Tech Panda Docs

     My Rip It fueled brain can't keep up anymore

Decrypt pfSense Config File

Published:
14 September 2024

Downloaded configs tested on:
PfSense 2.7.2 CE
PfSense 2.6.0 CE
PfSense 23.09 Plus
PfSense 22.05 Plus

Operating Systems tested on:
Ubuntu 22.04 "Jammy Jellyfish (ARM)"

Description:

Downloading the pfSense configuration file is a good thing to be doing. This should be down with caution though, the configuration will have all your VPN Username/Passwords in plaintext. When downloading the configuration file it is a good idea to download it encrypted. Sometimes you want to reference the configuration file and that is where this tutorial helps out. Decrypting the configuration file is quite easy with linux.

Dependency Check

Verify you have all the appropriate dependancies required for the commands
Requirements: grep, coreutils, openssl

### Dependency Check ###

# Run Bash Loop through "coreutils" "openssl"
for program in base64 openssl;
do
echo "Checking ${program}"
 # If the program fails to have a linked binary, the program will attempt to be installed
which ${program} || sudo apt install ${program} -y || sudo apt install coreutils -y;
done

Step 1

Navigate to the folder that contains your encrypted pfSense configuration file

### Navigate to the pfSense config file directory ###

# You will need to adjust the path for your situation
cd /home/user/Downloads

Step 2

Run the decryption command

### Decrypt the configuration file ###

# You will need to adjust some parts for your situation
# This command has a "\" in it, that just means the command continues on the next line
# Linux will recognize this and let you copy multiple lines at once, as if it was all one line
grep -v "config.xml" encryptedconfig.xml | base64 -d | openssl enc -d -aes-256-cbc -out decryptedfile.xml \
-salt -md sha256 -pbkdf2

# You will be prompted for the decryption password

Step 3

Verify the file decrypted

### Verify file is now decrypted ###

# You will need to adjust some parts for your situation
cat decryptedfile.xml
# You successfully decrypted the file if you can read the output



Tech Panda Docs was created for educational purposes and nothing depicted by this site is officially supported by anyone

If you choose to do anything mentioned above you are doing it at your own risk