OPN000 - OPNsense Authentication Failed

Agent error code #207000#OPN000 indicates that the OPNsense API rejected the credentials provided by the agent. The firewall returned HTTP 401 (Unauthorized).

This error is distinct from authorization failures (#207001)#OPN001), which occur when the credentials are valid but lack the required privileges. Error #207000#OPN000 means the API key/secret pair itself was not accepted.

Common causes include:

• The API key or secret in the Knocknoc backend has a typo or trailing whitespace
• The API key/secret pair was regenerated on OPNsense and the Knocknoc backend was not updated
• The OPNsense user the key belongs to has been disabled
• The API key entry was removed from the user's profile on OPNsense

Steps to Resolve

Verify the API Key/Secret in Knocknoc

1. In the Knocknoc admin interface, navigate to the backend configuration for the affected OPNsense Knoc
2. Re-enter the API Key and API Secret from the apikey.txt file you downloaded from OPNsense
3. Save the configuration and wait for the next grant operation

For more details, see the OPNsense setup guide.

Verify the API User on OPNsense

1. Log into the OPNsense web UI
2. Navigate to System > Access > Users and open the user the API key belongs to
3. Confirm the user is enabled (the Disabled checkbox is unchecked)
4. Scroll to the API keys section and confirm an entry matching the key configured in Knocknoc exists

Regenerate the API Key/Secret

If the existing pair cannot be verified or is no longer working:

1. In the OPNsense web UI, navigate to System > Access > Users and open the API user
2. Click the + button under API keys to generate a new key/secret pair
3. Save the downloaded apikey.txt file
4. Update the API Key and API Secret in the Knocknoc backend configuration
5. Optionally remove the old key/secret entry on OPNsense once the new pair is confirmed working

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.