OPNsense integration with Home Assistant

Travis Glenn Hansen

Last update: Jan 3, 2023

Related tags

Hardware home-automation opnsense hass home-assistant hassio hassio-integration opnsense-firewall

Overview

hass-opnsense

Join OPNsense with home-assistant!

hass-opnsense uses the built-in xmlrpc service of OPNsense for all interactions. This project is currently a proof-of-concept and may fail to work at any time.

Initial development was done againt OPNsense 21.7 and home-assistant 2021.10.

installation

This integration currenlty replaces the built-in opnsense integration which only provides device_tracker functionality, be sure to remove any associated configuration for the built-in integration before installing this replacement.

To use the integration you must first login to the console of your filewall and execute the following:

sh
cat << 'EOF' > /usr/local/etc/inc/xmlrpc/hass.inc
<?php
function xmlrpc_publishable_hass()
{
    return array(
        "exec_php_xmlrpc",
        "exec_shell_xmlrpc"
    );
}

function exec_php_xmlrpc($code)
{
    eval($code);
    if ($toreturn)
    {
        return $toreturn;
    }
    return true;
}

function exec_shell_xmlrpc($code)
{
    mwexec($code);
    return true;
}

EOF
chown root:wheel /usr/local/etc/inc/xmlrpc/hass.inc
chmod 644 /usr/local/etc/inc/xmlrpc/hass.inc

Add the repo to your hacs installation or clone the directory manually. Once the integration is installed be sure to restart hass and refresh the UI in the browser.

configuration

Configuration is managed entirely from the UI using config_flow semantics. Simply go to Configuration -> Integrations -> Add Integration and search for OPNsense in the search box.

OPNsense

System -> Advanced -> Max Processes - set it 5 or more.
If using a non admin user account ensure the user has the System - HA node sync privilege. Note that this privilege effectively gives the user complete access to the system via the xmlrpc feature.

config

URL - put the full URL to your OPNsense UI (ie: https://192.168.1.1), supported format is <scheme>://<ip or host>[:<port>]
Verify SSL Certificate - if the SSL certificate should be verified or not (if you get an SSL error try unchecking this)
username - the username to use for authentication (ie: root)
password - the password to use for authentication
Firewall Name - a custom name to be used for entity naming (default: use the OPNsense hostname)

options

Scan Interval (seconds) - scan interval to use for state polling (default: 30)
Enable Device Tracker - turn on the device tracker integration using OPNsense arp table (default: false)
Device Tracker Scan Interval (seconds) - scan interval to use for arp updates (default: 60)

entities

Many entities are created by hass-opnsense for stats etc. Due to to volume of entities many are disabled by default. If something is missing be sure to review the disabled entities as what you're looking for is probably there.

binary_sensor

carp status (enabled/disabled)
system notices present (the bell icon in the upper right of the UI)

device_tracker

ScannerEntity entries are created for the OPNsense arp table. Disabled by default. Not only is the feature disabled by default but created entities are currently disabled by default as well. Search the disabled entity list for the relevant mac addresses and enable as desired.

Note that by default FreeBSD/OPNsense use a max age of 20 minutes for arp entries (sysctl net.link.ether.inet.max_age). You may lower that using System -> Advanced -> System Tunables if desired.

sensor

system details (name, version, ~~temp~~, boottime, etc)
pfstate details (used, max, etc)
cpu details (average load, frequency, etc)
mbuf details
memory details
filesystem usage
interface details (status, stats, pps, kbs (time samples are based on the Scan Interval (seconds) config option))
gateways details (status, delay, stddev, loss)
carp interface status
~~dhcp stats (total, online, and offline clients)~~

switch

All of the switches below are disabled by default.

