Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Configuring via ssh?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Configuring via ssh? (Read 8319 times)
Joe
Newbie
Posts: 23
Karma: 0
Configuring via ssh?
«
on:
December 17, 2015, 09:02:27 pm »
Hello,
is it possible to configure opnsense on the shell (when logged in via ssh?)
if so, how?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Configuring via ssh?
«
Reply #1 on:
December 22, 2015, 08:46:08 am »
Hi Joe,
Barely, you can start/stop services there, but it's all very rudimentary.
Some things can be done by editing /conf/config.xml, but doing that is highly discouraged.
What you are looking for is a (Cisco-like) command line interface (CLI), but that doesn't exist within the scope of OPNsense as it and its parents have focused and thrived on GUI-based configuration.
We're adding an API for features bit by by which mostly resembles REST. This is for GUI and external tools initially, but can also be used to program a pure CLI in the future, on the box itself or remotely.
Doing the API first delays CLI work, but the long-term benefits are worth it. The first CLI may be plausible within the timeframe of 17.1, which is a year from now. It depends on interest, help and funding, but we'll see.
Cheers,
Franco
Logged
Joe
Newbie
Posts: 23
Karma: 0
Re: Configuring via ssh?
«
Reply #2 on:
December 22, 2015, 01:09:02 pm »
I think API would be even better than CLI.
Do you have any pointer to the API? Don't need to be polished docs. Just something where I could start looking into it would be great!
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Configuring via ssh?
«
Reply #3 on:
December 22, 2015, 02:07:25 pm »
That sounds promising then.
Here's a little tutorial for API usage with focus on the authentication part:
https://wiki.opnsense.org/index.php/Howto_use_the_API
The API is fully available for traffic shaping, firmware upgrades, intrusion detection, proxy server, some diagnostics pages and (most likely) system health.
Logged
Joe
Newbie
Posts: 23
Karma: 0
Re: Configuring via ssh?
«
Reply #4 on:
December 25, 2015, 11:43:29 pm »
This looks promising.
But it works only with the webgui accessible?
I am looking for a way to configure from the WAN side without exposing the webgui to the WAN.
So the idea was to log in via ssh to do the config
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Configuring via ssh?
«
Reply #5 on:
January 09, 2016, 12:33:19 am »
Hi Joe,
You can port forward through SSH and not expose the API to the WAN. It's relatively easy...
Code:
[Select]
LocalForward 443 127.0.0.1:443
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Configuring via ssh?