What's new

Backing up Router Config

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Lynx

Senior Member
Just wondering - do most people regularly backup their JFFS / USB config?

I created the following simple backup script to upload router config and tarballs of JFFS and the USB mount to OneDrive, which script could in theory be called every boot. But I am dubious that that is necessary?

Script updated in the light of comment(s) below.

Code:
#!/bin/bash

log_file="/mnt/SanDisk/upload-router-config-log.txt"
usb_dir="/mnt/SanDisk"
rclone_config_file="/jffs/configs/rclone_config"
upload_dir="OneDrive:/Scripts/ASUS Router/Router Config"
rclone_exclude_file=/jffs/scripts/rclone_exclude

FWVER="$(nvram get buildno 2>/dev/null)"

df -h /jffs "$usb_dir"

echo "Skipping the following files:"

du -h /mnt/SanDisk/$(cat "$rclone_exclude_file")


echo "Backing up router config ..."
nvram save "$usb_dir"/cfg_"$FWVER".cfg
if rclone --config "$rclone_config_file" move  "$usb_dir"/cfg_"$FWVER".cfg "$upload_dir" >"$log_file" 2>&1; then
    echo "... router config backup complete."
fi

echo "Backing up JFFS ..."
if tar -cf - -C /jffs . | rclone --cache-writes --cache-dir "$usb_dir" --config "$rclone_config_file" rcat "$upload_dir"/jffs_"$FWVER".tar >"$log_file" 2>&1; then
    echo "... JFFS backup complete."
fi

echo "Backing up USB ..."
if tar -czf - -C "$usb_dir" . -X "$rclone_exclude_file" | rclone --cache-writes --cache-dir "$usb_dir" --config "$rclone_config_file" rcat "$upload_dir"/usb_"$FWVER".tar.gz >"$log_file" 2>&1; then
    echo "... USB backup complete."
 
Last edited:
No. There is no need to when fully setting it up from scratch is a 10-minute job. :)
 
Just wondering - do most people regularly backup their JFFS / USB config?

I created the following simple backup script to upload tarballs of JFFS and the USB mount to OneDrive, which script could in theory be called every boot. But I am dubious that that is necessary?

Code:
#!/bin/bash

log_file="/mnt/SanDisk/upload-router-config-log.txt"
usb_dir="/mnt/SanDisk"
rclone_config_file="/mnt/SanDisk/rclone_config"
upload_dir="OneDrive:/Scripts/ASUS Router/Router Config"
rclone_exclude_file=/jffs/scripts/rclone_exclude

FWVER="$(nvram get buildno 2>/dev/null)"

df -h /jffs "$usb_dir"

echo "Skipping the following files:"

du -h $(cat "$rclone_exclude_file")

echo "Backing up JFFS ..."
if tar -czf - -C /jffs . | rclone --cache-writes --cache-dir "$usb_dir" --config "$rclone_config_file" rcat "$upload_dir"/jffs_"$FWVER".tar.gz 2>&1 >"$log_file"; then
    echo "... JFFS backup complete."
fi
echo "Backing up USB ..."
if tar -czf - -C "$usb_dir" . -X "$rclone_exclude_file" | rclone --cache-writes --cache-dir "$usb_dir" --config "$rclone_config_file" rcat "$upload_dir"/usb_"$FWVER".tar.gz 2>&1 >"$log_file"; then
    echo "... USB backup complete."
fi
i do, i have a nightly job that tars up jffs and entware, and dumps it on a network share mounted on the router itself
 
I only ever backup NVRAM and JFFS. Everything on the USB drive is disposable.

N.B. The firmware doesn't have bash. Even though some models have a soft link for it it just points to busybox which doesn't fully support bash.
 
I only ever backup NVRAM and JFFS. Everything on the USB drive is disposable.

N.B. The firmware doesn't have bash. Even though some models have a soft link for it it just points to busybox which doesn't fully support bash.
Is that using the amtm NVRAM utility? Is there a difference between this and 'saving configuration file' + 'saving JFFS' in the GUI?
Does the utility allow a regular save, e.g. upon reboot or cron job?
 
No. There is no need to when fully setting it up from scratch is a 10-minute job. :)
The JFFS partition contains more than just settings, it also contains data, and unique content such as OpenVPN keys and certs. If you lose your JFFS partition and you don't have any backup, then it means you will need to reconfigure every single client that was connecting to you if you were running an OpenVPN server, since you would have lost your server's private keys.
 
On a side note, your script uses the following syntax.

Code:
… 2>&1 >"$log_file"

This will NOT send stderr to the logfile (assuming that's your intent). It continues to send stderr to the console. And that's because redirection occurs left to right. This command sends the output from descriptor #2 (stderr) to where descriptor #1 is pointing, which is still the console. Then it changes descriptor #1 to point to the file.

If you want stderr to be sent to the file, you need to reverse it.

