OPNsense Forum

English Forums => Development and Code Review => Topic started by: MoeK on October 26, 2022, 12:29:10 pm

Title: API Wireguard "result": "failed"
Post by: MoeK on October 26, 2022, 12:29:10 pm

Hello,

I'm trying to create Wireguard users through the OPNsense API.
To automate it I'm using Ansible.

So I run this command to get all the users

Code: [Select]

- name: Get existing users
  ansible.builtin.uri:
    url: https://{{ fwhost }}/api/wireguard/client/searchClient   
    method: GET
    user: "{{ opnsense_key }}"
    password: "{{ opnsense_secret }}"
    force_basic_auth: true
    validate_certs: false
    return_content: false
  register: wgWhich is the same as

Code: [Select]

curl -k -u {{ opnsense_key }}:{{ opnsense_secret }} https://{{ fwhost }}/api/wireguard/client/searchClientIt is working fine and I get all infos for the users.

Now when I try to create users with the command:

Code: [Select]

- name: Create users
  ansible.builtin.uri:
    url: https://{{ fwhost }}/api/wireguard/client/addClient
    method: POST
    url_username: "{{ opnsense_key }}"
    url_password: "{{ opnsense_secret }}"
    force_basic_auth: true
    validate_certs: false
    return_content: true
    headers:
      Content-Type: application/json
    body_format: json
    body:
      enabled: true
      name: "{{ item.key }}"
      pubkey: "{{ keys }}"
      tunneladdress: "{{ item.value.tunneladdress }}"
  with_dict:
    - "{{ wireguard_users }}"
  register: resultThen I just get the message: "result": "failed"

I have not found any information on this error or how to use the API for Wireguard except this https://docs.opnsense.org/development/api/plugins/wireguard.html which is not very helpfull.

When run the curl command

Code: [Select]

curl -X POST -d '{"enabled”:"1",”name”:”test.user”,“pubkey“:“$key“,“tunneladdress“:“xxx.xxx.xxx.xxx/xx“}' -H "Content-Type: application/json" -k -u $key:$secret https://$IP/api/wireguard/client/addClientI get the same message {"result":"failed"}.

There is nothing to find in any log files, so what am I doing wrong?

Thank you in advance.

Title: Re: API Wireguard "result": "failed"
Post by: wrobelda on November 22, 2022, 12:20:38 am

Having same issue trying to toggle a firewall rule:

Code: [Select]

curl -k -u "user":"pass" "https://opnsense/api/firewall/filter/toggleRule/702cdc85-cf43-437a-9882-4beba77fb35c/0" -X POST -d ""
{"result":"failed"}%
This is same as in this example: https://docs.opnsense.org/development/api/plugins/firewall.html

The uuid is a correct one, I can do:

Code: [Select]

url -k -u key:pass "https:/opnsense/api/firewall/filter/getRule?uuid=702cdc85-cf43-437a-9882-4beba77fb35c"
and obtain a complete JSON with details.

Also getting same error with a simpler:

Code: [Select]

curl -k -u key:pass "https://opnsense/api/firewall/filter/toggleRule/702cdc85-cf43-437a-9882-4beba77fb35c/1"
How does one actually obtain some more meaningful reason for an error?

EDIT: my issue was due to the Firewall Plugin API only supporting rules that were added using its own UI; see https://github.com/opnsense/docs/pull/437

Title: Re: API Wireguard "result": "failed"
Post by: PJAU on January 04, 2023, 12:19:10 pm

Quote

When run the curl command

Code: [Select]

curl -X POST -d '{"enabled”:"1",”name”:”test.user”,“pubkey“:“$key“,“tunneladdress“:“xxx.xxx.xxx.xxx/xx“}' -H "Content-Type: application/json" -k -u $key:$secret https://$IP/api/wireguard/client/addClientI get the same message {"result":"failed"}.

There is nothing to find in any log files, so what am I doing wrong?

Thank you in advance.

I just hit this also; you need the following format:

Code: [Select]

curl -X POST -d '{"client":{"enabled”:"1",”name”:”test.user”,“pubkey“:“$key“,“tunneladdress“:“xxx.xxx.xxx.xxx/xx“}}' -H "Content-Type: application/json" -k -u $key:$secret https://$IP/api/wireguard/client/addClient
i.e: Wrap your existing code in an outer {"client": ... }

Title: Re: API Wireguard "result": "failed"
Post by: Geitjie on January 18, 2023, 07:10:55 am

Having the same issue when trying to add client to wireguard.

Quote from: PJAU on January 04, 2023, 12:19:10 pm

Quote

When run the curl command

Code: [Select]

curl -X POST -d '{"enabled”:"1",”name”:”test.user”,“pubkey“:“$key“,“tunneladdress“:“xxx.xxx.xxx.xxx/xx“}' -H "Content-Type: application/json" -k -u $key:$secret https://$IP/api/wireguard/client/addClientI get the same message {"result":"failed"}.

There is nothing to find in any log files, so what am I doing wrong?

Thank you in advance.

I just hit this also; you need the following format:

Code: [Select]

curl -X POST -d '{"client":{"enabled”:"1",”name”:”test.user”,“pubkey“:“$key“,“tunneladdress“:“xxx.xxx.xxx.xxx/xx“}}' -H "Content-Type: application/json" -k -u $key:$secret https://$IP/api/wireguard/client/addClient
i.e: Wrap your existing code in an outer {"client": ... }

Have tried adding {"client": ...} which also just returns , {"result":"failed"}

Title: Re: API Wireguard "result": "failed"
Post by: p_kn on April 29, 2023, 12:11:27 pm

I don't see the exact error, but I made a working example for adding wireguard clients to opnsense, including enabling them and restarting the service: https://github.com/pkoevesdi/wg-keygen-notrust/tree/opnsensebridge
Maybe that helps tracking down the issue.