I am stuck on how to make a simple openvpn access server xml-rpc api call. Apparently the ascli has all of the same methods, however there is no real example I can find like - what does the endpoint look like https://<myserver><myport>/RPC2 and then the name of the method with basic auth used.
Has anyone been able to use this ever, I would like to remotely control some user management and we have enabled full api on the AS gui. But "We do not provide documentation or support for the XML-RPC interface" is hilariously frustrating for us right now.
Thanks anyone for assisting!
an example of how to make xml-rpc api call?
-
jack-torrance
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Jun 20, 2019 11:19 pm
-
mdibella
- OpenVPN Power User
- Posts: 51
- Joined: Thu Dec 13, 2018 11:15 pm
Re: an example of how to make xml-rpc api call?
At shell prompt in the scripts directory, execute
./sacli --key "xmlrpc.relay_level" --value 2 ConfigPut
./sacli start
to enable xml-rpc interface, then execute
./sacli --help | more
to get list of methods. Some method names will differ for the xml-rpc interface, i.e. VPNSummary is GetVPNSummary via rpc. Execute
OPENVPN_AS_DEBUG_XML=1 ./sacli method
to get the method prototypes. Use Basic authentication to a user with Admin permission granted.
Sample Request:
POST /RPC2/ HTTP/1.1\r\n
Host: openvpnas.domain.net\r\n
Accept: */*\r\n
Content-Length:115\r\n
Authorization: Basic **********\r\n
\r\n
<?xml version="1.0"?>\r\n
<methodCall>\r\n
<methodName>GetVPNSummary</methodName>\r\n
<params>\r\n
</params>\r\n
</methodCall>\r\n
\r\n
Sample Response:
HTTP/1.1 200 OK\r\n
Date: Fri, 21 Jun 2019 00:22:01 GMT\r\n
X-Frame-Options: SAMEORIGIN\r\n
Content-Type: text/xml\r\n
Content-Length: 197\r\n
Server: OpenVPN-AS\r\n
\r\n
<?xml version='1.0'?>\n<methodResponse>\n<params>\n<param>\n<value><struct>\n<member>\n<name>n_clients</name>\n<value><int>0</int></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodResponse>\n
./sacli --key "xmlrpc.relay_level" --value 2 ConfigPut
./sacli start
to enable xml-rpc interface, then execute
./sacli --help | more
to get list of methods. Some method names will differ for the xml-rpc interface, i.e. VPNSummary is GetVPNSummary via rpc. Execute
OPENVPN_AS_DEBUG_XML=1 ./sacli method
to get the method prototypes. Use Basic authentication to a user with Admin permission granted.
Sample Request:
POST /RPC2/ HTTP/1.1\r\n
Host: openvpnas.domain.net\r\n
Accept: */*\r\n
Content-Length:115\r\n
Authorization: Basic **********\r\n
\r\n
<?xml version="1.0"?>\r\n
<methodCall>\r\n
<methodName>GetVPNSummary</methodName>\r\n
<params>\r\n
</params>\r\n
</methodCall>\r\n
\r\n
Sample Response:
HTTP/1.1 200 OK\r\n
Date: Fri, 21 Jun 2019 00:22:01 GMT\r\n
X-Frame-Options: SAMEORIGIN\r\n
Content-Type: text/xml\r\n
Content-Length: 197\r\n
Server: OpenVPN-AS\r\n
\r\n
<?xml version='1.0'?>\n<methodResponse>\n<params>\n<param>\n<value><struct>\n<member>\n<name>n_clients</name>\n<value><int>0</int></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodResponse>\n
-
mdibella
- OpenVPN Power User
- Posts: 51
- Joined: Thu Dec 13, 2018 11:15 pm
Re: an example of how to make xml-rpc api call?
This might help to reverse-engineer method calls:
https://openvpn.net/vpn-server-resource ... I_VERBOSE1
https://openvpn.net/vpn-server-resource ... I_VERBOSE1
-
jack-torrance
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Jun 20, 2019 11:19 pm
Re: an example of how to make xml-rpc api call?
Thanks all! VERY much needed the extra little bit of help on this one and now we are able to make a basic call to the rpc-xml api. I was unable to find this example et ANYWHERE online so I hope it helps others with this task!
thanks again!
thanks again!
-
jack-torrance
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Jun 20, 2019 11:19 pm
Re: an example of how to make xml-rpc api call?
