Messages

I also wrote one too last month but in python. It automatically merges the isc static leases into the kea reservation section by reading the array of json objects into the xml sub-elements of ElementTree. It also checks if u have a subnet uuid.


https://github.com/patrick0525/Python-Opn-isc-kea

@randyg503
It does not. I wrote the script on 24.1.2 before they released  kea csv import/export functionality. My use case was to move the current isc static leases into kea reservations. It assumes u have a working kea dhcp with one kea reservation created. No export/import needed since it automatically does the merges into a newly created merge.xml. Ur original config-OPNsense*.xml is never modified.

On 02252024, I made changes and now it supports a command line argument.

Install Python3 ( I installed python 3.12.1 on my W11 desktop)

>>>  python3  opnsense_isc_to_kea_reservations.py  <your_config-OPNsense*.xml>
Note: I regex check ur opnsense config file name format.

The migrated changes are in merge.xml

https://github.com/patrick0525/Python-Opn-isc-kea

If u enable kea,  move one of the vlans to a kea reservation, save the new config and then diff the orig config vs the new kea config , u will see what actually moved with kea enabled.

The script looks at the contents of
['dhcpd']['lan']['staticmap'] and essentially copies the contents into the kea section
['reservations'] starting as ['reservation uuid']

U will see what I migrated by running:

opnsense_isc_to_kea_reservations.py config-OPNsense.localdomain-20240218111111.xml

Diff the merge.xml and config-OPNsense.localdomain-20240218111111.xml


It does not do vlans but it something I can look into.
I am not familiar with vlans but tell me what you want to migrate from and to.
I need xml tags or gators🐊 and your sanitized config-OPNsense*.xml file.

Also, I  need to know what the final populated xml should look like.

Updated the repo to support a command line argument.
Just copy the *.py into the config directory and
run on your  config-OPNsense*.xml

python opnsense_isc_to_kea_reservations.py [config-OPNsense*.xml]

Having the same wireguard issues with too.

@ miracuru
A new release. Put the config-OPNsense*.xml and  *.py in the same directory and run. No more more  cutting and pasting files. It is converted automatically by the Python script. I also will call u out if your config-OPNsense*.xml has no valid kea reservation or a missing kea subnet uuid.

I updated https://github.com/patrick0525/Python-Opn-isc-kea
The merged config is called merge.xml
The original config is never touched.

Code Select Expand

# OPNsense admin: copy OPNsense_isc_to_kea_reservations.py and the two input_file
# into a directory
# input_file: current set to config-OPNsense.localdomain-20240218111111.xml
# input_file: config-OPNsense.localdomain-20240218000000.xml
#
# >>>> python3 OPNsense_isc_to_kea_reservations.py
#
# >>>>>> TO MODIFY YOUR OPNsense CONFIG <<<<<<
# OPNsense admin: Search [ADD YOUR CONFIG] and change input_file and add
# your config-OPNsense.localdomain-2024*.xml
#
# merge_file: merge.xml

["fully automatic"]

@miracuru

I am putting the final touches to the "fully automatic" isc-to-kea (static leases to reservations) conversion. From a confg-OPNsenseIsc.xml that has all your isc-dhcp static leases,

you need to do the following:
disable isc-dhcp,
enable kea-dhcp (make sure it works),
Create one valid working kea reservation (only one)
and save as config-OPNsenseKea,xml.

Modify and run the *,py program to read config-OPNsenseKea,xml.
(I edit and run the windows version of python312 on notepad++)

The result is a merge.xml. Restore opnsense to merge.xml.  It has ISC-dhcp is disabled, the original static leases, KEA-dhcp is enabled and the new pool of reservations merged/translated from ISC-dhcp static leases.

Last night, I restored to the merge.xml and there were new kea reservations.
Stay tune for the new github repo.


pew-pew!

Done.
Converts all opnense isc-dhcp static lease devices to an opnsese kea-dhcp reservations format
It will read/process an existing config-OPNsense.xml that contains isc-dhcp data and output a kea-dhcp .xml that needs to be cut and paste into ur existing config-OPNsense.xml

A sample pre-populated isc-dhcp config-OPNsense.xml is provided for testing.


https://github.com/patrick0525/Python-Opn-isc-kea

@miracuru
I finally got the conversion of  opnsense isc  static lease to opnsense kea reservation working.
It was a one line change  to my original posted script.
I will post it tomorrow on GitHub.