filter rules - enable/disable rules
nat port forward rules - enable/disable rules
nat outbound rules - enable/disable rules
services - start/stop services (note that services must be enabled before they can be started)

services

service: opnsense.close_notice
data:
  entity_id: binary_sensor.opnsense_localdomain_pending_notices_present
  # default is to clear all notices
  # id: <some id>

service: opnsense.file_notice
data:
  entity_id: binary_sensor.opnsense_localdomain_pending_notices_present
  notice: "hello world"

service: opnsense.system_halt
data:
  entity_id: binary_sensor.opnsense_localdomain_pending_notices_present

service: opnsense.system_reboot
data:
  entity_id: binary_sensor.opnsense_localdomain_pending_notices_present

service: opnsense.start_service
data:
  entity_id: binary_sensor.opnsense_localdomain_pending_notices_present
  service_name: "dpinger"

service: opnsense.stop_service
data:
  entity_id: binary_sensor.opnsense_localdomain_pending_notices_present
  service_name: "dpinger"

service: opnsense.restart_service
data:
  entity_id: binary_sensor.opnsense_localdomain_pending_notices_present
  service_name: "dpinger"
  # only_if_running: false

service: opnsense.send_wol
data:
  entity_id: binary_sensor.opnsense_localdomain_pending_notices_present
  interface: lan
  mac: "B9:7B:A6:46:B3:8B"

Comments

Error enabling device tracker

Hi @travisghansen

Many thanks for this plugin. I have installed it (along with the corresponding opnsense plugin) and am getting the non device_trackerentities coming through, as expected.

However, wen trying to save after clicking "Enable Device Trackers" in the configuration options, I get a socket timeout error:

2022-01-01 06:25:59 ERROR (MainThread) [aiohttp.server] Error handling request
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/aiohttp/web_protocol.py", line 435, in _handle_request
    resp = await request_handler(request)
  File "/usr/local/lib/python3.9/site-packages/aiohttp/web_app.py", line 504, in _handle
    resp = await handler(request)
  File "/usr/local/lib/python3.9/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 60, in security_filter_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/forwarded.py", line 98, in forwarded_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 28, in request_context_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 78, in ban_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 181, in auth_middleware
    return await handler(request)
  File "/usr/src/homeassistant/homeassistant/components/http/view.py", line 137, in handle
    result = await result
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 215, in post
    return await super().post(request, flow_id)
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 62, in wrapper
    result = await method(view, request, *args, **kwargs)
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 110, in post
    result = await self._flow_mgr.async_configure(flow_id, data)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 252, in async_configure
    result = await self._async_handle_step(flow, cur_step["step_id"], user_input)
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 325, in _async_handle_step
    result: FlowResult = await getattr(flow, method)(user_input)
  File "/config/custom_components/opnsense/config_flow.py", line 195, in async_step_init
    return await self.async_step_device_tracker()
  File "/config/custom_components/opnsense/config_flow.py", line 237, in async_step_device_tracker
    arp_table := await self.hass.async_add_executor_job(
  File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 489, in get_arp_table
    response = self._exec_php(script)
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 64, in inner
    response = func(*args, **kwargs)
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 97, in _exec_php
    response = self._get_proxy().opnsense.exec_php(script)
  File "/usr/local/lib/python3.9/xmlrpc/client.py", line 1116, in __call__
    return self.__send(self.__name, args)
  File "/usr/local/lib/python3.9/xmlrpc/client.py", line 1458, in __request
    response = self.__transport.request(
  File "/usr/local/lib/python3.9/xmlrpc/client.py", line 1160, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/local/lib/python3.9/xmlrpc/client.py", line 1173, in single_request
    resp = http_conn.getresponse()
  File "/usr/local/lib/python3.9/http/client.py", line 1371, in getresponse
    response.begin()
  File "/usr/local/lib/python3.9/http/client.py", line 319, in begin
    version, status, reason = self._read_status()
  File "/usr/local/lib/python3.9/http/client.py", line 280, in _read_status
    line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
  File "/usr/local/lib/python3.9/socket.py", line 704, in readinto
    return self._sock.recv_into(b)
  File "/usr/local/lib/python3.9/ssl.py", line 1241, in recv_into
    return self.read(nbytes, buffer)
  File "/usr/local/lib/python3.9/ssl.py", line 1099, in read
    return self._sslobj.read(len, buffer)
socket.timeout: The read operation timed out

Saving other configuration options (e.g. Scan Interval) works fine. The issue only appears with enabling device trackers.

