OPNsense User Access Setup

Categories:

Overview

Synclias requires API access to OPNsense, with permissions to view and edit Firewall Aliases and trigger a “reconfigure” to apply the changes

It assumes the VPN and Firewall Alias are already created as per that guide

This guide will:

  1. Create a group “synclias_group” with necessary pemissions granted to it
  2. Create a user account “synclias” as a member of the group
  3. Generate an API key to allow Synclias to log in

This guide assumes access to the web interface with admin permissions

Create a Group

  1. Navigate to System -> Access -> Groups
  2. Click + 
  3. Configure the new group with all settings at default, except:
  • Group Name: synclias_group
  • Privileges:
    • Diagnostics: PF Table IP addresses
    • Firewall: Alias: Edit
    • Firewall: Alias
  1. Click Save .

Create a User Account

  1. Navigate to System -> Access -> Users
  2. Click + 
  3. Configure the new group with all settings at default, except:
  • Username: synclias
  • Scrambled Password: Checked
  • Group membership: synclias_group

4. Click Save

Generate API Key

  1. Navigate to System -> Access -> Users
  2. Locate the opn_alias user and in the Commands section click the button to Create and Download an API Key for this user (The icon looks like a rectangular ticket, and is to the left of the edit button)
  3. On the popup confirmation window, click Yes
  4. A text file will be downloaded containing API_KEY and API_SECRET lines, ensure to keep this safe
Last modified October 24, 2025: PC updates (18a6c64)