search

ndejong / pfsense_fauxapi

REST based API interface for pfSense 2.3.x and 2.4.x to facilitate devops
Apache License 2.0
354 stars 61 forks source link

https timeout issue with FauxAPI #48

Closed nomodz4real closed 5 years ago

nomodz4real commented 5 years ago

I have a simple example that is simply trying to print a config_get() and I get the following error.

requests.exceptions.ConnectionError: HTTPSConnectionPool(host='192.168.1.1', port=443): Max retries exceeded with url: /fauxapi/v1/?action=config_get& (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f6871baeba8>: Failed to establish a new connection: [Errno 110] Connection timed out'))

Code is below

#!/usr/bin/python
import os, sys, json
from PfsenseFauxapi.PfsenseFauxapi import PfsenseFauxapi

def usage():
    print()
    print('usage: ' + sys.argv[0] + ' <host>')
    print()
    print('pipe JSON output through jq for easy pretty print output:-')
    print(' $ ' + sys.argv[0] + ' <host> | jq .')
    print()
    sys.exit(1)

if(len(sys.argv) != 2) or not os.getenv('FAUXAPI_APIKEY') or not os.getenv('FAUXAPI_APISECRET'):
    usage()

# config
fauxapi_host=sys.argv[1]
fauxapi_apikey=os.getenv('FAUXAPI_APIKEY')
fauxapi_apisecret=os.getenv('FAUXAPI_APISECRET')

FauxapiLib = PfsenseFauxapi(fauxapi_host, fauxapi_apikey, fauxapi_apisecret, debug=True)

# system_stats
# =============================================================================
print(FauxapiLib.system_stats())

Checking the system logs even with debug set to true I have no indication the script was even able to reach the firewall and I don't see drops from my machine.

I checked and the time for the pfsense server and my machine are within 60 seconds of each other, let me know if any other info is needed to help with this.

ndejong commented 5 years ago

Hmm - the error looks to be a strong hint here - are you sure your pfsense instance is located at address 192.168.1.1 on port 443 ? Perhaps check with curl or a browser first

nomodz4real commented 5 years ago

Ahh, good point, is there a way to specify the port to communicate on?

Edit: I found the way to reference the port when calling PfsenseFauxapi()

nomodz4real commented 5 years ago

I was able to get past the port issue (I believe) by doing the following:

fauxapi_host=sys.argv[1]
fauxapi_apikey=os.getenv('FAUXAPI_APIKEY')
fauxapi_apisecret=os.getenv('FAUXAPI_APISECRET')
fauxapi_port=sys.argv[2]

FauxapiLib = PfsenseFauxapi(fauxapi_host, fauxapi_port, fauxapi_apikey, fauxapi_apisecret, debug=True)

where sys.argv[2] is the port number my pfsense listens on. Having done so I no longer get the timeout but get the following error. Not sure if the way I refer to the port is incorrect or if my pfsense running http with a self signed cert is the issue.

OSError: Could not find a suitable TLS CA certificate bundle, invalid path: 3yU3jutN7X258YpRtsTA13CAKY2NTN872Is02EXqKGz3l27AF4S5XTIQEhRn

Any ideas?

Edit: Unsure why the first code is not formatting correctly, so apologies. also the path is my key so perhaps the port variable 'fauxapi_port' is in the wrong place, gonna try and play around with that.

nomodz4real commented 5 years ago

Looking at the code base I didn't see a way to specify the port so I set my pfsense back to 443 for now, I will raise a separate issue for the port specification parameter capabilities.

The program is able to contact the server with the following code:

FauxapiLib = PfsenseFauxapi(fauxapi_host, fauxapi_apikey, fauxapi_apisecret, debug=True)

But I am now getting an authentication failed message, I made sure to try exporting my environment variables as follows:

export FAUXAPI_APIKEY=PFFAapi
export FAUXAPI_APISECRET=3yU3jutN7X258YpRtsTA13CAKY2NTN872Is02EXqKGz3l27AF4S5XTIQEhRn

Here is the error I receive.

PfsenseFauxapi.PfsenseFauxapi.PfsenseFauxapiException: ('Unable to complete system_stats() request', {'callid': '5cf3049c7b523', 'message': 'authentication failed'})
ndejong commented 5 years ago

You should be able to specify the port as part of the host after a : mark as per standard URL formats - fair enough though, this is not stated in the documentation anywhere so unless it occurs to you it might be difficult to discover it

For example:-

pfsense_address = '192.168.1.1'
pfsense_port = 12345
fauxapi_host = '{}:{}'.format(pfsense_address, pfsense_port)

For the sake of future people reading this thread - there is currently no fauxapi_port parameter in the pfsense-fauxapi Python library - https://github.com/ndejong/pfsense_fauxapi_client_python

I'll hold out on #49 for the time being unless there is a major issue I'm not seeing myself.

nomodz4real commented 5 years ago

Thanks for that update, I closed out #49 as your suggestion worked perfectly.

I am going to close this issue out now as my authentication issue was resolved by properly formatting the api key in addition to the secret.

I used echo PFFAhead /dev/urandom | base64 -w0 | tr -d /+= | head -c 20``

for the key and echohead /dev/urandom | base64 -w0 | tr -d /+= | head -c 60``

for the secret per the documentation and am now able to get a response and returns to my calls. Thanks for all the help @ndejong !

Tl;Dr My issue was due to not specifying the correct port and how to do this was shown above and I am now up and running.