Skip to main content

OPN102 - Failed to Add Entry to OPNsense Alias

Agent error code #207102#OPN102 indicates that OPNsense rejected an attempt to add an entry to the configured alias. The agent located the alias successfully but the add request did not complete.

This error is distinct from authorization failures (#207001)#OPN001), which prevent the request from running at all. Error #207102#OPN102 means the request ran but OPNsense reported a failure status.

Common causes include:

  • The alias type does not accept the kind of entry being added (e.g. a host alias being asked to accept a CIDR)
  • The alias has a configured row limit and is full
  • The IP being added contains invalid characters (very rare, but possible if data was tampered with upstream)
  • A concurrent change on OPNsense rolled back the add before it could be persisted

Steps to Resolve

Verify the Alias Type

  1. Log into OPNsense and navigate to Firewall > Aliases
  2. Open the alias and confirm its Type is Host(s) (for individual IPs) or Network(s) (for CIDR ranges)
  3. If the type is wrong for what Knocknoc is granting, change it to Host(s) for IP grants or Network(s) for CIDR grants, and save

Check the OPNsense Response Detail

  1. Open the orchestration agent log and find the entry for the failed grant
  2. The agent logs the message field of the OPNsense response. Common values include "duplicate", "invalid", or "limit exceeded"

Check the Alias Row Limit

  1. In the alias edit screen on OPNsense, scroll to the row limit setting (visible on alias types that support it)
  2. If the limit is reached, raise the limit or remove stale entries from the alias contents

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top