Topics

Hi:

I've imported my ca and certificates for openvpn. Now, the question: as I migrated all openvpn servers to openvpn instances, I can not specify a crl file on custom config parameters. The only way I find to update crl automatically is setting a hourly cronjob to fetch crl from Distributionpoints extension within CA. Of course, I don't have Distributionpoints on my CA's. So.... humm. is there a way to manage crl by API ??? I didn't find it on documentation. And I would not rebuild CA, because.... that's not fun.
So how to manage automatically revocation ???

thanks for your answers.

Hi,
I migrated old openvpn servers (25.1) to new openvpn instances (25.7.4). And I'm not able to attribute ip address depending on their CommonName anymore, it has always worked before migration. Openvpn just attribute first available IP.

Please help.
regards.

Hi ALL,
Is that possible to put in place some web access profiles by active directory groups ?

regards.

Hi:
I'm fighting for hours to add a firewall rule on, lets say, openvpn interface.

Code Select Expand

def add_firewall_rules(cn):
    payload = {
          "rule":{
              "interface": "openvpn",
              "type": "pass",
              "direction": "in",
  "quick": "1",
              "ipprotocol": "inet",
              "protocol": "TCP/UDP",
              "source": {
                  "address": cn + "_net"
                },
              "enabled": "1",
              "destination": {
                  "address": cn + "_openvpn_host",
                  "port": cn + '_port',
                },

             "description": cn + 'fw1'
               }
            }
result=add_firewall_rules(cn)
    print(result)
this's a very basic example. The API gives me an valid answers such like:

Code Select Expand

'result': 'saved', 'uuid': 'f2d28fb8-84a8-4f9c-a049-6f0ee2755e9c'}that's fine. But, the added rule is not visible on GUI interface. I'm looking for it for hours but it's invisible.
I'm able to find it on confi.xml file but on another paragraph.

for example:
here's visible firewall rule on conf.xml:
under:  opensense->flter->

But the mine are under:  opensense -> OPNsense -> Firewall -> <Filter version="1.0.4"> -> rules

So... humm.... I tried to get my rule with;

https://mystrangeopnsense.doctor.strange.somewhere/api/firewall/filter/get_rule/f2d28fb8-84a8-4f9c-a049-6f0ee2755e9c
and I get it.
So my question is: why is it invisible on GUI ??

Hi,

I'm trying to add a ports list to an alias by API

Code Select Expand

def add_client_dstport_alias(cn, cn_ports):
    payload = {
        "alias": {
            "type": "port",
            "enabled": "1",
            "name": cn + '_port',
            "description": cn,
            "content": "8,18",
            "proto": "",
            "updatefreq": "",
            "counters": "0",
            "categories": ""
        }
    }
    return api_post('/api/firewall/alias/addItem', payload)and I got en error:
Entry "8,18" is not a valid port number
I tried different ways to add ports, such like a port range: 8-18, and I got same error. But if I add just one port by API, it works. If I add the other ports on GUI by hand, evreything goes well.

Please help me

regards

Hi,
After reading API documentations, It seems that there's no way to manage CRL list by API ? is that correct ? is so, How can I do that by scripting something? I scripted a dirty python script to play with config.xml file for OTP usage. But I don't think that's very recommended.

Thanks for your helps

Hi,
I've about 850 users to import from Active Directory to opnsense in order to play with openvpn + AD + TOTP authentcation.

Actually, I'm able to import just one single user which works fine. but it there a simple way to import 850 users ( Yeah, I can do it by clicking on cloud) AND generate TOTP token for each of them?

I plan to play with xml config file and restore it with a python script, but it's not very clean, and I've to reboot opnsense to import the new xml config file. Because I didn't find a way to do the job with API....

thanks for your helps.