OPNsense Forum

English Forums => General Discussion => Topic started by: Joe on December 17, 2015, 09:02:27 pm

Title: Configuring via ssh?
Post by: Joe on December 17, 2015, 09:02:27 pm
Hello,

is it possible to configure opnsense on the shell (when logged in via ssh?)

if so, how?
Title: Re: Configuring via ssh?
Post by: franco on December 22, 2015, 08:46:08 am
Hi Joe,

Barely, you can start/stop services there, but it's all very rudimentary.

Some things can be done by editing /conf/config.xml, but doing that is highly discouraged.

What you are looking for is a (Cisco-like) command line interface (CLI), but that doesn't exist within the scope of OPNsense as it and its parents have focused and thrived on GUI-based configuration.

We're adding an API for features bit by by which mostly resembles REST. This is for GUI and external tools initially, but can also be used to program a pure CLI in the future, on the box itself or remotely.

Doing the API first delays CLI work, but the long-term benefits are worth it. The first CLI may be plausible within the timeframe of 17.1, which is a year from now. It depends on interest, help and funding, but we'll see. :)


Cheers,
Franco
Title: Re: Configuring via ssh?
Post by: Joe on December 22, 2015, 01:09:02 pm
I think API would be even better than CLI.

Do you have any pointer to the API? Don't need to be polished docs. Just something where I could start looking into it would be great!
Title: Re: Configuring via ssh?
Post by: franco on December 22, 2015, 02:07:25 pm
That sounds promising then. :)

Here's a little tutorial for API usage with focus on the authentication part:

https://wiki.opnsense.org/index.php/Howto_use_the_API

The API is fully available for traffic shaping, firmware upgrades, intrusion detection, proxy server, some diagnostics pages and (most likely) system health.
Title: Re: Configuring via ssh?
Post by: Joe on December 25, 2015, 11:43:29 pm
This looks promising.

But it works only with the webgui accessible?

I am looking for a way to configure from the WAN side without exposing the webgui to the WAN.

So the idea was to log in via ssh to do the config
Title: Re: Configuring via ssh?
Post by: franco on January 09, 2016, 12:33:19 am
Hi Joe,

You can port forward through SSH and not expose the API to the WAN. It's relatively easy...

Code: [Select]
LocalForward 443 127.0.0.1:443

Cheers,
Franco