I've recently set up OPNsense and wanted to migrate my old client configuration to it. I was hoping to not do so manually. I have a feeling that I can't simply run "wg addconf" from the shell, in order to get a client configured properly in OPNsense's configuration for wireguard.
Any suggestions? Thanks.
No, this wont work. Only If you use it without all GUI features which might be the reason why you migrate to OPN
That's what I figured. It also looks like the API isn't complete for this functionality. api/wireguard/client/get
works as expected, but api/wireguard/client/addClient returns 501 Not Implemented.
I'm tempted by the thought of exporting a configuration xml for the whole system, manually editing the configuration in, and then importing, but I don't really want to deal with the fallout if I make a mistake and blow up my OPNsense install.
The API works, just use F12 in Browser and add a peer, it will shou you the correct syntax
Easier said than done, hah, that's well outside my experience. If I hunt through the page source I can find stuff like this:
$("#grid-clients").UIBootgrid(
{ 'search':'/api/wireguard/client/searchClient',
'get':'/api/wireguard/client/getClient/',
'set':'/api/wireguard/client/setClient/',
'add':'/api/wireguard/client/addClient/',
'del':'/api/wireguard/client/delClient/',
'toggle':'/api/wireguard/client/toggleClient/'
}
);
...which doesn't really tell me anything, since I know of those from the documentation. https://docs.opnsense.org/development/api/plugins/wireguard.html
What I can say is that this works:
curl -s -k -u $KEY:$SECRET https://$HOST/api/wireguard/client/get
And outputs something like this:
{"client":{"clients":{"client":{"aaaaaaaa-aaaa-aaaa-aaaaaaaaaaaaaaaaa":"enabled":"1","name":"Test","pubkey":"asdasdasdasdasdasdasdasdasdasdsa","psk":"",
"tunneladdress":"192.168.2.2\/24":"value":"192.168.2.2\/24","selected":1}},"serveraddress":"","serverport":"","keepalive":""}}}}}
But this returns a 501 Not Implemented:
curl -X port -d '' -k -u $KEY:$SECRET https://$HOST/api/wireguard/client/addClient
Even then, I don't know how to properly format the JSON input for the above. If I try this:
curl -X POST -d '{"client":{"enabled":"1","name":"Test","pubkey":"asdasdasdasdasdasdasdasdasdasdsa","psk":"","tunneladdress":"192.168.2.2\/24":"value":"192.168.2.2\/24","selected":1}},"serveraddress":"","serverport":"","keepalive":""}}}' \
-H "Content-Type: application/json" -k -u $KEY:$SECRET https://opnsense.fung.us/api/wireguard/client/addClient
... it returns: {"result":"failed"}
Anyways, I don't know enough about web application technology to look at this and know what to do, and I didn't really find enough OPNsense API examples in my searches to find some code to "borrow." :)
The GUI is only using the API, so this has to work some way, but noone said its easy enough to write small batch scripts (like with most API use cases)