From the opnsense config .xml
The python script reads a cut&paste that contains the isc dhcp static lease. Need to add ur subnet uuid to the python code prior to execution.

Code Select Expand


<dhcpd>
    <lan>
      <enable>1</enable>
      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
      <numberoptions>
        <item/>
      </numberoptions>
      <range>
        <from>10.59.11.200</from>
        <to>10.59.11.245</to>
      </range>
      <winsserver/>
      <dnsserver/>
      <ntpserver/>
      <staticmap>
        <mac>a1:b1:c1:d1:e1:f1</mac>
        <ipaddr>10.59.11.100</ipaddr>
        <hostname>DAD-DESKTOP</hostname>
        <descr>DAD-DESKTOP</descr>
        <winsserver/>
        <dnsserver/>
        <ntpserver/>
      </staticmap>
        <staticmap>
        <mac>a2:b2:c2:d2:e2:f2</mac>
        <ipaddr>10.59.11.101</ipaddr>
        <hostname>MOM-DESKTOP</hostname>
        <descr>MOM-DESKTOP</descr>
        <winsserver/>
        <dnsserver/>
        <ntpserver/>
      </staticmap>
    </lan>
  </dhcpd>


And writes a file that contains the conversion to kea dhcp reservations:

Code Select Expand


          <reservation uuid="c7495e59-000b-4bf3-b083-0d35f099e946">
            <subnet>4e3016b1-b603-44bd-a361-b33c44333c98</subnet>
            <ip_address>10.59.11.100</ip_address>
            <hw_address>a1:b1:c1:d1:e1:f1</hw_address>
            <hostname>DAD-DESKTOP</hostname>
            <description>DAD-DESKTOP</description>
          </reservation>
          <reservation uuid="c82430df-45c7-4d9b-b11b-22f228af7e02">
            <subnet>4e3016b1-b603-44bd-a361-b33c44333c98</subnet>
            <ip_address>10.59.11.101</ip_address>
            <hw_address>a2:b2:c2:d2:e2:f2</hw_address>
            <hostname>MOM-DESKTOP</hostname>
            <description>MOM-DESKTOP</description>
          </reservation>


Here is the link to GitHub for the .xml conversion of pfsense isc-dhcp static lease to opnsense kea-dhcp reservation info.

https://github.com/patrick0525/Python-Pf-isc-Opn-kea
Run the Python code with sample pfsense .xml data.

@miracuru
I wrote python code (windows) that will generate random uuid per device and saves the output  to abc.txt
Just modify the the directory path of the output_file
>>> python3 uuid3.py

Code Select Expand


import uuid
output_file = open(r'C:\Users\patri\Documents\python\abc.txt', 'w')

devices =  ["dev1", "dev2","dev3"]
for x in devices:
    u = uuid.uuid4()
    print(x, ": ",u)
    #output_file.writelines(x, ": ",u)
    output_file.writelines(f"{'':>10}{x}{":  "}{u}{"\n"}")
# Close file
output_file.close()

# Checking if the data is written to file or not
output_file = open(r'C:\Users\patri\Documents\python\abc.txt', 'r')   
print("Read the saved file:  \n")
print(output_file.read())
output_file.close()


Code Select Expand


abc.txt
          dev1:  298007e3-2244-42cc-a9d7-bcf15b6d6de0
          dev2:  8b59170a-b013-46d5-bb3e-31c6529b7299
          dev3:  a22907f6-0e6c-4779-bf2a-7794c72f1c8f


I wrote a python program that takes my pfsense isc-dhcp static lease and converts it into a opnsense kea dhcp reservations xml format. I had 40+ pfsense static leases that I didn't want to  re-enter into the opnsense gui. The python script uses uuid4 , a random generated uuid and has a hyphen format. I will try to upload to a GitHub repo. Stay tune.

I am currently using a vpn via Wireguard. It works great.
Zenarmor is assigned to the lan. What should Suricata (IDS)  be assigned to : the wan or the wireguard_interface?
Under the IDS advanced mode, do I need to modify home networks? The helps says  "Networks to interpret as local", what does that mean?