RANCID stores the configuration of network devices http://www.shrubbery.net/rancid/ and is useful to track any changes and replace a dead device. I have written a simple compat script for pfSense that works well enough to get RANCID to parse and store it. It just emulates a Cisco device, rather than adding a new parser.
To use it you need to create a user in pfSense which then has a public key assigned, I have named mine `rancid`. Follow these steps to set it up
- Create a SSH public key on the RANCID server under the user’s account who performs the scheduled run
- Under the pfSense user admin page add the public key to the rancid account but prefix it with
command="/home/rancid/bin/rancid-compat"
- On the pfSense box make the directory /home/rancid/bin and place the rancid-compat script in there, ensure it has execute permissions (750)
- Add the pfSense hostname to your routers.db as a cisco device
- Set up the RANCID cloginrc connection options in .cloginrc
add user pfsense.example.com rancid add cyphertype pfsense.example.com aes256-ctr add autoenable pfsense.example.com 1 add method pfsense.example.com {ssh} - Now execute rancid-run and hope for the best!