5193 questions

6344 answers

10170 comments

6279 members

0 votes
108 views 6 comments
by
Is there any possibility to excute CLI commands using the RMS API?

We can gererate a CLI link from here:

https://developers.rms.teltonika-networks.com/pages/api.html#/device%20access/connectCli

It is possible to use this link to establish a "normal" ssh connection from remote? If so which connection parameters should be used?

1 Answer

0 votes
by
Hi,

Unfortunately no, generated links must be accessed from the browser. And now there's no way to execute CLI commands through API.

EB.
by
Any recommendations on how to onboard new devices using scripting? How to setup remote VPN without using the webui?

Devices are visible in RMS but we are still stuck at manually clicking through the web ui to setup vpn connection. Thereafter the rest of the setup process is automated.

Any suggestions?
by

My recommendation would be to set up a VPN by hand on WebUI first and then using the main configs of it. Once you have a config that you need - use it on another device, import it and restart the service,  config should initiate other configurations that are needed.

Another to do this would be through UCI commands, UCI command usage - Wiki Knowledge Base | Teltonika Networks

This way you can change multiple settings at once. If you know what to change - it's easy.

I can't really help you with scripting, but the commands you use in CLI should totally work in your scripts.

EB

by

We are getting somewhere closer. Is it possible to:

  1. Download a backup configuration from System - Administration - Backup
  2. Change content (eg. replace VPN certificates, change som device specific parameters)
  3. Upload the changed file to another device
If so I think we can solve most of our onboarding problems that way. Except from:
  • Changing the initial administrator password. Is this possible from the RMS?
  • Install the WireGuard package from System - Package Manager?
It is probably possible to install the WireGuard package from an USB stick? Where is the original ipk file located? 
by
1. Depends on the device. In most cases you should find the download in System > Administration > Backup. Please note that backup can be imported onto devices that only have the same model and firmware installed as the one where backup was downloaded from.

2. These can be changed from configuration folders or uci commands. You would only need to import sertificates and then define the path to them.

3. WinSCP software can connect through SCP protocol to router and you can easily import any files in there.

Changing the initial administrator password would still need for device to be connected to RMS first. When you see it within device list, just select the device, go to Actions and then select Password Management.

Wireguard has been temporarily removed for RUTX and TRB devices. Any other devices should still be able to download it from the package manager.

I wouldn't recommend installing wireguard from an unknown source as it may not work correctly.

EB.
by

We have successfully managed to automate the configuration process by:

  1. Configure one device
  2. Download the backup file
  3. Extract the backup in a linux environment (otherwise content will be garbled and symbolic links won't work)
  4. Replace certfificates and apply configuration changes using shell command
  5. Tar and compress
  6. Take another device, login to the webui, change password, update firmware
  7. Upload the config file to another device with the same firmware version
This works quite well and this is probably as far as we can get in terms of automated deployment with this device.
To avoid manual package installation we skipped wireguard and reverted back to openvpn. As far as we could see in our experiments the actual wireguard package is not part of the dowloaded configuration tarball? And if a config tarball is transferred from a unit with the wireguard package to a unit without the package there will be no wireguard connection?
Using scp for remote scripting is ok but this requires ip reachability which is not established until after VPN installation.
by
Glad you managed to automate it your way. Indeed, WireGuard is a separate package that must be downloaded every time and can't be transferred and installed by exporting and importing the backup. You will need to export its configs separately and then only when WireGuard manually installed - import configs and restart the service.

Yes, any kind of direct IP communication (tunneled or not) must be established before you can do any scripting on files. Unfortunately, there is no way around it. Only somehow through RMS access and then edit files in its graphical interface. Or VPN.

EB.