I have tried repeatedly (including restarting opnsense/home assistant etc), but the error persists. I am using OPNSense version 21.7.7 and Home Assistant 2021.12.7.

Can you help by pointing me in the right direction to enable device trackers.

Many thanks!

EDIT: I am using root user to login to OPNsense.

opened by smar000 51

Unable to connect error code is [%key:common::config_flow::error::cannot_connect%]

Im unable to connect my OPnsense to my Homeassistant using your integration.

Both HA and OPNsense are virtualized, i can access the OPNsense ui from the IOT net (192.168.40.1/24), but the integration fails.

opened by blockcrafter21 26

OPNsense triggered a report issue

Hi Travis,

OPNsense told me to submit a reported issue (I didn't submit it) regarding a bunch of these:

[02-Dec-2021 01:26:52 Europe/Rome] PHP Warning:  Illegal string offset 'vip' in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8
[02-Dec-2021 01:27:04 Europe/Rome] PHP Warning:  Illegal string offset 'vip' in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8
[02-Dec-2021 01:27:16 Europe/Rome] PHP Warning:  Illegal string offset 'vip' in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8
[02-Dec-2021 01:27:28 Europe/Rome] PHP Warning:  Illegal string offset 'vip' in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8
[02-Dec-2021 01:27:40 Europe/Rome] PHP Warning:  Illegal string offset 'vip' in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8

This evening I was configuring some things and tried adding a Virtual IP for a new device I installed, I deleted the VIP afterwards, but I suspect something went wrong when I added it on the component's side.

If you need other info let me know...thanks...

opened by alexdelprete 23

Auth errors in OPNsense logs

Hi Travis,

the component is working fine, but I have a lot of these errors in opnsense log:

The user hass in opnsense is in the admins group. I also tried assigning the XMLrpc Library privilege, that grants access to the xmlrpc.php endpoint, and the system_hasync.php endpoint (btw, we should correct the config instructions for this).

opened by alexdelprete 19
Toggling firewall rule is not working properly

Good afternoon,

I have seen that when I switch the firewall rules, the switch changes state and so does the firewall rule, but the rule actually remains in the previous state. For example, a rule to open a port; when using the switch the green arrow turns gray in OPNsense but the port is still open. When this action is executed in OPNsense after changing the state, the changes must be applied, I suspect that the latter is not executed correctly

Regards

opened by davidsuarez82 14

switching filter rule - 'list' object has no attribute 'keys'

I have a couple cheap ebay/amazon camera that i've blocked from accessing the internet via a LAN rule in opnsense (using alias for ip matching them) to stop them calling home / disable the external remote access apps, trying to setup an automation to briefly toggle the rule (so that they can NTP sync) but it's failing with 'list' object has no attribute 'keys' on sending switch turn off (and switch turn on). Can see in opnsense that the rule is being disabled by the calls, and its working as can see timestamp being corrected on the cameras, however as it errors its stopping the automation on turn off and not doing the delay & turn back on part

Screenshot 2021-11-21 222436

Screenshot 2021-11-21 222816

Screenshot 2021-11-21 222827

log errors

This error originated from a custom integration.

