Text only | Text with Images

OPNsense Forum

English Forums => 25.7 Series => Topic started by: blusens on August 06, 2025, 09:29:38 AM

Title: Alias API to replace address instead of append
Post by: blusens on August 06, 2025, 09:29:38 AM
Hi,

I have 2 locations with ipv6 dynamic pd and each location uses dyndns with Cloudflare (i.e. wan1.example.local).

I want to allow traffic between the ipv6 subnets from these 2 locations and the best way I came up with, is a small script that updates an alias via API, that will run hourly via cron. (then and an allow rule with alias)

My issue so far is that using "/api/firewall/alias_util/add/[alias_name]" will append the new IP to the alias. Can anyone suggest what I should use, so that the new IP replaces the old?

Quotecurl \
  --header "Content-Type: application/json" \
  --basic \
  --user "key/pwd" \
  --request POST \
  --insecure \
  --verbose \
  --data "{\"address\":\"$(dig +short AAAA wan1.example.local | grep ':' | head -n1 | sed 's/$/\/56/')\"}" \
  https://opnsense.firewall/api/firewall/alias_util/add/test_ipv6_alias   
Title: Re: Alias API to replace address instead of append
Post by: blusens on August 13, 2025, 11:48:41 PM
So far this seems like the best way:

Code Select
curl \
  --basic \
  --user "key/pwd" \
  --request POST \
  --insecure \
  --verbose \
  https://opnsense.firewall/api/firewall/alias_util/flush/test_ipv6_alias

curl \
  --header "Content-Type: application/json" \
  --basic \
  --user "key/pwd" \
  --request POST \
  --insecure \
  --verbose \
  --data "{\"address\":\"$(dig +short AAAA wan1.example.local | grep ':' | head -n1 | sed 's/$/\/56/')\"}" \
  https://opnsense.firewall/api/firewall/alias_util/add/test_ipv6_alias

curl \
  --basic \
  --user "key/pwd" \
  --request POST \
  --insecure \
  --verbose \
  https://opnsense.firewall/api/firewall/alias/reconfigure/test_ipv6_alias
And I've set type to external, I think it's better.
Title: Re: Alias API to replace address instead of append
Post by: OPNenthu on August 14, 2025, 12:56:44 AM
Is this for WireGuard?  If so, there is a built-in command in Settings->Cron called "Renew DNS for WireGuard on stale connections" that you could schedule.
Title: Re: Alias API to replace address instead of append
Post by: blusens on August 15, 2025, 12:41:42 AM
Quote from: OPNenthu on August 14, 2025, 12:56:44 AMIs this for WireGuard?  If so, there is a built-in command in Settings->Cron called "Renew DNS for WireGuard on stale connections" that you could schedule.

Thanks but no, I'm making this so that VLANs from different locations can freely connect to each other. i.e. (Site A-LAN) -> (Site B-managment VLAN). I've been using DHCPv6 reservations + aliases, but it's boring to create aliases+rules on each site and its easier with ipv6 subnets.
Text only | Text with Images