Messages

1

Virtual private networks / Re: ProtonVPN + Wireguard + NAT-PMP

« on: November 19, 2024, 06:10:52 pm »

Hey, all. I'm not sure if this meets your needs, but I wrote a little script that grabs the forwarded port from protonvpn and syncs it with OPNsense and qBittorrent. It's been keeping everything running perfectly for me for over a year. Hope it helps! https://github.com/clajiness/qbop

2

Tutorials and FAQs / Re: How to modify port forwarding rules via API

« on: June 22, 2024, 06:00:42 am »

What are you trying to modify, specifically? If you're trying to update the forwarded port (which seems the likely case), set an alias and update that.

Here's some Ruby code I wrote a while back to get the job done. This class can grab the UUID of the alias, find the value, set it to whatever you like, and then apply it.

Good luck!

Code: [Select]

module Service
  class Opnsense
    def get_alias_uuid(config)
      uri = URI("#{config['opnsense_interface_addr']}/api/firewall/alias/getAliasUUID/#{config['opnsense_alias_name']}")

      # Create client
      http = Net::HTTP.new(uri.host, uri.port)
      http.use_ssl = true
      http.verify_mode = OpenSSL::SSL::VERIFY_NONE

      # Create Request
      req =  Net::HTTP::Get.new(uri)
      req.basic_auth config["opnsense_api_key"], config["opnsense_api_secret"]

      # Fetch Request
      res = http.request(req)
      JSON.parse(res.body)["uuid"]
    rescue StandardError => e
      @logger.error("get_alias_uuid - HTTP Request failed - (#{e.message})")
    end

    def get_alias_value(config, uuid)
      uri = URI("#{config['opnsense_interface_addr']}/api/firewall/alias/get")

      # Create client
      http = Net::HTTP.new(uri.host, uri.port)
      http.use_ssl = true
      http.verify_mode = OpenSSL::SSL::VERIFY_NONE

      # Create Request
      req =  Net::HTTP::Get.new(uri)
      req.basic_auth config["opnsense_api_key"], config["opnsense_api_secret"]

      # Fetch Request
      res = http.request(req)

      alias_content = JSON.parse(res.body).dig("alias", "aliases", "alias", uuid, "content")
      alias_content.values[0]["value"].to_i
    rescue StandardError => e
      @logger.error("get_alias_value - HTTP Request failed - (#{e.message})")
    end

    def set_alias_value(config, forwarded_port, uuid)
      uri = URI("#{config['opnsense_interface_addr']}/api/firewall/alias/setItem/#{uuid}")

      # Create client
      http = Net::HTTP.new(uri.host, uri.port)
      http.use_ssl = true
      http.verify_mode = OpenSSL::SSL::VERIFY_NONE
      body = {"alias": {"content": forwarded_port}}.to_json

      # Create Request
      req =  Net::HTTP::Post.new(uri)
      # Add headers
      req.basic_auth config["opnsense_api_key"], config["opnsense_api_secret"]
      # Add headers
      req.add_field "Content-Type", "application/json; charset=utf-8"
      # Set body
      req.body = body

      # Fetch Request
      http.request(req)
    rescue StandardError => e
      @logger.error("set_alias_value - HTTP Request failed - (#{e.message})")
    end

    def apply_changes(config)
      uri = URI("#{config['opnsense_interface_addr']}/api/firewall/alias/reconfigure")

      # Create client
      http = Net::HTTP.new(uri.host, uri.port)
      http.use_ssl = true
      http.verify_mode = OpenSSL::SSL::VERIFY_NONE

      # Create Request
      req =  Net::HTTP::Post.new(uri)
      # Add headers
      req.basic_auth config["opnsense_api_key"], config["opnsense_api_secret"]

      # Fetch Request
      http.request(req)
    rescue StandardError => e
      @logger.error("apply_changes - HTTP Request failed - (#{e.message})")
    end
  end
end


3

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: May 30, 2024, 10:04:42 pm »

For the sake of having another data point, I figured I'd report back. I ran the opnsense-revert command, restarted the service, and everything works perfectly.

