This page is dedicated to the DynFi Manager Connection Agent.
What is the DynFi Connexion Agent ?
The DynFi Connection Agent (DFConAg) is a plugin available both for pfSense®-CE and OPNsense® firewall devices.
It works in conjunction with the Connection Agent back-end found on the DynFi manager.
The goals of this package are the following:
- Ease the addition of new devices into the DynFi Manager
- Allow connections to be initiated from the Firewall to the Manager
- Limit the number of manipulation requested by end-users to deploy their devices
Screencast of DynFi Connection Agent
What are the steps needed to install and use this Agent ?
1. Install the agent
For pfSense-CE:
You can simply copy and paste the link below as root on your pfSense® devices. This will download and deploy the connexion agent on your devices.
root@pfsense:~# pkg add -f https://dynfi.com/connection-agent/download/pfsense/pfSense-pkg-dfconag-1.2.txz
or
root@pfsense:~# curl https://dynfi.com/connection-agent/download/pfsense/dfconag-1.2-installer.sh --output /tmp/dfconag-installer.sh && sh /tmp/dfconag-installer.sh
For OPNsense:
root@opnsense:~# pkg add -f https://dynfi.com/connection-agent/download/opnsense/os-dfconag-1.2.txz
root@opnsense:~# wget -O - https://dynfi.com/connection-agent/download/opnsense/dfconag-1.2-installer.sh | sh
2. Deploy your first device
Enable the Connexion Agent on the Dynfi Manager
You should make sure that your DynFi Manager configuraiton file (located in /etc/dynfi.conf) contains the following lines:
connectionAgentPort=2222
This will enable your the connexion Agent SSH service on the Manager.
Please make sure that the port you are using is unique and not used by any other service.
Also make sure that you are allowing incoming SSH connexion from your remote devices (if DynFi is protected by a firewall).
Restart the DynFi Manager using:
# systemctl restart dynfi
The DynFi Manager status of Connection Agent shall now be Green and ready to operate.
Generate your first token on DynFi Manager
Just go to the DynFi Manager >> Connection Agent.
Go to Connection Agent >> Tokens.
Specify the validity period of the token and other parameters and generate your token.
Your token will appear in an overlay window, you can copy or download the token.
Deploy your first device
Paste the copied token into your device's Connection Agent and validate the action.
Either let the Connexion Agent generate a key pair between your Manager and your firewall device (prefered method) or use some other SSH credentials.
Validate and the Agent shall connect automtically to the DynFi Manager.
3. Troubleshooting
Most of the time the problem will come from port access problems. So make sure that you have the proper firewall rules enabled mostly on the Manager side.
This is a common mistake which will prevent the Firewalls from self registering.