Logger: homeassistant
Source: custom_components/opnsense/sensor.py:231
Integration: OPNsense (documentation, issues)
First occurred: 22:36:30 (1 occurrences)
Last logged: 22:36:30

Error doing job: Task exception was never retrieved
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 134, in _handle_refresh_interval
    await self._async_refresh(log_failures=True, scheduled=True)
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 265, in _async_refresh
    update_callback()
  File "/config/custom_components/opnsense/__init__.py", line 354, in process_entities
    entities = self.process_entities_callback(self.hass, self.config_entry)
  File "/config/custom_components/opnsense/sensor.py", line 231, in process_entities_callback
    for gateway_name in state["telemetry"]["gateways"].keys():
AttributeError: 'list' object has no attribute 'keys'

Logger: homeassistant.components.automation.toggle_camera_wan
Source: custom_components/opnsense/sensor.py:231
Integration: Automation (documentation, issues)
First occurred: 22:32:22 (2 occurrences)
Last logged: 22:32:22

toggle camera WAN: Error executing script. Unexpected error for call_service at pos 1: 'list' object has no attribute 'keys'
While executing automation automation.toggle_camera_wan
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 371, in _async_step
    await getattr(self, handler)()
  File "/usr/src/homeassistant/homeassistant/helpers/script.py", line 571, in _async_call_service_step
    await service_task
  File "/usr/src/homeassistant/homeassistant/core.py", line 1495, in async_call
    task.result()
  File "/usr/src/homeassistant/homeassistant/core.py", line 1530, in _execute_service
    await handler.job.target(service_call)
  File "/usr/src/homeassistant/homeassistant/helpers/entity_component.py", line 213, in handle_service
    await self.hass.helpers.service.entity_service_call(
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 667, in entity_service_call
    future.result()  # pop exception if have
  File "/usr/src/homeassistant/homeassistant/helpers/entity.py", line 863, in async_request_call
    await coro
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 704, in _handle_entity_call
    await result
  File "/config/custom_components/opnsense/switch.py", line 268, in async_turn_off
    await self.coordinator.async_refresh()
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 165, in async_refresh
    await self._async_refresh(log_failures=True)
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 265, in _async_refresh
    update_callback()
  File "/config/custom_components/opnsense/__init__.py", line 354, in process_entities
    entities = self.process_entities_callback(self.hass, self.config_entry)
  File "/config/custom_components/opnsense/sensor.py", line 231, in process_entities_callback
    for gateway_name in state["telemetry"]["gateways"].keys():
AttributeError: 'list' object has no attribute 'keys'

opened by toddstar 12

Feature Request] Add support for the "consider_home" parameter present in other router based tracking integrations

Thank you for this great integration, already it's way more useful than both the built-in and generic FreeBSD ones.

Many other device tracking centric integrations (particularly those that are router focused) feature a user configurable field that is usually called "consider_home", which acts to delay the state change of a device_tracker in HA by X number of seconds from the initial detection (usually via polling) in order to mitigate false positives. If the real device was found to have gone back to its original state after that period, the change is not reported.

See: https://www.home-assistant.io/integrations/device_tracker/#configuring-a-device_tracker-platform

I have no clue exactly what it would take to add this feature as I imagine its implementation is completely integration specific and likely consists of firing a timer for the specified time after a change occurs/is discovered and then checking the state again when it has elapsed before actually reporting it (or ignoring it if that is the case).

The existing "Device Tracker Scan Interval" setting does help facilitate this functionality partially, but ultimately is not the same thing. Setting it to a larger value does reduce the odds of polling the devices connection while it is temporarily marked as disconnected due to sleep, but does ultimately allow for poor luck to cause instant false positives. This alternative method ensures a fixed time grace period always occurs after a device is first believed to be disconnected, and if this time is tuned to be slightly longer than most of a user's devices tend to sleep then incorrect presence states can be eliminated almost entirely.

I know that this isn't exactly a high priority, but it is somewhat of a "standard feature" that I think is important to eventually have. Also I recognize that you may very well already be aware of this and just haven't bothered thus far, but I just wanted to have it down on paper haha.

opened by oblivioncth 9

Unable to do initial configuration

Super excited for this integration!

I followed most of the instructions in the README. My OPNSense version 21.7.5 doesn't have System -> Advanced so I wasn't able to set Max Processes despite looking around for it.

