Messages

... I wrote the code in OPNsense, there is a chance I know what it's for  ;)

Both endpoints serve a different purpose, the util endpoint is effectuated immediately, the other one only changes the configuration content and needs a different payload (just look in the user interface how it should look, like suggested earlier).

I think I understand now how it works.
Don't get me wrong: I'm very grateful for all the work you and OPNSense team have done so far and all I want is to help as I can.
But I can't understand why you won't accept there is a BUG here: there is an endpoint which doesn't work in specific conditions... period. This is the basic definition of a BUG. And the fact that the error message is wrong too doesn't help either.

So I'll summarize the bug (maybe you misunderstood or I wasn't clear enough):
- I have an empty alias (an alias with no items)
- I try to add a new item to the alias by using alias_util endpoint (from both API and UI)
- I send a request with the address item (API), or I fill the form field with a valid IP address (UI).
- From UI and API, I got an error saying: Entry "" is not a valid hostname or IP address (note that the address disappeared during process).
- If I do the same with an alias containing at least 1 item, the exact same steps works.

The only reason I will agree that this is not a bug would be if the alias_util endpoint is going to disappear in the next releases and is only there for testing purposes.

P.S: Happy New Year!

It's actually pretty simple, if it works in the browser, the same call will also work using the api.
A simple example using python, looks like this:

Code Select Expand


import requests

key='my_key'
secret='my_secret'

endpoint = "https://[host]/api/firewall/alias_util/add/bogons"
r = requests.post(url=endpoint, auth=(key, secret), json={'address': '0.0.0.0/8'})
print (r.status_code, r.text)


Which will add 0.0.0.0/8 to the alias named bogons.

Yes, but the current UI doesn't use the same endpoint. The default UI, /ui/firewall/alias use a different endpoint.
And I can confirm your code doesn't works if the the alias is empty when you try to add a new address.

I tried curl and PostMan, same in both. Adding one address in manually through the UI lets the API work immediately so its not that big a deal (in my opinion).

You're right, but you need to use the correct UI: /ui/firewall/alias and not /api/firewall/alias_util

Sorry I didn't know there was another alias UI.
But I get the exact same error in this GUI.
Also, if I revert the alias type from Network to Host, I got two errors (here with {address:"192.168.0.50}):
{
    "errorMessage": "[OPNsense\\Firewall\\Alias:aliases.alias.2684d3af-6af4-4248-934f-6035a668489a.content] Entry \"\" is not a valid hostname or IP address.\n[OPNsense\\Firewall\\Alias:aliases.alias.2684d3af-6af4-4248-934f-6035a668489a.content] Entry \"192.168.0.50/32\" is not a valid hostname or IP address.\n",
    "errorTitle": "An API exception occured"
}

Also, if the address was missing in my request, the response should be {status: failed}

@AdSchellevis

I see that the address is missing, yet it was set in my request.
My point is: for the exact same post request, it works when there is already an address in the alias list, but it doesn't when the list is empty.
The UI use a different command: http://192.168.0.1/api/firewall/alias/setItem/<alias_uuid>, and define the whole alias list in the same request (with {"alias:{..., "content":"<address>"}}).

Best

Thanks AdSchellevis.

I've been able to make it work by setting the alias type as Network instead of Host.
But then I noticed another issue: if the alias is empty, it's not possible to add an address.
This is the error I get:
{ errorMessage:
         '[OPNsense\\Firewall\\Alias:aliases.alias.bdb02887-c1c8-4c28-a337-dd833a55e704.content] Entry "" is not a valid hostname or IP address.\n',
        errorTitle: 'An API exception occured'
}
When there is at least one address in the alias, it work.

Hi,

I'm trying to add an IP to an alias list through API. So I POST to http://192.168.0.1/api/firewall/alias_util/add/<MY_ALIAS_NAME
with these datas:
address:192.168.0.200

But all I get is an error:
{
    "errorMessage": "[OPNsense\\Firewall\\Alias:aliases.alias.bdb02887-c1c8-4c28-a337-dd833a55e704.content] Entry \"192.168.0.200/32\" is not a valid hostname or IP address.\n",
    "errorTitle": "An API exception occured"
}
Did I do something wrong? Or is the API not ready yet?

Tout d'abord merci pour vos réponses et désolé d'y répondre si tard.
Quelques précisions sur ma config:
Nous avons 2 box, une freebox configurée en bridge (WAN1), avec une IP fixe fournie par le FAI, et une box 4G Bouygues (WAN2), en mode routeur, avec une IP externe dynamique.
La Freebox est prioritaire, la box 4G n'est utilisée que si la freebox tombe (avec une Failover donc), ou pour certaines machines, via des règles de pare-feu.
L'interface WAN1 récupère une IP via un DHCP (celui du FAI donc), l'interface WAN2 a une IP fixe pour se connecter à la box 4G (car elle est en mode routeur).
Les ping vers les box fonctionnent à priori.
Pour les logs, je ne sais pas dans lequel chercher...

Bonjour à tous,

Je viens d'installer un serveur sous OPNsense et je dois dire que je suis très séduit par l'interface!

J'ai configuré une connection multi-WAN avec un failover, en utilisant le how-to de la doc, et ça fonctionne sans problème.

Enfin presque: le firewall lui-même n'accède pas a Internet. Je m'en suis rendu compte en essayant de lancer la mise à jour du firmware qui se termine systématiquement par un "Connection Error".
Ce qui est étrange, c'est que j'arrive à résoudre google.com via traceroute dans le shell, mais quand j'essaie de faire un ping sur l'adresse ainsi obtenue je n'ai rien qui répond (host is down).

Tous les ordinateur connectés sur le firewall n'ont aucun soucis pour accéder au net...

Code Select Expand


root@OPNsense:/ # ping google.com
PING google.com (216.58.208.238): 56 data bytes
ping: sendto: Host is down

root@OPNsense:/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=59 time=17.083 ms

root@OPNsense:/ # traceroute google.com
traceroute to google.com (216.58.208.238), 64 hops max, 40 byte packets

root@OPNsense:/ # ping 216.58.208.238
PING 216.58.208.238 (216.58.208.238): 56 data bytes
ping: sendto: Host is down


Voilà, si quelqu'un à une idée, voire même une solution je suis preneur.

Merci ;)