Messages

Ich habe nochmal versucht, das User-Interface nachzubauen mit diesem Aufruf, aber unverändertem Ergebnis:

Code Select Expand

curl -k -s -v  -u $key:$secret $URL/dhcpv4/leases/searchLease   -H 'content-type: application/json;charset=UTF-8'
 --data-raw '{"current":1,"rowCount":-1,"sort":{"starts":"desc"},"searchPhrase":"","inactive":true,"selected_interfaces":[]}'


Hallo zusammen,
ich habe mir vor Monaten ein Shellscript zusammengebastelt, das über curl allerlei Informationen aus der Sense holt und mit `jq` aufbereitet. Im Dezember hat das auch funktioniert und Dateien erzeugt. Ich hatte einen speziellen API-User mit der Berechtigung All pages  eingerichtet und dessen API-Key verwendet.

Jetzt habe ich dieses Skript mal wieder laufen lassen und bekomme keinerlei Output. Auch keinen Fehler.

Das script sieht auszugsweise so aus:

Code Select Expand


export key=txxxxxxF
export secret=ddkkkkkkkkkkkkkkkkkkkkkkkkkk
##
export URL=https://opnsense.fm174.intern/api

echo "dhcp"
curl -k -s -u $key:$secret $URL/dhcpv4/leases/searchLease  | \
    jq '.rows |.[] |= del (.starts, .ends, .status, .cltt) |[.[] | to_entries | sort_by (.key) | from_entries] | sort_by(.mac)' \
    >  ${OUTDIR}/opnsense/dhcp/v4_leases.json


Das produziert jetzt keine Daten, auch nicht, wenn ich die Weiterleitung nach jq weglasse:

Ich kann das auch am bash-Prompt reproduzieren:

Code Select Expand

# erst einmal die exports wie im shell-script ...


# dann

curl -k -vv   -u $key:$secret $URL/core/firmware/status


ergibt:

Code Select Expand

*   Trying [2a00:6020:4023:8c80:6662:66ff:fe22:6ed0]:443...
* Connected to opnsense.fm174.intern (2a00:6020:4023:8c80:6662:66ff:fe22:6ed0) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: C=DE; ST=NRW; L=Erftstadt; O=Klamann IT-Beratung; CN=*.fm174.intern
*  start date: Nov 29 14:19:15 2024 GMT
*  expire date: Dec 31 14:19:15 2025 GMT
*  issuer: C=DE; ST=NRW; L=Erftstadt; O=Klamann IT-Beratung; CN=Klamann-Root-CA 202411
*  SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway.
* using HTTP/2
* Server auth using Basic with user 'txxxxxx'
* h2h3 [:method: GET]
* h2h3 [:path: /api/core/firmware/status]
* h2h3 [:scheme: https]
* h2h3 [:authority: opnsense.fm174.intern]
* h2h3 [authorization: Basic xxxxxxxx
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x564b18e83780)
> GET /api/core/firmware/status HTTP/2
> Host: opnsense.fm174.intern
> authorization: Basic xxxxxxxx
> user-agent: curl/7.88.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 200
< server: Caddy
< content-length: 0
< date: Thu, 15 May 2025 07:22:59 GMT
<
* Connection #0 to host opnsense.fm174.intern left intact


Ich habe meine Aufrufe auch mit der Dokumentation abgeglichen und keine Änderungen entdeckt. Ich bin seit März auf

OPNsense 25.1.3-amd64
FreeBSD 14.2-RELEASE-p2
OpenSSL 3.0.16

Hat irgend jemand von Euch eine Idee ?

Vielen Dank schon mal !

Norbert

Late, but ...

This works as user css

Code Select Expand

#Services > a[href="#Services_DHCRelay"]{
    display: none !important
}
#Services > a[href="#Services_CaptivePortal"]{
    display: none !important
}



I have a similar problem as in this  old bug https://github.com/opnsense/core/issues/5752

I made shure that I indeed selected the override.  I also pressed the refresh button in the detail form.

And i am shure that the alias 'npm' exists for this override because it works . I just want to delete it and use several others.

