Scroll down to you see "Effective Privileges", you want to give it the following permissions.Now the user is created we can give its permissions and generate an API key pair.Scroll right to the bottom and click "Save".Password leave empty and tick "Generate a scrambled password to prevent local database logins for this user.".Create new user called something on the lines of "WireguardAPI",.HTTPS WebUI enabled (System: Settings: Administration -> Protocol: HTTPS).Enable Secure Shell, Permit root user login and Permit password login (System: Settings: Administration -> Secure Shell) this can be reverted once the tunnel is working.OPNsense 22.7 onwards (prior versions not tested).Allows rotation of PIA server on a user defined schedule, create a cron job and add "changeserver" to the parameters.Maintains connection to a PIA server (encase PIA server goes down) default check is every 5 minutes.Creates WireGuard Interface in OPNsense.It will create Wireguard Instance(Local) and Peer(Endpoint) on your OPNsense set up automaticly, it'll then maintain the tunnel to keep it up and connected. I can now successfully perform a GET (not the best choice) to /api/wireguard/service/reload which updates the configuration without causing an outage.This script automates the process of getting Wireguard set up on OPNsense to connect to PIA's NextGen Wireguard servers. $response = $backend->configdRun("wireguard reload") usr/local/opnsense/scripts/OPNsense/Wireguard/setup.sh Īnd an additional function to /usr/local/opnsense/mvc/app/controllers/OPNsense/Wireguard/Api/ServiceController.php: The /usr/local/etc/rc.d/wireguard already supports a "reload" option, which uses the wg syncconf option, which allows you to update a particular interfaces configuration without any noticeable hit to traffic.īy adding the following section to /usr/local/opnsense/service/conf/actions.d/actions_nf:
It appears that a full restart of the service is taking place, causing interfaces to be removed and recreated etc, then all of the VPN peers need to re-connect after this, which can take from seconds to a couple of minutes depending on if you have Endpoint addresses defined on both sides of the connection. Currently when hitting the "Save" button under either Servers or Clients tabs, or calling the equivalent "reconfigure" API call, a traffic outage is caused to all VPN connections, even if there were no changes to the configuration.
0 kommentar(er)
