Bulk wireguard client config import?

Started by soupyfrood, August 03, 2021, 03:23:02 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 03, 2021, 03:23:02 AM
I've recently set up OPNsense and wanted to migrate my old client configuration to it.  I was hoping to not do so manually.  I have a feeling that I can't simply run "wg addconf" from the shell, in order to get a client configured properly in OPNsense's configuration for wireguard. 

Any suggestions?  Thanks.
August 03, 2021, 07:01:35 AM #1
No, this wont work. Only If you use it without all GUI features which might be the reason why you migrate to OPN
August 03, 2021, 07:09:44 PM #2
That's what I figured.  It also looks like the API isn't complete for this functionality.  api/wireguard/client/get
works as expected, but api/wireguard/client/addClient returns 501 Not Implemented.

I'm tempted by the thought of exporting a configuration xml for the whole system, manually editing the configuration in, and then importing, but I don't really want to deal with the fallout if I make a mistake and blow up my OPNsense install.
August 03, 2021, 07:26:58 PM #3
The API works, just use F12 in Browser and add a peer, it will shou you the correct syntax
August 04, 2021, 01:41:01 AM #4
Easier said than done, hah, that's well outside my experience.  If I hunt through the page source I can find stuff like this:
Code Select
    $("#grid-clients").UIBootgrid(
        {   'search':'/api/wireguard/client/searchClient',
            'get':'/api/wireguard/client/getClient/',
            'set':'/api/wireguard/client/setClient/',
            'add':'/api/wireguard/client/addClient/',
            'del':'/api/wireguard/client/delClient/',
            'toggle':'/api/wireguard/client/toggleClient/'
        }
    );
...which doesn't really tell me anything, since I know of those from the documentation.  https://docs.opnsense.org/development/api/plugins/wireguard.html

What I can say is that this works:
Code Select
curl -s -k -u $KEY:$SECRET https://$HOST/api/wireguard/client/get
And outputs something like this:
Code Select
{"client":{"clients":{"client":{"aaaaaaaa-aaaa-aaaa-aaaaaaaaaaaaaaaaa":"enabled":"1","name":"Test","pubkey":"asdasdasdasdasdasdasdasdasdasdsa","psk":"",
"tunneladdress":"192.168.2.2\/24":"value":"192.168.2.2\/24","selected":1}},"serveraddress":"","serverport":"","keepalive":""}}}}}

But this returns a 501 Not Implemented:
Code Select
curl -X port -d '' -k -u $KEY:$SECRET https://$HOST/api/wireguard/client/addClient

Even then, I don't know how to properly format the JSON input for the above.  If I try this:
Code Select
curl -X POST -d '{"client":{"enabled":"1","name":"Test","pubkey":"asdasdasdasdasdasdasdasdasdasdsa","psk":"","tunneladdress":"192.168.2.2\/24":"value":"192.168.2.2\/24","selected":1}},"serveraddress":"","serverport":"","keepalive":""}}}' \
-H "Content-Type: application/json" -k -u $KEY:$SECRET https://opnsense.fung.us/api/wireguard/client/addClient
... it returns:
Code Select
{"result":"failed"}


Anyways, I don't know enough about web application technology to look at this and know what to do, and I didn't really find enough OPNsense API examples in my searches to find some code to "borrow." :)
August 04, 2021, 06:56:26 AM #5
The GUI is only using the API, so this has to work some way, but noone said its easy enough to write small batch scripts (like with most API use cases)
Print
Go Up Pages1
User actions