Messages

Hi,
Is possible to have feature I know well from Mikrotik - WATCHDOG funtion???
It tests IP address on internet and when it is not reachable it restarts itself.
It also restarts itself in case of HW failure and makes some file to have data for diagonstics.

Does anybody know if this is possible on opnsense or is possible to use some freebsd utility ?

Thanks

Is there some option to do by some script anything for users in local manager?
When I save configuration - it is in XML. There is part in system tree in xml and it cointaints users...
Format is like this:
<user>
      <password>password</password>
      <scope>user</scope>
      <name>name</name>
      <descr>some descript</descr>
      <expires/>
      <authorizedkeys/>
      <ipsecpsk/>
      <otp_seed/>
      <email>some@some.xx</email>
      <uid>user id number</uid>
</user>
   
So is possible to have some import option to make xml file with this structure to add users?

Better is not to use Radius. In future they may need certificates, because it is school and there is now strong impact on security (EU GDPR)...

I need them to login to captive portal and later for more services.
They also will have access to gui to change passwords and other aspects.
Customer does not have any windows server to hold their users and need to use these users to connect to his wifi and needs to apply some filtering and proxy
I think is better to have them as local users because when they decide to use 2FA they could...

By shell is possible to add them by some batch ?

Is it usable for local system manager users?

a simple shell script adding one per row?
cat file.csv | while read line; do
c1=$(echo $line | cut -d',' -f1)
...
curl ... -H "Content-Type: application/json" --data "{json data}"
done;

I am sorry I do not much understand...I have .csv file and format of every row is:
username;e-mail;password;fullname
How will look whole script or where is command to add user?

I have PowerShell module by fvanroie and it only now connects to opnsense server by using api key and secret. Script he posted here is not adding any users. I tried to modify .csv file to only have password and username there and it did not helped.

So i do not know how to do it exactly...

Still, you could point a new Auth Server to the internal FreeRADIUS plugin and use it for system authentication.

I could do but there is still problem how to put all the users from csv file to system. It is the main problem...I have to put them all by hand now...or is another possibility ?

I know it. But customer do not want to use 2FA. So I need only users to put in. Is there any possibility to make script to add user to local user manager ? I mean not radius but normal users ?
I do not see in API reference any info about possibility to add user.
Is there some way ?

So I tested your script and connection to server works but adding user do not work. It simply does not add users.
Is there some other command I could run to add users? Or is there some problem with syntax? I tried to send commands directly and response was "failed".

Thanks for answer

Hi,
I have found problem itself - I have typed space " " in secret key, so the script showed errors. No I corrected this and connect works. I will prepare user import script and I hope it will do the work  ;)

Hi,
I have tried to use APi, but powershell shows errors when I want to connect to opnsense server:

Connect-OPNsense : Cannot process argument transformation on parameter 'Secret'. Cannot convert the "<secret code>" value of type "System.String" to type "System.Security.SecureString".
At line:2 char:149
+ ... 4Uq -Secret <secret code> ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Connect-OPNsense], ParameterBindingArgumentTransformationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Connect-OPNsense

When I try to use this function it also needs authentification and when i fill in login and password it is not accepting it...

What is needed to work with APi other than API key ?

Hi,
has anyone experience with some form of request for social login to captive portal?
Mainly to have option to log by account from Facebook or Google or twitter and so on...
Not two-factor, but just to use these social logins to access captive portal guest network and also the other effect is in likes and social data to web page which is usually interconnected with this solution...

Thanks for reply

Hi,
I have only excel table with names, mails and details.

They are in customers google education account - so they are all google accounts, but customer could not use two-factor authentication. So they are in google, but I have only exported table in excel...

Is there some way how to create them ?

Hi,
for one customer I need to add around 400 users to local user manager. These users will be used for captive portal. Is there some limit on it ? How much users could be in system ?

I have found that it is possible by XML configuration script which I restore, but only system part, where I manualy edit xml file and add user details...but it is not so comfortable...

Does anybody has some good advice how to add them by some script ? Or is there any option how to add them ?
I have them in Excel table with fields First Name, Surname, Mail and Password. Customers will accept mail as username and I put to all same password. Each user will then change their password by web gui.

Thanks for some reply..

Hi,
I have done security audit on version 18.1.12 and there is security vulnerabilty:

***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
libressl-2.6.5 is vulnerable:
OpenSSL -- Client DoS due to large DH parameter
CVE: CVE-2018-0732
WWW: https://vuxml.freebsd.org/freebsd/c82ecac5-6e3f-11e8-8777-b499baebfeaf.html

1 problem(s) in the installed packages found.
***DONE***

Versions on box:
OPNsense 18.1.12-amd64
FreeBSD 11.1-RELEASE-p11
LibreSSL 2.6.5

Is it Ok, or there will be some patch ?

Thanks for reply...