Also my tunables are under System > Settings > Tunables rather than System -> Advanced -> System Tunables and I had to manually add net.link.ether.inet.max_age, which I set to 300.

I added your repo to HACS and installed it, restarted HA, refreshed my browser and I see the integration in the Configuration > Integrations but when I add it, I get "Retrying setup: the JSON object must be str, bytes or bytearray, not bool" but I am able to see my devices in the Device Tracker Options, so some aspect of it is working.

I double-checked the permissions/ownership/content of the PHP files and they seem fine.

My Home Assistant is version 2021.11.4.

Please let me know if I can help or provide more information!

Lastly here's the stack trace from the logs:

This error originated from a custom integration.

Logger: custom_components.opnsense Source: custom_components/opnsense/pyopnsense/init.py:91 Integration: OPNsense (documentation, issues) First occurred: 2:01:19 PM (108 occurrences) Last logged: 2:20:53 PM

Unexpected error fetching Router OPNsense state data: the JSON object must be str, bytes or bytearray, not bool
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 187, in _async_refresh
    self.data = await self._async_update_data()
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 147, in _async_update_data
    return await self.update_method()
  File "/config/custom_components/opnsense/__init__.py", line 95, in async_update_data
    await hass.async_add_executor_job(lambda: data.update())
  File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/config/custom_components/opnsense/__init__.py", line 95, in <lambda>
    await hass.async_add_executor_job(lambda: data.update())
  File "/config/custom_components/opnsense/__init__.py", line 249, in update
    self._state["telemetry"] = self._get_telemetry()
  File "/config/custom_components/opnsense/__init__.py", line 225, in _get_telemetry
    return self._client.get_telemetry()
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 720, in get_telemetry
    data = self._exec_php(script)
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 59, in inner
    response = func(*args, **kwargs)
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 91, in _exec_php
    response = json.loads(response["real"])
  File "/usr/local/lib/python3.9/json/__init__.py", line 339, in loads
    raise TypeError(f'the JSON object must be str, bytes or bytearray, '
TypeError: the JSON object must be str, bytes or bytearray, not bool

opened by riddley 9

cannot setup integration

trying to setup the integration i just get "unexpected error".

the log shows this:

Logger: custom_components.opnsense.config_flow Source: custom_components/opnsense/config_flow.py:148 Integration: OPNsense (documentation, issues) First occurred: 14:17:10 (3 occurrences) Last logged: 14:20:11

Unexpected err=TypeError('string indices must be integers'), type(err)=<class 'TypeError'>

Iam using core-2022.8.2

opened by mgolisch 8
OPNsense update 22.7.2 breaks the integration
As per https://github.com/travisghansen/hass-opnsense/issues/19#issuecomment-1218670444

The breaking change, from the opnsense update log, is this:

system: replace static notices system with a shared one based on MVC/API code

If a beta version could be released as a workaround, while waiting for the official fix, it would be good, so users with the issue could update through HACS if they enable beta versions:
opened by alexdelprete 6
PHP Warning: Invalid argument supplied for foreach() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8

Hi, I've succesfully installed the opnsense add-on in my Home Assistant. Everything works fine, except I'm getting a warning in my opnsense dashboard. It comes on about every 30 seconds and it says

PHP Warning: Invalid argument supplied for foreach() in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8

My system info is this:

User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 FreeBSD 12.1-RELEASE-p21-HBSD #0 1c99b63a2ba(stable/21.7)-dirty: Wed Nov 10 11:17:14 CET 2021 root@sensey:/usr/obj/usr/src/amd64.amd64/sys/SMP amd64 OPNsense 21.7.6 acdaa7649 Plugins os-adguardhome-maxit-1.6_1 os-dyndns-1.27 os-homeassistant-maxit-1.0 os-mdns-repeater-1.0_1 os-qemu-guest-agent-1.1 os-udpbroadcastrelay-1.0_2 os-wireguard-1.9 Time Tue, 30 Nov 2021 16:57:53 -0500 OpenSSL 1.1.1l 24 Aug 2021 PHP 7.4.25

