icon for mcp server

OPNSense

STDIO

MCP server for managing OPNsense firewalls with Infrastructure as Code capabilities.

OPNSense MCP Server

A Model Context Protocol (MCP) server for managing OPNsense firewalls with Infrastructure as Code (IaC) capabilities.

OPNSense Server MCP server

Features

======= Version License MCP

🚀 Features

  • Complete OPNsense API Integration - Manage VLANs, firewall rules, services, and more
  • Infrastructure as Code - Deploy and manage network infrastructure declaratively
  • State Management - Track resource state with rollback capabilities
  • Caching Support - Redis and PostgreSQL integration for performance
  • DNS Blocking - Built-in DNS blocklist management
  • Backup & Restore - Configuration backup management

📋 Prerequisites

  • Node.js 18+
  • OPNsense firewall with API access enabled
  • (Optional) Redis for caching
  • (Optional) PostgreSQL for persistent cache

🛠️ Installation

# Clone the repository
git clone https://github.com/vespo92/OPNSenseMCP
cd opnsense-mcp

# Install dependencies
npm install

# Build the project
npm run build

# Copy and configure environment
cp .env.example .env
# Edit .env with your OPNsense credentials

⚙️ Configuration

Create a .env file with your OPNsense configuration:

# Required
OPNSENSE_HOST=https://192.168.1.1
OPNSENSE_API_KEY=your_api_key
OPNSENSE_API_SECRET=your_api_secret

# Optional
IAC_ENABLED=true
ENABLE_CACHE=false
REDIS_HOST=localhost
POSTGRES_HOST=localhost

🚦 Quick Start

# Start the MCP server
npm start

# Or use with Claude Desktop
# Add to claude_desktop_config.json:
{
  "mcpServers": {
    "opnsense": {
      "command": "node",
      "args": ["dist/index.js"],
      "cwd": "/path/to/opnsense-mcp"
    }
  }
}

📚 Documentation

Infrastructure as Code Example

Deploy network infrastructure declaratively:

{
  "name": "home-network",
  "resources": [{
    "type": "opnsense:network:vlan",
    "id": "guest-vlan",
    "name": "Guest Network",
    "properties": {
      "interface": "igc3",
      "tag": 10,
      "description": "Isolated guest network"
    }
  }]
}

📖 Usage Examples

Managing VLANs

// Create a new VLAN for IoT devices
const vlan = {
  type: "opnsense:network:vlan",
  properties: {
    interface: "igc3",
    tag: 20,
    description: "IoT Network - Isolated"
  }
};

Firewall Rules

// Block all traffic from guest network to main LAN
const rule = {
  type: "opnsense:firewall:rule",
  properties: {
    action: "block",
    interface: "guest_vlan",
    source: "guest_vlan_subnet",
    destination: "lan_subnet",
    description: "Block guest to LAN"
  }
};

DNS Blocking

// Block social media sites
const blocklist = {
  type: "opnsense:dns:blocklist",
  properties: {
    domains: ["facebook.com", "twitter.com", "tiktok.com"],
    description: "Social media block",
    enabled: true
  }
};

Complete Network Setup Example

// Deploy a complete guest network with isolation
const guestNetwork = {
  name: "guest-network-setup",
  resources: [
    {
      type: "opnsense:network:vlan",
      id: "guest-vlan",
      properties: {
        interface: "igc3",
        tag: 10,
        description: "Guest WiFi Network"
      }
    },
    {
      type: "opnsense:firewall:rule",
      id: "guest-internet",
      properties: {
        action: "pass",
        interface: "guest_vlan",
        source: "guest_vlan_subnet",
        destination: "any",
        description: "Allow guest internet"
      }
    },
    {
      type: "opnsense:firewall:rule",
      id: "block-guest-lan",
      properties: {
        action: "block",
        interface: "guest_vlan",
        source: "guest_vlan_subnet",
        destination: "lan_subnet",
        description: "Isolate guest from LAN"
      }
    }
  ]
};

Using with Claude Desktop

Once configured in Claude Desktop, you can ask Claude to:

  • "Create a new VLAN for my smart home devices"
  • "Show me all devices on my guest network"
  • "Block pornhub.com on my network"
  • "Set up a Minecraft server VLAN with proper firewall rules"
  • "Find Kyle's laptop on the network"
  • "Create a backup of my firewall configuration"

🔧 Troubleshooting

Common Issues

Connection refused errors

  • Ensure OPNsense API is enabled (System > Settings > Administration > API)
  • Check firewall rules allow API access from your host
  • Verify SSL settings match your configuration

Authentication failures

  • API key and secret must be base64 encoded in OPNsense
  • Ensure no trailing spaces in credentials
  • Check user has appropriate permissions

VLAN creation fails

  • Verify the physical interface exists and is not in use
  • Check VLAN tag is within valid range (1-4094)
  • Ensure interface supports VLAN tagging

Build errors

  • Run npm ci for clean dependency installation
  • Ensure Node.js 18+ is installed
  • Check TypeScript version matches requirements

For more detailed troubleshooting, see our Troubleshooting Guide.

🗺️ Roadmap

  • Unified IaC orchestrator
  • Web UI for deployment management
  • Multi-firewall support

🤝 Contributing

Contributions are welcome! Please read our Contributing Guide for details.

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

  • Built for the MCP (Model Context Protocol) ecosystem
  • Inspired by Pulumi and SST infrastructure patterns
  • Part of a larger vision for home infrastructure automation

Be the First to Experience MCP Now