[solved] Send radius configuration files from an external server.

Started by sens_ible, October 08, 2017, 08:43:38 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
October 11, 2017, 05:38:43 PM #15
I have just set up a fresh system. Seems this is a great opportunity to prepare a How-To enable api access from the scratch ;-)

I will open a new thread and when the access to the API problem is solved, I can focus on the RADIUS configuration again.

Thanks for all the support I have received so far.

To be continued ...
October 12, 2017, 06:49:31 AM #16
Finally, the api calls work fine.

I will use mimugmails curl statements in a script and so I will be able to do an automatic management of radius subscribers.

Maybe it is worth mentioning the root cause for the problems I encountered before.

I started with the configuration of a WAN interface and I was connected to the appliance via the WAN interface. Even after a fresh install I found myself locked-out unexpectedly again somewhere in the course of configuration.

It seems that upon activation of a LAN interface, the default non-lockout rules (allow incoming port 80 and 443) are automatically removed from the WAN interface and established on the LAN interface. Hence, further login attempts from the WAN interface (and the api calls of course) will fail. After manually adding the rules on the WAN interface again, also the api calls worked as expected.

If someone else can confirm this, maybe one should consider a correction in one of the next versions of OPNsense.

Anyway, thanks a lot for all the support. And after it is working, I really appreciate these api calls. A great tool to manage all aspects of your firewall automatically.
October 12, 2017, 09:36:54 AM #17
You shouldn't have anti lockout rules on the WAN. Just create a static rule allowing your external static IP. Then there wont be anything removed when enabling LAN
Print
Go Up Pages 1 2
User actions