The OPNSense MCP Server is a powerful tool that enables managing OPNsense firewalls using Infrastructure as Code (IaC) capabilities through the Model Context Protocol (MCP). This server allows you to programmatically control firewall rules, network configurations, and more with clear declarative definitions.
Before installing the OPNSense MCP Server, ensure you have:
To install the OPNSense MCP Server:
# Clone the repository
git clone https://github.com/vespo92/OPNSenseMCP
cd opnsense-mcp
# Install dependencies
npm install
# Build the project
npm run build
# Copy and configure environment
cp .env.example .env
# Edit .env with your OPNsense credentials
The server can be configured using environment variables or manual configuration.
Create a .env
file in the project root:
# Required
OPNSENSE_HOST=https://192.168.1.1 # or just 192.168.1.1:55443
OPNSENSE_API_KEY=your_api_key
OPNSENSE_API_SECRET=your_api_secret
# Optional
IAC_ENABLED=true
ENABLE_CACHE=false
REDIS_HOST=localhost
POSTGRES_HOST=localhost
If environment variables don't work for you, use the configure
tool:
// Configure connection manually
await configure({
host: "https://192.168.1.1",
apiKey: "your_api_key",
apiSecret: "your_api_secret",
verifySsl: true
});
The server supports two transport modes:
For direct integration with Claude Desktop:
npm start # or npm run start:stdio
For HTTP-based integration with agents and containers:
npm run start:sse # Starts on port 3000
npm run start:sse -- --port 8080 # Custom port
SSE Endpoints:
GET /sse
- SSE connection endpointPOST /messages
- Message handlingGET /health
- Health checkStart the MCP server:
npm start
Add to your Claude Desktop configuration file (claude_desktop_config.json
):
{
"mcpServers": {
"opnsense": {
"command": "node",
"args": ["dist/index.js"],
"cwd": "/path/to/opnsense-mcp",
"env": {
"OPNSENSE_HOST": "https://192.168.1.1:55443",
"OPNSENSE_API_KEY": "your_api_key",
"OPNSENSE_API_SECRET": "your_api_secret",
"OPNSENSE_VERIFY_SSL": "true"
}
}
}
}
// Create a new VLAN for IoT devices
const vlan = {
type: "opnsense:network:vlan",
properties: {
interface: "igc3",
tag: 20,
description: "IoT Network - Isolated"
}
};
// Block all traffic from guest network to main LAN
const rule = {
type: "opnsense:firewall:rule",
properties: {
action: "block",
interface: "guest_vlan",
source: "guest_vlan_subnet",
destination: "lan_subnet",
description: "Block guest to LAN"
}
};
// Block social media sites
const blocklist = {
type: "opnsense:dns:blocklist",
properties: {
domains: ["facebook.com", "twitter.com", "tiktok.com"],
description: "Social media block",
enabled: true
}
};
// Deploy a complete guest network with isolation
const guestNetwork = {
name: "guest-network-setup",
resources: [
{
type: "opnsense:network:vlan",
id: "guest-vlan",
properties: {
interface: "igc3",
tag: 10,
description: "Guest WiFi Network"
}
},
{
type: "opnsense:firewall:rule",
id: "guest-internet",
properties: {
action: "pass",
interface: "guest_vlan",
source: "guest_vlan_subnet",
destination: "any",
description: "Allow guest internet"
}
},
{
type: "opnsense:firewall:rule",
id: "block-guest-lan",
properties: {
action: "block",
interface: "guest_vlan",
source: "guest_vlan_subnet",
destination: "lan_subnet",
description: "Isolate guest from LAN"
}
}
]
};
Once configured in Claude Desktop, you can ask Claude to:
Connection refused errors
Authentication failures
VLAN creation fails
Build errors
npm ci
for clean dependency installationTo add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "opnsense" '{"command":"node","args":["dist/index.js"],"cwd":"/path/to/opnsense-mcp"}'
See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json
file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json
file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json
file will be opened and you can add your server like this:
{
"mcpServers": {
"opnsense": {
"command": "node",
"args": [
"dist/index.js"
],
"cwd": "/path/to/opnsense-mcp"
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json
file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json
%APPDATA%\Claude\claude_desktop_config.json
~/.config/Claude/claude_desktop_config.json
2. Add this to your configuration file:
{
"mcpServers": {
"opnsense": {
"command": "node",
"args": [
"dist/index.js"
],
"cwd": "/path/to/opnsense-mcp"
}
}
}
3. Restart Claude Desktop for the changes to take effect