Code:
… >"$log_file" 2>&1

Now descriptor #1 gets sent to the file, and descriptor #2 (stderr) also gets sent to that same file because descriptor #1 has been changed to the file at that point.
 
The JFFS partition contains more than just settings, it also contains data, and unique content such as OpenVPN keys and certs. If you lose your JFFS partition and you don't have any backup, then it means you will need to reconfigure every single client that was connecting to you if you were running an OpenVPN server, since you would have lost your server's private keys.
And I contend that the router is not the place for the source of backups.

I consider routers as dispensable hardware. And treat them as such.
 
By the way, I understand that something like 'tar -cf save.tar -C /jffs .' gives the equivalent of the GUI jffs save, but what is the equivalent of the GUI configuration settings save?
 
By the way, I understand that something like 'tar -cf save.tar -C /jffs .' gives the equivalent of the GUI jffs save, but what is the equivalent of the GUI configuration settings save?
you could probably dump
Code:
nvram show
to a file, unless nvram has a dump argument (never tried!)
 
And I contend that the router is not the place for the source of backups.
Hence, the use of a backup script as the OP suggested. There is more to a router configuration than just a few radio buttons on the webui, some of it is much more time-consuming to redo.
 
For some, yes. They want or need their networking complicated.

Getting a router secure and stable is not time consuming though. Using backups 'blindly' is a good way to ignore new features, fixes and missing on the latest security standards. Not to mention effectively rendering a reset moot.

Backups are good. But in my experience, routers don't always respond as expected with them.
 
I just use WinSCP to backup whatever files I need.
That's one way. You can also use the Backup JFFS button on the webui, that will generate a tarball which you can open if you wanted to only recover specific files from it.
 
nvram save mybackup.cfg
Thanks. I have updated my example config above. I assume that the NVRAM utility can be used in the reverse way to fully reset the configuration as set out in the GUI? I have updated my example config above.
On a side note, your script uses the following syntax.

Code:
… 2>&1 >"$log_file"

This will NOT send stderr to the logfile (assuming that's your intent). It continues to send stderr to the console. And that's because redirection occurs left to right. This command sends the output from descriptor #2 (stderr) to where descriptor #1 is pointing, which is still the console. Then it changes descriptor #1 to point to the file.

If you want stderr to be sent to the file, you need to reverse it.

Code:
… >"$log_file" 2>&1

Now descriptor #1 gets sent to the file, and descriptor #2 (stderr) also gets sent to that same file because descriptor #1 has been changed to the file at that point.
Many thanks! I have updated my example config above.

Also gents, I took a look at the NVRAM/jffs save script in amtm:


is this not a little over complicated?
 
Last edited:
Thanks updated config above. Can this be used to fully reset the configuration as set out in the GUI?
Reset? You mean restore? The file created by "nvram save" is the same as that created by the GUI. To do a complete restore you need to reload the NVRAM backup and the JFFS backup because some of the NVRAM variables have been moved into jffs. And as RMerlin said, the VPN stuff is in jffs as well, not to mention all the custom scripts and configs.


I took a look at the NVRAM/jffs save script in amtm:


Is this not a little over complicated?
The utility does more than just simple backups and a restores.
 
Yes I meant restore.

So I think my script above allows backing up everything to the cloud (router config, JFFS and USB).
 
Also gents, I took a look at the NVRAM/jffs save script in amtm:


is this not a little over complicated?
A little complicated? Yes. But there are good reasons.

First, the method you are doing will work great to restore a router to the same router and firmware release. Very handy when trying new/different things and it goes pear shaped. A quick nvram and jffs restore and reboot - back to "normal".

Unfortunately it does not always work (sometimes it will) as firmware updates occur. Nvram especially. This is why you do a factory reset AFTER loading a new release level of firmware. In some cases, Asus changes/adds nvram variables that are not in a previous release. These are variables not adjusted or changed by the WebUI - the things we as users have control over.
It also won't work if you want to change routers - say upgrade from an AC86 to an AX86. Nvram contains (among other things) hardware settings and device addresses - both potentially different between routers.


Nvram-save.sh was actually started by @john9527 quite a while ago (I think 2014). Its intent was to overcome the above issues. It intelligently backs up variables based on router type, firmware revision level etc. Pretty much every button, form, field, setting a user could change in the WebUI. Carefully avoiding the "hidden" nvram variables that should not be backed up. As a result, it could restore your "settings" going from one firmware release to another.
Optionally you could setup your own .ini file and just backup settings you want to save - like dhcp reservations, port forward info, etc.

Nvram-save.sh also allows migrating settings from one router to another. Again, something "nvram save myconfig.cfg" could or should not do.

I believe over time, @john9527 stopped updating nvram-save.sh since he had his hand full with the various forks supporting legacy firmware/routers.

Luckily @Martineau and @Xentrk picked up support, did some code modernization (again, it was born over 7 years ago!).

As a side benefit, the default action is to both backup nvram and jffs. Very handy.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top