Manual Enable/Disable
The vpn file in the repository is a Bash script used to manually enable or disable the WireGuard VPN on OPNsense.
This is useful when you want to control the VPN without relying on automatic triggers.
This script uses encrypted API credentials.
Inside the vpn script, there's a line that decrypts and loads the credentials into the environment:
eval $(gpg --quiet --batch --decrypt .vpn/creds.gpg 2>/dev/null)
💡
This command loads
Make sure you run it from the root of the repository before executing the
API_KEY and API_SECRET into your current shell session by decrypting .vpn/creds.gpgMake sure you run it from the root of the repository before executing the
vpn script.How to Create Encrypted API Key
- Create the
.vpn/creds.txtfile
API_KEY=your_api_key_here
API_SECRET=your_api_secret_here
- Encrypt the file
gpg --symmetric --cipher-algo AES256 -o .vpn/creds.gpg .vpn/creds.txt
- Delete the original plain text file
rm .vpn/creds.txt
CLI command
./vpn on # Enable WireGuard
./vpn off # Disable WireGuard