OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • How to export OpenVPN config using the API?
« previous next »
  • Print
Pages: [1]

Author Topic: How to export OpenVPN config using the API?  (Read 546 times)

dataprolet

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
How to export OpenVPN config using the API?
« on: July 22, 2024, 12:32:29 pm »
I can't wrap my head around the API to export an OpenVPN config.

I have created an OpenVPN instance, which has an ID (e. g. "12345678-1234-123a-a123-12a34b56c78d") and a description (e. g. "my-test-vpn"). I also created a user which has all "effective privileges" and an API key. Now I'm trying the following command:

curl -k -X POST "{$url}/api/openvpn/export/download" \
    -u "{$key}:{$secret}" \
    -H "Content-Type: application/json" \
    -d '{"vpnid": "12345678-1234-123a-a123-12a34b56c78d" , "certref": "my-test-vpn"}' \
    -o config.ovpn

This returns a file containing:
{"status":401,"message":"Authentication Failed"}

I followed these instructions:
https://docs.opnsense.org/development/api.html
https://docs.opnsense.org/development/api/core/openvpn.html

Is the vpnid even the right thing and what is the certref? I really don't get how to use this. Can somebody please help me?
« Last Edit: July 22, 2024, 12:42:30 pm by dataprolet »
Logged

dataprolet

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: How to export OpenVPN config using the API?
« Reply #1 on: July 23, 2024, 03:04:19 pm »
Took me a day to figure this out, because the official documentation of the API is horrible.

You need a little more than just a simple curl:
Code: [Select]
/usr/bin/curl -s -k --location ${url}/api/openvpn/export/download/${vpnid}/${certref} \
    -u "$key":"$secret" \
    --header 'Content-Type: application/json' \
    --data "{\"openvpn_export\":{\"servers\":\"$vpnid\",\"template\":\"PlainOpenVPN\",\"hostname\":\"${ip}\",\"local_port\":\"${port}\",\"random_local_port\":\"1\",\"p12_password\":\"\",\"p12_password_confirm\":\"\",\"validate_server_cn\":\"1\",\"cryptoapi\":\"0\",\"auth_nocache\":\"0\",\"plain_config\":\"\"}}"
You can get the $vpnid from /api/openvpn/instances/search and the $certref from /api/openvpn/instances/get under "cert" (it a 13-letter ID).

This will return a file that contains the config encoded in base64.

The trick was to inspect the download button in the GUI and retreive the actual API call from there. Thanks to the kind user "Monviech" from IRC.
« Last Edit: July 23, 2024, 03:06:58 pm by dataprolet »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17746
  • Karma: 1620
    • View Profile
Re: How to export OpenVPN config using the API?
« Reply #2 on: July 23, 2024, 03:06:28 pm »
> because the official documentation of the API is horrible.

Thanks and feel free to help improve it. ;)


Cheers,
Franco
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Virtual private networks »
  • How to export OpenVPN config using the API?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2