I have followed the instructions as they are on here, but I don't know if I've made an obvious mistake somewhere. Thank you for any advice :)

opened by frantathefranta 5
Feature request: Interface switch

I would like to request a network interface toggle. I know I can set a toggle with a block all rule on the interface, but the current streams do not get disconnected. When you disable the IF the current streams are immediately cut off.

opened by a1ad 0
Firmware version not available?

HA's device page shows the correct firmware version (22.7.7_1 currently) and the readme states there would be sensors for "system details (name, version, ~~temp,~~ boottime, etc)". I see 150 (partly disabled) entities like sensor.XXX_system_boottime or sensor.XXX_system_load_average_..., but no ..._name and especially no ..._version. How can those be created/enabled?

opened by Rover2 4

Cannot setup integration: Retrying setup:

I'm having problems setting up the integration.

I have followed the guide in the README.md file on how to setup this integration and after the first install it worked fine. I could turn on/off firewall rules from within Home-Assistant. This was about 14 days ago.

I'm not sure if it failed during change of IP of my opnsense box or an update to my opnsense.

But at the moment I cannot get the integration to work anymore. I have removed it the integration and reinstalled it and the same issue. I have also tried removing the plugin from opnsense and reinstall it.

The errors I get are as follow:

home-assistant logs:

Logger: custom_components.opnsense
Source: custom_components/opnsense/pyopnsense/__init__.py:112 
Integration: OPNsense ([documentation](https://github.com/travisghansen/hass-opnsense), [issues](https://github.com/travisghansen/hass-opnsense/issues)) 
First occurred: 14:12:35 (28 occurrences) 
Last logged: 14:33:49

Unexpected error fetching opnsense OPNsense state data: <ProtocolError for ***:***@***/xmlrpc.php: 500 Internal Server Error>
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 205, in _async_refresh
    self.data = await self._async_update_data()
  File "/usr/src/homeassistant/homeassistant/helpers/update_coordinator.py", line 164, in _async_update_data
    return await self.update_method()
  File "/config/custom_components/opnsense/__init__.py", line 96, in async_update_data
    await hass.async_add_executor_job(lambda: data.update())
  File "/usr/local/lib/python3.10/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/config/custom_components/opnsense/__init__.py", line 96, in <lambda>
    await hass.async_add_executor_job(lambda: data.update())
  File "/config/custom_components/opnsense/__init__.py", line 318, in update
    self._state["carp_interfaces"] = self._get_carp_interfaces()
  File "/config/custom_components/opnsense/__init__.py", line 224, in inner
    response = func(*args, **kwargs)
  File "/config/custom_components/opnsense/__init__.py", line 267, in _get_carp_interfaces
    return self._client.get_carp_interfaces()
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 634, in get_carp_interfaces
    response = self._exec_php(script)
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 79, in inner
    response = func(*args, **kwargs)
  File "/config/custom_components/opnsense/pyopnsense/__init__.py", line 112, in _exec_php
    response = self._get_proxy().opnsense.exec_php(script)
  File "/usr/local/lib/python3.10/xmlrpc/client.py", line 1122, in __call__
    return self.__send(self.__name, args)
  File "/usr/local/lib/python3.10/xmlrpc/client.py", line 1464, in __request
    response = self.__transport.request(
  File "/usr/local/lib/python3.10/xmlrpc/client.py", line 1166, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/local/lib/python3.10/xmlrpc/client.py", line 1196, in single_request
    raise ProtocolError(
xmlrpc.client.ProtocolError: <ProtocolError for ***:***@***/xmlrpc.php: 500 Internal Server Error>

I have removed any reference to my API keys and IPs.