Thanks much for everything! It's much appreciated.

4

24.1 Legacy Series / Re: Duplicate and growing number of entries in Universal Plug and Play: Status

« on: May 30, 2024, 05:39:04 pm »

Will the updated code be included in 24.1.9? Also, thank you!

5

24.1 Legacy Series / Re: UPnP sessions are not being cleared from the status table

« on: April 17, 2024, 03:43:20 am »

Disregard. A user on reddit showed me this issue: https://github.com/opnsense/plugins/issues/3831.

Thanks much!

6

24.1 Legacy Series / Re: UPnP sessions are not being cleared from the status table

« on: April 16, 2024, 06:45:16 pm »

I've confirmed that this is the case for both my xbox and ps5. The ps5 definitely used to clear its entry when it shut down. Now both device's entries pile up and require manual removal.

No big deal, I assume, but it'd be nice if the table reflected the actual state of UPnP.

7

24.1 Legacy Series / Re: UPnP sessions are not being cleared from the status table

« on: April 16, 2024, 05:18:28 pm »

I've scanned the port, and it doesn't seem to be open. Then again, it doesn't seem to be open even when the xbox is on. I guess I'm more curious as to why the rows aren't removed anymore when the port is closed.

8

24.1 Legacy Series / UPnP sessions are not being cleared from the status table

« on: April 15, 2024, 10:19:51 pm »

Hi, all. I noticed that in the UPnP status table, my previous sessions are not being cleared. I know this used to happen, but I haven't checked in a while, so I'm not sure when this current behavior began.

Could this possibly mean that the port is not being closed when the XBOX is turned off?

Anyone else seeing the the same or similar behavior?

For reference, I'm on 24.1.5_3.

Thanks much!

9

24.1 Legacy Series / Re: capacitive portal -> sessions displays invalid date

« on: March 13, 2024, 02:19:24 pm »

+1, I noticed the same issue.

10

24.1 Legacy Series / Re: Crowdsec Daemon is stopping at 1am (sometimes)

« on: March 08, 2024, 06:39:16 pm »

Add me to the list, too. Preemptive thanks to whomever figures out a fix!

11

23.7 Legacy Series / Re: [solved] PIA Wireguard Tunnel

« on: November 28, 2023, 12:17:06 am »

Glad you're up and running. The fact that you're using a 3rd party script would be useful info next time.

12

23.7 Legacy Series / Re: PIA Wireguard Tunnel

« on: November 27, 2023, 11:46:59 pm »

Did you use the FingerlessGlov3s script to set up your tunnel? If so, it looks like the maintainer released an update to support a change made in 23.7.8.

https://github.com/FingerlessGlov3s/OPNsensePIAWireguard/releases/tag/23.7.8-1

13

Virtual private networks / Re: Suggestions for VPN with port forwarding

« on: September 18, 2023, 05:15:44 am »

PIA absolutely supports port forwarding outside of the app. https://helpdesk.privateinternetaccess.com/kb/articles/manual-connection-and-port-forwarding-scripts-for-linux

If you want a better alternative (imo), I’m currently using ProtonVPN via WireGuard, and port forwarding works perfectly. I wrote a little script to handle natpmpc, but it’s really straightforward otherwise. https://protonvpn.com/support/port-forwarding-manual-setup/

So ya, I used this (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) with the info above, and my proton connection has been rock solid.

Good luck!

14

23.7 Legacy Series / Re: Question about enabling RSS

« on: August 09, 2023, 09:40:35 pm »

I think this best explains why we still see "direct" under Configuration -> Dispatch policy: https://forum.opnsense.org/index.php?topic=24409.msg118244#msg118244

15

23.7 Legacy Series / Re: Question about enabling RSS

« on: August 09, 2023, 08:36:22 pm »

Plus if you look at the workstreams you will see that you have 8 of each of them associated to every single CPU.

Got it. I was (obviously) a bit confused given that Dispatch policy under Configuration was still shown as direct. I see an opportunity to update the docs a bit.

Anyway, thanks so much! I appreciate the reply!