monit keepalived openvpn ipsec wireguard snmp ssl ssh ssh_keys ssh_root_keys ups" if [ "$ASTERISK_DAHDI_DISABLE" != "yes" ]; then dirs="$dirs asterisk dahdi fop2 custom-agi phoneprov/templates" fi files="*.conf *.script rc.elocal rc.local rc.local.stop blocked-hosts dnsmasq.static webgui-prefs.txt" -- |
