Skip to main content

OPN100 - OPNsense Alias Not Found

Agent error code #207100#OPN100 indicates that the alias name configured in the Knocknoc ACL does not exist on OPNsense. The firewall returned HTTP 404 when the agent looked up the alias.

This error is distinct from authorization failures (#207001)#OPN001), which occur when the API user is denied even for aliases that exist. Error #207100#OPN100 means the alias name itself was not found.

Common causes include:

  • The alias has not been created on OPNsense yet
  • The alias name in the Knocknoc ACL has a typo (alias names are case-sensitive)
  • The API user lacks privilege to see the alias, which OPNsense surfaces as a 404 rather than a 403
  • The alias was renamed or deleted on OPNsense after the Knoc was configured

Steps to Resolve

Verify the Alias Exists on OPNsense

  1. Log into the OPNsense web UI and navigate to Firewall > Aliases
  2. Confirm an alias exists with the exact name configured in the Knocknoc ACL
  3. Alias names are case-sensitive and must match exactly (e.g. knocknoc_allowed is different from Knocknoc_Allowed)
  4. If the alias is missing, create it as Host(s) (or Network(s) for CIDR ranges) and leave the contents empty (see also the OPNsense setup guide)

Verify the Alias Name in the Knocknoc ACL

  1. In the Knocknoc admin interface, edit the affected Knoc's ACL
  2. Confirm the Alias Name value matches the alias on OPNsense character-for-character
  3. Save the ACL

Confirm API User Visibility

  1. The agent only sees aliases the API user has privilege to read. Confirm the user's group has the Firewall: Aliases and Firewall: Alias: Edit privileges (see also #207001)#OPN001)
  2. Reference the alias from a firewall rule under Firewall > Rules. The agent only manages alias contents, it does not create rules.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top