Skip to content

Instantly share code, notes, and snippets.

@alainwolf

alainwolf/MikroTik_backup.sh

Last active January 15, 2024 19:55
Show Gist options
  • Save alainwolf/ca9ad034c1ff4b68b96b3ccd706dd197 to your computer and use it in GitHub Desktop.
Save alainwolf/ca9ad034c1ff4b68b96b3ccd706dd197 to your computer and use it in GitHub Desktop.
Download ZIP
Backup MikroTik RouterOS configuration file on a Synology DiskStation
Raw
MikroTik_backup.sh
#!/bin/ash
#
# MikroTik router configuration backup
# for Synology DiskStation
# Tested on
# DSM 6.1.6-15266 Update 1 - MARVELL Armada XP MV78230 (DS214+)
# MikroTik RouterOS 6.42 - RouterBoard 2011UiAS-2HnD
#
# Author: Alain Wolf <[email protected]> - https://gist.github.com/alainwolf/
# Date/Version: 2018-04-22/1.5
#
# Abort on errors
set -e
#
# Hostname or IP address of the MikroTik router
SOURCE_HOST="router.example.net"
#
# Filename of the configuration backup
FILE_NAME="${SOURCE_HOST}"
#
# OpenPGP key ID for encryption (must be already present in keyring)
PGP_KEYID="0x0123456789ABCDEF"
#
# Where to store the encrypted configuration backup file
TARGET_DIR="/var/services/NetBackup/router/MikroTik"
#
# GnuPG Home Directory of the user running this script
GNUPGHOME="/var/services/homes/${USER}/.gnupg"
#
# --- Do not change anything below this line! ---
#
backup_file="${FILE_NAME}_$( date --universal +%F_%H-%M-%S-%Z ).rsc"
scp_source=${SOURCE_HOST}:/${backup_file}
temp_dir=$(mktemp --directory )
echo
echo "Starting backup of MiKroTik RouterOS configuration from ${SOURCE_HOST}"
echo
# Tell the MiKroTik device to create a configuration backup
ssh ${SOURCE_HOST} export file=${backup_file}
echo "Router configuration saved to ${backup_file} on ${SOURCE_HOST}."
# Download the configuration from the router
scp -B -q -p -r "${scp_source}" "${temp_dir}"
echo "Downloaded router configuration to ${temp_dir}/${backup_file}."
# Compress
gzip --name "${temp_dir}/${backup_file}"
echo "Compressed router configuration file ${temp_dir}/${backup_file}.gz"
# Encrypt
echo "Encrypting archive with OpenPGP key ${PGP_KEYID}"
gpg --homedir ${GNUPGHOME} --batch --trust-model always \
--recipient ${PGP_KEYID} \
--output "${TARGET_DIR}/${backup_file}.gz.pgp" \
--encrypt "${temp_dir}/${backup_file}.gz"
echo "Encrypted file saved to ${TARGET_DIR}/${backup_file}.gz.pgp"
# Clean up
echo "Cleaning up ${temp_dir}."
rm -rf "${temp_dir}"
echo "Cleaned up ${temp_dir}."
# Success
echo
echo "Backup completed. Have a nice day."
echo
Copy link

ghost commented Jan 15, 2024

where is the authentication for the router ? Like how the synology have the access to the router to do the backups and etc ?

@alainwolf
Copy link
Author

The NAS is using ssh terminal commands on the router to make him create the backup. It then uses scp (which also uses SSH) to fetch the backup file from the router to the itself.

For this to work, its assumed that the NAS has a user profile with the ability to login on the router using public key authentication. The server (in this case the router) need the clients (the NAS) public key stored and associated with the user profile. On the client the username can either be stored in an SSH client configuration (~/.ssh/config) along with the private key. One can also use password authentication, but this is not recommended.

Also this is very old. I haven't used it in a long time.
If I remember correctly, I wrote it because I didn't know how to automate and schedule backups in MicroTik OS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment