Cannot make plugin to work.

This forum is for supporting the PFSense plugin and any internal scripts and services.
User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Cannot make plugin to work.

Post by Cubert »

The Automate system is looking at the location that the firewall was listed in. It then uses an agent (looking for the newest OS types) and runs several Powershell scripts in the PFSense script that comes with plugin. This script tells agent to make https requests to the end firewall on its "LAN" segment to the API using the account permissions you set. The API returns JSON data the we convert in to SQL and save in the database.

So the very first things to test is:

One is the firewall on the LAN side same network as agent running script?

Can you from that agent open the Firewall Web Config on port :443 using SSL?

Can you touch the API (Change $hostname, $myUser and $mypass to the correct values for this firewall)

https://$hostname/api/v1/firewall/alias?client-id=$MyUser&client-token=$MyPass

Did it return any data or an error?



If your credentials worked in the above https request then try script in debug mode.

When you select debug mode it will ask for an agent to run on, select agent in same location/network then in the MYCMD area of the selection box to execute script, use "SCAN" so that it triggers the Then section of our script.

The script will attempt to collect all the data about that firewall.

You will find script in the

scripts -> maintenance -> pfSense Manager Maintenance
Attachments
Screenshot 2022-04-01 100424.jpg
Screenshot 2022-04-01 100424.jpg (69.88 KiB) Viewed 21859 times

Dawid_FS
Posts: 19
Joined: Fri Feb 25, 2022 7:09 pm
2

Re: Cannot make plugin to work.

Post by Dawid_FS »

Hello,

I cheked it and here is reply to questions :

One is the firewall on the LAN side same network as agent running script?
YES
Can you from that agent open the Firewall Web Config on port :443 using SSL?
YES
Can you touch the API (Change $hostname, $myUser and $mypass to the correct values for this firewall)

https://$hostname/api/v1/firewall/alias?client-id=$MyUser&client-token=$MyPass

Did it return any data or an error?

Code: Select all

{"status":"unauthorized","code":401,"return":3,"message":"Authentication failed","data":[]}
I was trying different users with admin privileges and even on fresh pfsense instance, there is always the same error.

Please Advise.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Cannot make plugin to work.

Post by Cubert »

By default, pfSense API uses the same credentials as the webConfigurator. This behavior allows you to configure pfSense from the API out of the box, and user passwords may be changed from the API to immediately add additional security if needed.

After installation, you can navigate to System > API in the pfSense webConfigurator to configure API authentication. Please note that external authentication servers like LDAP or RADIUS are not supported with any API authentication method at this time.

To authenticate your API call, follow the instructions for your configured authentication mode:

Local Database (default)
Uses the same credentials as the pfSense webConfigurator. To authenticate API calls, simply add a client-id value containing your username and a client-token value containing your password to your payload.
This is the official how-to from the API documentation.

You need to validate the API setups as described here then using the URL I provided above in a browser keep testing until you get a proper status returned.

Auth errors say you have either a bad user name or pass with API access. Until you able to get a functional API with local direct access from browser the plugin will not be able to probe PFSense device.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Cannot make plugin to work.

Post by Cubert »

Also here is the office forum and support docs for the new PFSense plugin.

viewforum.php?f=79

It has all the ho-tos in it

Dawid_FS
Posts: 19
Joined: Fri Feb 25, 2022 7:09 pm
2

Re: Cannot make plugin to work.

Post by Dawid_FS »

Hello,

I was able to make API work using a link, looks like it's not working with the default user on pfsense. Once I create a new user it start working without any problem.
When I add a firewall to the plugin and enable scan - nothing is happening.

When I tried to run a script on an agent in the same location this is what I get :

The Script(6171) failed in the Else section at step 4. The reason:
Script: S6171 - Starting at Server Time: Thursday, April 14, 2022 1:36:59 PM
IF F5 ValueOne (P1): MYCMD Comparer (P2): 8 ValueTwo (P3): SCAN T: 0.2918057
L2 F70 Value (P1): MYFIREWALL Comparer (P2): 0 To (P3): Jump (P4): :WEHAVEFIREWALL T: 0.2928028
L3 F29 Message (P1): No Firewall provided. Exiting script T: 0.2928028
L4 F215 T: 0.2928028
Please Advise.

EDIT :

Plugin started working after the last changes I made with a new user. It take some time to work.

Post Reply

Return to “PFSense 4 LabTech”