SMS Notification or Authentication or managing Router by sms commands?

[opnsense_user12123]

Would be great to have Features like SMS Notification or Authentication or managing Router by sms command.
A few years ago i used smstools (Linux based) for sending Messages to my server to Start or end scripts or Services or just be notificated by command about certain informations. All possible by phone. I used an huawei usb device on the server which sends and receives messages from my phone. Managing the Server was only possible if the command came from my phone number and using a password and of course only with specific predefined messages from my phone that run linux commands. using a bash script which translates my messages sent by phone into Linux commands made this possible.

Only an idea!

[fabian]

Managing the Server was only possible if the command came from my phone number and using a password and of course only with specific predefined messages from my phone that run linux commands.

Are you sure? SMS is plain text and the sender can be set to anyone and at least GSM should be possible to decrypt to get your password.

[opnsense_user12123]

Managing the Server was only possible if the command came from my phone number and using a password and of course only with specific predefined messages from my phone that run linux commands.

Are you sure? SMS is plain text and the sender can be set to anyone and at least GSM should be possible to decrypt to get your password.

At least it would be great if it would be possible to do a 2 factor authentication by sms for the admin account. at least for WAN remote connection authentication.

[franco]

You can use 2FA with SSH which is supported by every smartphone (not sure about iOS but hey!). We have a number of backend commands you can run, though it heavily depends on your use case.

The command to list the commands is:

# configctl configd actions


Cheers,
Franco

[theq86]

not sure about iOS but hey!

iOS has some very sophsticated ssh clients including support for keypairs.

Some SSH advice:

- prohibit password authentication, use keys
- if you expose the SSH port to the world, change it to a not well-known port
- I prefer exposing ONLY my VPN ports (also on non standard port numbers) and connect to ssh via VPN (although SSH itself uses a secured connection)

[franco]

Indeed, I jumped on the 2FA train here too quickly. Keys are recommended over passwords.

[opnsense_user12123]

web gui access per sms token. that would be great !

[franco]

Why SMS token when you can have a TOTP app? Are you worried about NTP attacks?

[opnsense_user12123]

Time-based One-Time Password is really ok.

Actually, my thought on this post was that I was looking for an real alternative to connect to my router or to the home network if internet connection is down and there is no dual wan.

for example. send an sms command and the router restarts itself or restarts any service.....
That was the idea behind. -> of course as you said, this would have some safety disadvantages!

but SMS Notification should be possible without any safety problem. or am i wrong ?

[franco]

Ah, now I understand. If you use a 3G card in your router, you have a second line for a WAN. That gives you direct access, unless the mobile is down, but what are the odds that SMS keeps working but mobile data doesn't in a stationary deployment?


Cheers,
Franco

[opnsense_user12123]

Ah, now I understand. If you use a 3G card in your router, you have a second line for a WAN. That gives you direct access, unless the mobile is down, but what are the odds that SMS keeps working but mobile data doesn't in a stationary deployment?


Cheers,
Franco

for example. you are not at home. but you need access to you router or your lan at home. and the wan connection does not work. you can´t get in.

sometimes it is enough to restart the router or a service on the router to get wan connection working again. but the problem is, you are not at home at that time and still want to reboot or restart any service to get access again.

That's where sms controlling comes into play!
->SEND SMS to the router and the router restarts or restarts a service!!

USB_ModeSwitch is a tool for switching any usb data modem into gsm mode. its avaible for linux, bsd and so on.

then use for example Gammu for sending or recieving sms (there a many tools out there)
https://wammu.eu/gammu/

an then make a script like that:
https://hardy0700.wordpress.com/2016/07/16/raspi-3-huawei-3531-sms-server/

and you are done!

it would be really great to have such an option.

[opnsense_user12123]

what do you think?

[franco]

USB_ModeSwitch is a tool for switching any usb data modem into gsm mode. its avaible for linux, bsd and so on.

I happen to be the maintainer for usb_modeswitch in FreeBSD.

then use for example Gammu for sending or recieving sms (there a many tools out there)
https://wammu.eu/gammu/

an then make a script like that:
https://hardy0700.wordpress.com/2016/07/16/raspi-3-huawei-3531-sms-server/

and you are done!

Sounds good.


Cheers,
Franco

[opnsense_user12123]

I happen to be the maintainer for usb_modeswitch in FreeBSD.

brilliant! :-)

My suggestion is just an idea.

Of course if there is any security concern, then such a feature should not be implemented!

But ideas may give rise to even better ideas. :-)

thx

[fvanroie]

Of course if there is any security concern, then such a feature should not be implemented!

But ideas may give rise to even better ideas. :-)

What you can do is setup a small client or single board computer that has the required SMS features and talk to your OPNsense server via the REST api. Restarting services or your firewall should be quite trivial to automate in a script.