XG API VPNIPSecConnection

Hey everyone! I've been using powershell and the API to make mass configuration changes on my firewalls for some time now, but the '+' symbols in the RSA key always get replaced with white spaces. Anyone have a clue as to why?

  • In reply to Keyur:

    Could you share your Script and the output of the Webadmin with us?

    Also share the output of /log/apiparser.log with us. 

     

    Try to perform those steps in XGv18 to get a proper answer. 

  • In reply to LuCar Toni:

    Here is the log, i'm cleaning the script now.

    Login Handler,Component : Login
    ERROR Feb 20 08:20:15 [5390]: Key:ISCrEntity is not found in RequestMap File for Login.
    INFO Feb 20 08:20:15 [5390]: Mapping file for Login component is /_conf/csc/IOMappingFiles//1702.1/Login/Login.xml
    ERROR Feb 20 08:20:15 [5390]: Flag setting for this opcode is 18.
    INFO Feb 20 08:20:16 [5390]: Opcode response: status:200
    INFO Feb 20 08:20:16 [5390]: Authentication Successful
    INFO Feb 20 08:20:16 [5390]: Start Set Handler,Component : VPNIPSecConnection
    ERROR Feb 20 08:20:16 [5390]: Key:ISCrEntity is not found in RequestMap File for VPNIPSecConnection.
    WARNING Feb 20 08:20:16 [5390]: Transaction id is missing of for the component : <VPNIPSecConnection>.
    WARNING Feb 20 08:20:16 [5390]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
    ERROR Feb 20 08:20:16 [5390]: type != const in logicaloperator.So string comparision is done.
    ERROR Feb 20 08:20:16 [5390]: type != const in logicaloperator.So string comparision is done.
    ERROR Feb 20 08:20:16 [5390]: type != const in logicaloperator.So string comparision is done.
    ERROR Feb 20 08:20:16 [5390]: type != const in logicaloperator.So string comparision is done.
    ERROR Feb 20 08:20:16 [5390]: Flag setting for this opcode is 16.
    INFO Feb 20 08:20:18 [5390]: Opcode response: status:500
    WARNING Feb 20 08:20:18 [5390]: Opcode failed with 'Add' operation. So call opcode with 'Update'.
    ERROR Feb 20 08:20:18 [5390]: type != const in logicaloperator.So string comparision is done.
    ERROR Feb 20 08:20:18 [5390]: type != const in logicaloperator.So string comparision is done.
    ERROR Feb 20 08:20:18 [5390]: type != const in logicaloperator.So string comparision is done.
    ERROR Feb 20 08:20:18 [5390]: type != const in logicaloperator.So string comparision is done.
    ERROR Feb 20 08:20:18 [5390]: Flag setting for this opcode is 16.
    INFO Feb 20 08:20:22 [5390]: Opcode response: status:200
    INFO Feb 20 08:20:22 [5390]: End SET Handler, Status : Success, Component : VPNIPSecConnection, Transaction : NONE, Operation : NONE.
    MESSAGE Feb 20 08:20:22 [5390]: ENTITY 'VPNIPSecConnection' IMPORT Success
    INFO Feb 20 08:20:22 [5390]: Command:/scripts/apiparser_generate_tar.sh /sdisk/api-1582215615103052.txt /sdisk/API-1582215615103052 /sdisk/APIXMLOutput/1582215614499.xml /sdisk/API-1582215615103052.tar /sdisk/API-1582215615103052.log 0 status:3
    INFO Feb 20 08:20:22 [5390]: No need to create Tar file. Response file is /sdisk/APIXMLOutput/1582215614499.xml

  • In reply to LuCar Toni:

    basically i'm just using Invoke-webrequest -uri $URI -Method Post -Body "reqxml=$body1". the configuration is like below:

     

    <Request>
    <Login>
    <Username>SOMEUSER</Username>
    <Password passwordform="encrypt">PASSWORD</Password>
    </Login>
    <Set>
    <VPNIPSecConnection>
    <Configuration>
    <Name>REDACTED</Name>
    <Description>REDACTED</Description>
    <ConnectionType>SiteToSite</ConnectionType>
    <Policy>IKEv2</Policy>
    <ActionOnVPNRestart>Initiate</ActionOnVPNRestart>
    <AuthenticationType>RSAKey</AuthenticationType>
    <SubnetFamily>IPv4</SubnetFamily>
    <EndpointFamily>IPv4</EndpointFamily>
    <AliasLocalWANPort>REDACTED</AliasLocalWANPort>
    <RemoteHost>REDACTED</RemoteHost>
    <NATedLAN/>
    <LocalIDType/>
    <LocalID/>
    <RemoteNetwork>
    <Network>REDACTED</Network>
    </RemoteNetwork>
    <RemoteIDType/>
    <RemoteID/>
    <UserAuthenticationMode>REDACTED</UserAuthenticationMode>
    <AllowedUser>
    <User/>
    </AllowedUser>
    <Protocol>ALL</Protocol>
    <LocalPort/>
    <RemotePort/>
    <LocalWANPort>REDACTED</LocalWANPort>
    <DisconnectOnIdleInterval/>
    <Status>16</Status>
    <RemoteRSAKey>RSAKEY+WITH+PLUS+</RemoteRSAKey>
    <Username/>
    <Password/>
    <LocalSubnet>NETWORK</LocalSubnet>
    </Configuration>
    </VPNIPSecConnection>
     
    </Set>
    </Request>
  • In reply to LuCar Toni:

    Also I did a fiddler and the message is intact when it is being sent. In the APIXMLInput log the + symbols have been replaced with whitespaces.

  • Anyone got any ideas? I'm out of them at this point :/