OPNsense Forum
English Forums => General Discussion => Topic started by: Joe on December 17, 2015, 09:02:27 pm
-
Hello,
is it possible to configure opnsense on the shell (when logged in via ssh?)
if so, how?
-
Hi Joe,
Barely, you can start/stop services there, but it's all very rudimentary.
Some things can be done by editing /conf/config.xml, but doing that is highly discouraged.
What you are looking for is a (Cisco-like) command line interface (CLI), but that doesn't exist within the scope of OPNsense as it and its parents have focused and thrived on GUI-based configuration.
We're adding an API for features bit by by which mostly resembles REST. This is for GUI and external tools initially, but can also be used to program a pure CLI in the future, on the box itself or remotely.
Doing the API first delays CLI work, but the long-term benefits are worth it. The first CLI may be plausible within the timeframe of 17.1, which is a year from now. It depends on interest, help and funding, but we'll see. :)
Cheers,
Franco
-
I think API would be even better than CLI.
Do you have any pointer to the API? Don't need to be polished docs. Just something where I could start looking into it would be great!
-
That sounds promising then. :)
Here's a little tutorial for API usage with focus on the authentication part:
https://wiki.opnsense.org/index.php/Howto_use_the_API
The API is fully available for traffic shaping, firmware upgrades, intrusion detection, proxy server, some diagnostics pages and (most likely) system health.
-
This looks promising.
But it works only with the webgui accessible?
I am looking for a way to configure from the WAN side without exposing the webgui to the WAN.
So the idea was to log in via ssh to do the config
-
Hi Joe,
You can port forward through SSH and not expose the API to the WAN. It's relatively easy...
LocalForward 443 127.0.0.1:443
Cheers,
Franco