FYI:
here are all of the commands that are available to use in the openvpn access server xml-rpc api:
Version -> Show Access Server version number
Init -> wipe database
EnumClients -> enumerate client names
EnumAltConfigs -> enumerate alternative client-config namespace
AddClient -> add a client record to DB
AutoGenerateClient -> generate a client record if none exists
AutoGenerateOnBehalfOf -> generate a client record for a specific user (--user)
ModClient -> modify a client record
RevokeCert -> revoke a client certificate
RevokeUser -> revoke all client certificates associated with a user
DisconnectClient -> Disconnect client from VPN
DisconnectUser -> Disconnect all instances of --user from VPN
VPNStatus -> show current VPN status
VPNSummary -> show current VPN summary
Get5 -> get 5 configuration files for client
Get1 -> get unified configuration file for client
GetInstaller -> get installer for client
GetInstallerEx -> get installer for client (also specify --user, --itype, and optionally --autologin)
GetServer -> get configuration files for server
GetAutologin -> get unified autologin configuration for client making request (or specify --user)
GetUserlogin -> get unified user configuration for client making request (or specify --user)
GetAutologin5 -> like GetAutologin, but return configuration as 5 separate files
GetUserlogin5 -> like GetUserlogin, but return configuration as 5 separate files
GetGeneric -> get generic configuration file for client
GetGenericInstaller -> get generic installer for client
GetVisibility -> show file types that would be visible for this user in the CWS
EnumConfigTypes -> show config types for this user (userlogin, autologin, generic)
GetBaseNames -> show download file basenames
GetSession -> get a Session ID
CloseSession -> close a Session ID
NetInfo -> show network information
Start -> start services
Stop -> stop services
Validate -> validate the current profile
Status -> show run status
SetActive -> set the active profile
Resolve -> DNS resolve
ResolveRev -> DNS reverse resolve
IP -> show server agent's public IP address
CTest -> run connectivity test
Static -> show static configuration
LDAPExp -> search LDAP
QueryLog -> query log file
LicActivate -> activate license
LicRenew -> renew license keys
LicUsage -> show active connections compared to license limit
LocalAuthEnabled -> test if local auth enabled
SetLocalPassword -> set local password for a user (only when using local auth mode)
RemoveLocalPassword -> remove local password for a user (only when using local auth mode)
GoogleAuthGet -> get Google Authenticator (specify --user)
GoogleAuthRegen -> regenerate Google Authenticator key (specify --user and --lock)
GoogleAuthLock -> lock/unlock Google Authenticator key (specify --user and --lock)
GetBranding -> get branding info
GetNCores -> get number of CPU cores
GetActiveWebCerts -> get current active web certificates/keys
RegisterCommit -> tell server agent that we independently committed to a DB, use --dblist to specify DBs
DBReset -> compel server agent to close and reopen DB connections
ExpeditePush -> expedite scheduling for the next DB push
Reset -> do a SIGHUP-like restart on server agent
FailTest -> do a connectivity test between failover nodes
InitRestart -> do a restart at the /etc/init.d/openvpnas level
InitPeer -> do a start/stop/restart of peer at the /etc/init.d/openvpnas level
ConfigPut -> save a configuration item (specify --key and --value)
ConfigDel -> delete a configuration item (specify --key)
ConfigQuery -> show active configuration settings (optionally specify --prof and/or --pfilt)
UserPropPut -> save a user properties setting (specify --user, --key, and --value)
UserPropDel -> delete a user properties setting (specify --user and --key)
UserPropDelAll -> delete all user properties for a given user (specify --user)
UserPropGet -> get user properties entries (optionally specify --pfilt or --tfilt)
UserPropCount -> show number of user properties records (optionally specify --tfilt)
GetBootstrapUsers -> show currently configured bootstrap user list
GetUIHelperInfo -> show general info of use to the client web server
TestWebCerts -> validate web certificates
Memo -> leave a timestampped comment in the log file
here are all of the commands that are available to use in the openvpn access server xml-rpc api:
Version -> Show Access Server version number
Init -> wipe database
EnumClients -> enumerate client names
EnumAltConfigs -> enumerate alternative client-config namespace
AddClient -> add a client record to DB
AutoGenerateClient -> generate a client record if none exists
AutoGenerateOnBehalfOf -> generate a client record for a specific user (--user)