From the opnsense log, I get this error:

System Information:

User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15
FreeBSD 13.1-RELEASE-p2 stable/22.7-n250239-dde4437e8f2 SMP amd64
OPNsense 22.7.5 5d65a72c6
Plugins os-homeassistant-maxit-1.0 os-netdata-1.2 os-ntopng-1.2_1 os-redis-1.1_1 os-speedtest-community-0.9_3 os-theme-vicuna-1.41 os-wireguard-1.12 os-zerotier-1.3.2_3 
Time Thu, 06 Oct 2022 12:38:16 +0000
OpenSSL 1.1.1q  5 Jul 2022
Python 3.9.14
PHP 8.0.23
PHP Errors:

[06-Oct-2022 12:12:35 Etc/UTC] PHP Fatal error:  Uncaught TypeError: Cannot access offset of type string on string in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:8
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8
[06-Oct-2022 12:12:41 Etc/UTC] PHP Fatal error:  Uncaught TypeError: Cannot access offset of type string on string in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code:8
Stack trace:
#0 /usr/local/etc/inc/xmlrpc/hass.inc(12): eval()
#1 /usr/local/opnsense/contrib/IXR/IXR_Library.php(446): exec_php_xmlrpc('\nini_set('displ...')
#2 /usr/local/opnsense/contrib/IXR/IXR_Library.php(384): IXR_Server->call('opnsense.exec_p...', '\nini_set('displ...')
#3 /usr/local/opnsense/contrib/IXR/IXR_Library.php(357): IXR_Server->serve('__construct(Array)
#5 /usr/local/www/xmlrpc.php(104): XMLRPCServer->start()
#6 {main}
  thrown in /usr/local/etc/inc/xmlrpc/hass.inc(12) : eval()'d code on line 8

I have looked through the current open/close issues and could not find anything that matched my issue?

opened by kajhoej 29

Unexpected err=TypeError('string indices must be integers'), type(err)=

Hi Devs!

I just wanted to register my OPNsense in HA via your plugin and followed the instructions. Everything worked fine until I tried to finally connect the firewall via the GUI. I entered URL, unchecked SSL verification, entered a generated API Key and the secret. When I click on submit I get a red alert with "Unexpected error". Log looks like following:

Logger: custom_components.opnsense.config_flow Source: custom_components/opnsense/config_flow.py:148 Integration: opnsense (documentation, issues) First occurred: 9:32:52 AM (10 occurrences) Last logged: 9:38:28 AM

Unexpected err=TypeError('string indices must be integers'), type(err)=<class 'TypeError'> [redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]U[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]n[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]x[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]p[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]c[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]t[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]d[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted] [redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]=[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]T[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]y[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]p[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]E[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]o[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]([redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]'[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]s[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]t[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]i[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]n[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]g[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted] [redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]i[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]n[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]d[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]i[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]c[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]s[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted] [redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]m[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]u[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]s[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]t[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted] [redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]b[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted] [redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]i[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]n[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]t[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]g[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]s[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]'[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted])[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted],[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted] [redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]t[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]y[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]p[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]([redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted])[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]=[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]<[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]c[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]l[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]a[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]s[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]s[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted] [redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]'[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]T[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]y[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]p[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]e[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]E[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]o[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]r[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]'[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]>[redacted][[redacted]r[redacted]e[redacted]d[redacted]a[redacted]c[redacted]t[redacted]e[redacted]d[redacted]][redacted]`

Home Assistant Core: 2022.8.7 HACS: 1.27.0 supervisor-2022.08.3

opened by massa007 1
Firmware Update Binary Sensor - 401 status

Hi Travis,

it's been some time since we've been in contact, hope you are fine. :)

the integration is working very well, I just noticed a small issue: the attributes of this specific sensor (binary_sensor.opnsense_firmware_updates_available) are empty and as you can see from the screenshot below, I notice a 401 error (unauthorized). Can you reproduce it in your test system?

opened by alexdelprete 26