Skip to main content

206101 - Failed to Create pfSense Alias

Agent error code #206101 indicates that the agent attempted to create a new alias on pfSense (because the configured alias did not exist) and pfSense rejected the create request.

This error is distinct from update failures (#206102), which occur on existing aliases. Error #206101 happens specifically when Knocknoc is asked to create the alias on first grant and the create call fails.

Common causes include:

  • The API user lacks the WebCfg - Firewall: Aliases: Import privilege (this is the privilege controlling create)
  • The alias name conflicts with an existing alias of a different type
  • The alias name contains characters not permitted by pfSense (must match [A-Za-z0-9_]+)
  • A concurrent change on pfSense rolled the new alias back

Steps to Resolve

Verify the Import Privilege

  1. Log into pfSense and navigate to System > User Manager > Users
  2. Open the user the API key acts as
  3. Confirm WebCfg - Firewall: Aliases: Import is listed under Effective Privileges. If missing, add it

Pre-create the Alias

If you would rather not grant the create privilege, pre-create the alias yourself:

  1. In pfSense, navigate to Firewall > Aliases > IP
  2. Click Add and create a host alias with the exact name configured in the Knocknoc ACL. Leave the contents empty
  3. Click Save and Apply Changes

For the full setup, see the pfSense setup guide.

Check the Alias Name

  1. Confirm the Alias name in the Knocknoc ACL matches [A-Za-z0-9_]+ (letters, digits, and underscores only)
  2. Hyphens, dots, and spaces are not permitted by pfSense
Back to top