Skip to main content

OPN103 - Failed to Remove Entry from OPNsense Alias

Agent error code #207103#OPN103 indicates that OPNsense rejected an attempt to remove an entry from the configured alias. The agent located the alias successfully but the delete request did not complete.

This error is distinct from authorization failures (#207001)#OPN001), which prevent the request from running. Error #207103#OPN103 means the request ran but OPNsense reported a failure status.

Common causes include:

  • The alias was switched to a type that does not allow individual entry removal (such as a dynamically-populated GeoIP alias)
  • A concurrent change on OPNsense rolled back the delete
  • The API user lost the Firewall: Alias: Edit privilege between the agent's add and delete calls

Steps to Resolve

Verify the Alias Is Still Editable

  1. Log into OPNsense and navigate to Firewall > Aliases
  2. Open the alias and confirm its Type is Host(s) or Network(s) (Knocknoc cannot manage GeoIP, URL Table, or other dynamic alias types)

Check the OPNsense Response Detail

  1. Open the orchestration agent log and find the entry for the failed revocation
  2. The agent logs the message field of the OPNsense response, which often identifies the specific reason

Confirm API User Privileges

  1. Confirm the API user's group still has the Firewall: Alias: Edit and Firewall: Aliases privileges (see also #207001)#OPN001)

Treat as Idempotent

If the alias was recently rebuilt or cleared, the entry the agent is trying to remove may already be gone. Revocations are idempotent, so a returned failure here means the API call itself errored rather than the entry being already absent.

Still Having Issues?

We can help you out, contact us at support@knocknoc.io.

Back to top