Configuring via ssh?

[Joe]

Hello,

is it possible to configure opnsense on the shell (when logged in via ssh?)

if so, how?

[franco]

Hi Joe,

Barely, you can start/stop services there, but it's all very rudimentary.

Some things can be done by editing /conf/config.xml, but doing that is highly discouraged.

What you are looking for is a (Cisco-like) command line interface (CLI), but that doesn't exist within the scope of OPNsense as it and its parents have focused and thrived on GUI-based configuration.

We're adding an API for features bit by by which mostly resembles REST. This is for GUI and external tools initially, but can also be used to program a pure CLI in the future, on the box itself or remotely.

Doing the API first delays CLI work, but the long-term benefits are worth it. The first CLI may be plausible within the timeframe of 17.1, which is a year from now. It depends on interest, help and funding, but we'll see.


Cheers,
Franco

[Joe]

I think API would be even better than CLI.

Do you have any pointer to the API? Don't need to be polished docs. Just something where I could start looking into it would be great!

[franco]

That sounds promising then.

Here's a little tutorial for API usage with focus on the authentication part:

https://wiki.opnsense.org/index.php/Howto_use_the_API

The API is fully available for traffic shaping, firmware upgrades, intrusion detection, proxy server, some diagnostics pages and (most likely) system health.

[Joe]

This looks promising.

But it works only with the webgui accessible?

I am looking for a way to configure from the WAN side without exposing the webgui to the WAN.

So the idea was to log in via ssh to do the config

[franco]

Hi Joe,

You can port forward through SSH and not expose the API to the WAN. It's relatively easy...

Code: [Select]

LocalForward 443 127.0.0.1:443

Cheers,
Franco