Messages

For testing verify=false is fine. Did you allow your user that has the API key to access the firmware page?

Well, probably not, Where/How would I do it?

Meanwhile I have assigned all visible privileges to the admins group in groups:access:system, however, it does not make a difference. The connection request still times out.

I just tried the API example, however, no connection seems to be allowed ...
I generated the key and the secret like described in the How-To

Code Select Expand

url = 'https://192.168.99.100/api/core/firmware/status'
# request data
r = requests.get(url,verify=False,auth=(api_key, api_secret))

Is the "verify=False" option correct? I did it, because the How-To says:

Before you can start, make sure your OPNsense has a valid SSL certificate (or choose to ignore it for testing purposes by setting verify=False), don't forget to verify that the selected user may access the firmware page.

Meanwhile I have configured a firewall rule for incoming https traffic on the WAN interface. I can see in the log files that the incoming traffic passes, however, the python script can still not set up a connection.

Which permissions do I have to set to allow access to the API? How can I see what is going wrong?

All freshly written plugins come with an UI and API. We make it a point to build the UI on top of that API, so you can actually automate the operation of any such plugin in any way that you deem appropriate using:

https://docs.opnsense.org/development/how-tos/api.html

Wow, I think that is really a neat architecture. From looking at the how-to page I have got a rough idea how it works. Where would I find the documentation about a plugin's api? Or would I just go down the url IP_addr-> /api ->/core and see what comes next?

Anyway, do not get me wrong. I think the freeradius GUI is nicely done; only when you want to enter a large batch of users it may be time consuming.

> Usermanagement by the Plugin isnt easy enough?

It is easy, but it is very time-consuming. I would prefer a solution that can handle changes automatically and does not require me to login and use the graphical user interface.

Using ftp was just a first guess ... there might be other options.

- Is there a way to login via ssh and instruct the plugin via a command line interface?

- Maybe I can change the template (and not the config file) via ftp, ssh, curl ... ?

- If it is the plugin which causes that the config file is overwritten by the template: Is there an option to use freeradius without the plugin?

Any proposal is very much appreciated.

I would like to manage freeradius configuration files on my computer in the office and then send it to the OPNsense appliance. In particular I want to do the user management in the office with a nice graphical user interface.

What is the most convenient way to send a new users.conf automatically (without logging into the GUI every time) to the OPNsense appliance?

Can I use ftp to place RADIUS configuration files, e.g. users.conf files on the firewall or to read it in from there? There are only 4 hits for ftp in the documentation and none of the results seems to match.

Thanks for all replies.

Finally, setting the flow control from "XON/XOFF" to "None" solved the problem.

Just in case anybody else faces the same problem

I have installed OPNsense-17.7-OpenSSL-nano-i386 and it seems that the system is booting properly.

When the system is booting, I can see all messages properly and after some time I arrive at the login prompt. However, I can not send characters to login. I have to press some keys three or four times before the correct letter appears and some keys do not seem to work at all. Hence, I can not log in and got stuck at this point.

1) Does anybody know, which settings are expected by the serial console of OPNsense?

2) Does anybody know a terminal for Ubuntu which will work "out-of-the-box" (or which is at least easily configurable with the correct settings)?

3) Is there an alternative for login? I can see that one of the boxes interfaces has requested and received an IP-address, however, it will not respond to an SSH request or to an HTTP request to that interface.

I use an ALIX 2D3 board as OPN appliance and try to login via serial console from an Ubuntu 16.04 PC.

My settings for the serial terminal are:
Baudrate: 115200
Data bits: 8
Stop bits: 1
Parity: None
Flow control: XON/XOFF

I have tried the graphical PuTTY client and 'screen" on the CLI. In both cases I can not send data correctly.

Thanks a lot for your help

Markus