Is there a workaround with the command line ?

[UODATE] User Error, wrong Override selected

Just use the docs:

https://docs.opnsense.org/troubleshooting/webgui.html

Thanks a lot ! That is by far the simplest solution.And it works too  ;-)

Login with ssh or on the console and select option 13 (Restore a backup)?

Unfortunately the change was a long time ago and this is quite risky because it would overwrite any changes.

In theory I just have to simulate

System: Settings: Administration: SSL Certificate

But how ?

Hello all,
i created a root ca and a pem outside of opnsense and managed to botch my Opnsense Web UI.

Edge complains with the helpful ERR_SSL_PROTOCOL_ERROR

Librewolf (FF Fork ) says SSL_ERROR_INTERNAL_ERROR_ALERT

curl -k from an other linux box  works


How can I roll back to the defaults ?

I tried

Code Select Expand

configctl webgui restart renew


But nothing changed .

Many thanks for any pointer !

Norbert

Hello all,
I want to use a self-signed certificate for the OPNSense WebGUI, but certified with another CA. I did an upload of the certificate and it shows up in the list.

But it is not 'in use' . (see screenshot) What do I have to do so that the webserver uses this certificate ?

Thanks for any hints

Norbert

Hello all,
I would like to make some some services (which I do not use at the moment) invisible in the browser (I use librewolf/firefox) .
I presume some kind of CSS or browse hack is in order ....

Does anyone have a tip for me ?

Thanks a lot

Norbert

Ich finde das auch schon in kleineren Netzen schwierig.

Ich suche nach einem Überblick, der die existirenden Regeln erst mal klar anzeigt und habe dabei mit dem API experimentiert. Ist ein ziemlich wildes  gehampel.

Aber vielleicht ist es am besten ,

Code Select Expand

/tmp/rules.debug zu parsen.

Das ist die Wahrheit über den Status quo in einer Datei.Und da sieht man auhc schön, wo man noch aliase definieren sollte.

Much simpler indeed. And of course you are right about the possible consequences.

To install packages  from the FreeBSD universe to your opnsense box the script from this quite verbous medium article works.
https://medium.com/@mihakralj/the-direct-route-installing-freebsd-packages-on-opnsense-d002ac0c56b8

It can be used like this:

Code Select Expand


./opnsense_sideload.sh  <packagename>


I attached the script for convenience, make shure it has LF as Linfeed.

HTH
Norbert

This here works (more or less)

Code Select Expand


curl -k -s -u $key:$secret $URL/firewall/filter/get_rule?5ddcbf1f0688962629f1a2166ba2ab0c

and gives with this jq

Code Select Expand


jq '. | to_entries |.[].value["action","interface","direction","ipprotocol","protocol","gateway","categories"][] |= select(.selected == 1).value| .[].value'

this result

Code Select Expand


{
  "enabled": "1",
  "sequence": "1",
  "action": {
    "pass": "Pass"
  },
  "quick": "1",
  "interface": {},
  "direction": {
    "in": "In"
  },
  "ipprotocol": {
    "inet": "IPv4"
  },
  "protocol": {
    "any": "any"
  },
  "source_net": "any",
  "source_not": "0",
  "source_port": "",
  "destination_net": "any",
  "destination_not": "0",
  "destination_port": "",
  "gateway": {
    "": "None"
  },
  "log": "0",
  "categories": {},
  "description": ""
}


Hello all,
subject says it. I look for the way to get the current firewall rules as a json data set.

I cant get a list of all rule ids with

Code Select Expand

url -k -s -u $key:$secret $URL/diagnostics/firewall/listRuleIds | jq

But of course I want the details for each rule.

Can anyone give me a hint, please ?

Thank you

Norbert

Sorry, the JSON I pasted was not valid. Thanks to substack I got the solution.

Given a valid JSON snippet we can do

Code Select Expand


.hosts.host |to_entries |.[].value["rr" ][] |= select(.selected == 1)


Details see here :https://jqplay.org/s/rZxB3W0tMB_b

The substack answer is here https://stackoverflow.com/a/78340508/153578