ModClient -> modify a client record
RevokeCert -> revoke a client certificate
RevokeUser -> revoke all client certificates associated with a user
DisconnectClient -> Disconnect client from VPN
DisconnectUser -> Disconnect all instances of --user from VPN
VPNStatus -> show current VPN status
VPNSummary -> show current VPN summary
Get5 -> get 5 configuration files for client
Get1 -> get unified configuration file for client
GetInstaller -> get installer for client
GetInstallerEx -> get installer for client (also specify --user, --itype, and optionally --autologin)
GetServer -> get configuration files for server
GetAutologin -> get unified autologin configuration for client making request (or specify --user)
GetUserlogin -> get unified user configuration for client making request (or specify --user)
GetAutologin5 -> like GetAutologin, but return configuration as 5 separate files
GetUserlogin5 -> like GetUserlogin, but return configuration as 5 separate files
GetGeneric -> get generic configuration file for client
GetGenericInstaller -> get generic installer for client
GetVisibility -> show file types that would be visible for this user in the CWS
EnumConfigTypes -> show config types for this user (userlogin, autologin, generic)
GetBaseNames -> show download file basenames
GetSession -> get a Session ID
CloseSession -> close a Session ID
NetInfo -> show network information
Start -> start services
Stop -> stop services
Validate -> validate the current profile
Status -> show run status
SetActive -> set the active profile
Resolve -> DNS resolve
ResolveRev -> DNS reverse resolve
IP -> show server agent's public IP address
CTest -> run connectivity test
Static -> show static configuration
LDAPExp -> search LDAP
QueryLog -> query log file
LicActivate -> activate license
LicRenew -> renew license keys
LicUsage -> show active connections compared to license limit
LocalAuthEnabled -> test if local auth enabled
SetLocalPassword -> set local password for a user (only when using local auth mode)
RemoveLocalPassword -> remove local password for a user (only when using local auth mode)
GoogleAuthGet -> get Google Authenticator (specify --user)
GoogleAuthRegen -> regenerate Google Authenticator key (specify --user and --lock)
GoogleAuthLock -> lock/unlock Google Authenticator key (specify --user and --lock)
GetBranding -> get branding info
GetNCores -> get number of CPU cores
GetActiveWebCerts -> get current active web certificates/keys
RegisterCommit -> tell server agent that we independently committed to a DB, use --dblist to specify DBs
DBReset -> compel server agent to close and reopen DB connections
ExpeditePush -> expedite scheduling for the next DB push
Reset -> do a SIGHUP-like restart on server agent
FailTest -> do a connectivity test between failover nodes
InitRestart -> do a restart at the /etc/init.d/openvpnas level
InitPeer -> do a start/stop/restart of peer at the /etc/init.d/openvpnas level
ConfigPut -> save a configuration item (specify --key and --value)
ConfigDel -> delete a configuration item (specify --key)
ConfigQuery -> show active configuration settings (optionally specify --prof and/or --pfilt)
UserPropPut -> save a user properties setting (specify --user, --key, and --value)
UserPropDel -> delete a user properties setting (specify --user and --key)
UserPropDelAll -> delete all user properties for a given user (specify --user)
UserPropGet -> get user properties entries (optionally specify --pfilt or --tfilt)
UserPropCount -> show number of user properties records (optionally specify --tfilt)
GetBootstrapUsers -> show currently configured bootstrap user list
GetUIHelperInfo -> show general info of use to the client web server
TestWebCerts -> validate web certificates
Memo -> leave a timestampped comment in the log file
-
jack-torrance
- OpenVpn Newbie
- Posts: 4
- Joined: Thu Jun 20, 2019 11:19 pm
Re: an example of how to make xml-rpc api call?
Now then, to be able to use each of these via xml rpc (i tested this out with postman), you will need to retrieve the xml format. Since the command line methods (ascli) are the same name as the xml rpc, you can run the ascli commands like this:
- first sudo via telnet into: /usr/local/openvpn_as/scripts/
- then run the method like this:
sudo OPENVPN_AS_DEBUG_XML=1 ./sacli VPNSummary
for instance this will display the xml request format for the vpnsummary command. you can then take this and put it into postman!
- first sudo via telnet into: /usr/local/openvpn_as/scripts/
- then run the method like this:
sudo OPENVPN_AS_DEBUG_XML=1 ./sacli VPNSummary
for instance this will display the xml request format for the vpnsummary command. you can then take this and put it into postman!