Topics

1

Development and Code Review / Appliance Distribution and Continious Integration

« on: October 21, 2019, 03:51:26 pm »

Hi!

I have started to work on  Ansible support and I would like to implement some kind of continuous integration.

The obvious would be to test test playbooks against code changes and new versions of Ansible and OPNSense, to ensure that nothing breaks, etc.

I could start OPNSense with Vagrant, and try to run unit tests against it.

Is there a Virtual Appliance distribution? I think I saw it somewhere.

2

Development and Code Review / Ansible Support for OPNSense?

« on: September 22, 2019, 10:56:21 am »

Hi!

I would like to adopt an OpenSource router/firewall that can be managed from Ansible, as we already manage everything in our network that way.

Ansible has made a lot of work on the Network device configuration front but still there seems to be no support for a product like OPNSense.

I have found 2 modules in gitlab which configure OPNSense with Ansible. The ansible mofule for HAProxy, developed by @mj84 which was announced in this forum and another module by @fpieters that I found in Github.

They both follow different strategies. one seems to use Ansible XML plugins to compose an XML file that is eventually installed in OPNSense. The other uses the REST api to modify objects in OPNSense, but unfortunately is limited to the HAProxy functionality.

I was wondering if there is a way to provide complete support to OPNSese configuration from Ansible in a generic, and easy to implement way. Perhaps using the previous 2 projects as reference.

I am not familiar with OPNSense development but I am familiar with Ansible development as I did some bindings and ansible module work for OpenNebula.

Looking at the intro in the OPNSense REST API there seems to be generic enough, with calls following the format:

https://opnsense.local/api/<module>/<controller>/<command>/[<param1>/[<param2>/...]]

Ansible has also introduced NETCONF which also seems to be generic client for network devices configuration, with SOAP envelopes but generic get-set statements inside.

The question I am wondering is then weather a generic bridge from NETCONF to OPNSense API could be (easily) developed and whether that would work well enough to develop a good base that covers most OPNSense configuration options.

Before trying to put together a small prototype, I was wondering a few things:

I was wondering if anybody else is working, or interested in working on this.

I am assuming that a NETCONF-RESTAPI bridge would be installed in OPNSense, perhaps as an optional module.

I am not sure with Language should be used for this, but looking at the Development Documentation I see some mentions to Python that should be easy and fit for the job.

I guess integration for the authentication system would also be required, but perhaps there is already python code capable of this.

I was also wondering if there are mockups for the RESTAPI that would facilitate the development.

Any commends or ideas regarding OPNSense and Ansible?

3

16.7 Legacy Series / Wireless Bridge: WPA: EAPOL-Key timeout

« on: September 08, 2016, 05:42:50 pm »

Hi!

I am new to OPNSense, in fact, I am trying to migrate our network from PFSense.

For user access devices we have been using VLAN bridged with WIFI Access point, which we find convenient in this case.

So I am creating a bridge for an VLAN and WIFI access point interfaces. Only the Bridge interface has an IP, and rungs DHCP server, etc.

It seems to be working fine for some devices, however, with some others I get: WPA: EAPOL-Key timeout

I have been searching and reading old threads about this issue in other projects:

Some threads suggested testing without WPA, which I did, and then the bridge seems to work on all devices.

Other threads suggest that the client drivers might be incomplete/outdated, but this very same configuration is working just fine with the PFSense router, which I think is a related project.

My problem is that I dont know how to dig deeper here. What to debug or try.

Any idea what could be going wrong?