Skip to content

Agent Connector Install: Netgate SG-1100 pfSense

Agent Connector Install: Netgate SG-1100 pfSense

The Netgate SG-1100 pfSense is a small-form factor router. it is a good vantage point to run the Agilicus Agent Connector. NOTE: this is an ARM-based device, not X86.

The below instructions were tested on a Netgate SG-110 with v22.01, specifically:

# cat /etc/version
22.01-RELEASE

To install, first obtain the binary. You may do this on your workstation and then ‘scp’ the file to the router. Or, if you prefer, you may fetch it directly on the router:

curl https://www.agilicus.com/www/releases/secure-agent/stable/agilicus-agent-freebsd-arm > /tmp/agilicus-agent-freebsd-arm
chmod a+rx /tmp/agilicus-agent-freebsd-arm

Once the Agilicus Agent Connector is available, you will install it. This creates a service account (derived from your administrative privileges). A sample command line is offered in the Agilicus admin porttal, which may be pasted into the ssh shell.

Once you run this command, you will see output as below. Select the URL you are given, open it in your browser, and you will see a code. Paste this back into the ssh shell after it says ‘Enter verification code’.

You are now complete. The Agilicus Agent Connector can now be configured from the Admin portal (https://admin.YOURDOMAIN) as on all other platforms.

The Agilicus Agent Connector will self-update over time, no intervention is required.

We may check the status once installed as below.

Logs (if any) are generated to /var/log/agilicus-agent.log (e.g. run ‘tail -F /var/log/agilicus-agent.log’)

# ps |grep agilicus
29415  2  S+   0:00.01 grep agi
69960  2  I    0:00.00 /bin/sh /etc/rc.d/agilicus-agent start
70184  2  S    0:03.56 /usr/bin/agilicus-agent client --cfg-file /etc/agilicus/agent/agent.conf.enc.yaml (agilicus-agent-free)
# agilicus-agent version
Version: v0.105.3
Git Commit: 7dcef00647c5653d910f56a38e34b852af6ce373

Sample Install Log

The complete log of a sample install is below (in Sample Install log). Note that the agent-id has been replaced with XXXX, the url with auth.YOURDOMAIN.

# /tmp/agilicus-agent-freebsd-arm client --install --agent-id YOURID --oidc-issuer https://auth.YOURDOMAIN --noauth-local-webserver
INFO[2022-04-05T23:10:15.431032467Z] Starting client - version v0.105.3
INFO[2022-04-05T23:10:15.977436383Z] Logging in...
Please go to the following link in your browser to retrieve the authentication
code:
https://auth.YOURDOMAINauth?client_id=agilicus-builtin-agent-connector&code_challenge=XXXX&code_challenge_method=S256&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=openid+profile+email+offline_access+urn%3Aagilicus%3Aapi%3Aapplications%3Areader%3F+urn%3Aagilicus%3Aapi%3Aapplications%3Aowner%3F+urn%3Aagilicus%3Aapi%3Atraffic-tokens%3Aowner+urn%3Aagilicus%3Aapplication_service%3A%2A%3Aowner%3F&state=1649200216
Enter verification code: XXXX
INFO[2022-04-05T23:10:24.93024499Z] Check if the agilicus-agent is already running as a service. If so stop it
INFO[2022-04-05T23:10:24.940901365Z] Create a directory at /etc/agilicus/agent
INFO[2022-04-05T23:10:24.942069051Z] Download public key file to /etc/agilicus/agent/public_key.json
INFO[2022-04-05T23:10:25.460683624Z] Create file /usr/bin/agilicus-agent-wrapper.sh
INFO[2022-04-05T23:10:25.461087626Z] Create file /etc/rc.d/agilicus-agent
INFO[2022-04-05T23:10:25.466831495Z] Will install to /agilicus-agent-wrapper.sh -> {/usr/bin/agilicus-agent-wrapper.sh -rwxr-xr-x}
INFO[2022-04-05T23:10:25.468429104Z] Will install to /agilicus-agent-freebsd.rc -> {/etc/rc.d/agilicus-agent -r-xr-xr-x}
INFO[2022-04-05T23:10:25.469403829Z] Create a directory at /opt/agilicus/agent/tufmetadata/latest
INFO[2022-04-05T23:10:25.469526949Z] Create a directory at /opt/agilicus/agent/tufmetadata/stable
INFO[2022-04-05T23:10:25.470911276Z] Setup Agilicus secure store
INFO[2022-04-05T23:10:25.471139118Z] Create secure keyring for storing communication credentials in /etc/agilicus/agent
INFO[2022-04-05T23:10:28.893293667Z] Fetch agent configuration
INFO[2022-04-05T23:10:28.893440468Z] Write agent configuration file in /etc/agilicus/agent/agent.conf.enc.yaml
INFO[2022-04-05T23:10:29.418194592Z] Create a user and group named Agilicus to run the agilicus-agent service
INFO[2022-04-05T23:10:29.418339873Z] Copy executable to /opt/agilicus/agent
INFO[2022-04-05T23:10:29.418372833Z] Set permissions to Agilicus on /opt/agilicus/agent
INFO[2022-04-05T23:10:29.418432274Z] Create symlink from /usr/bin/agilicus-agent to /opt/agilicus/agent/agilicus-agent-freebsd-arm
INFO[2022-04-05T23:10:29.754108951Z] Start agilicus-agent service
INFO[2022-04-05T23:10:29.804187287Z] Installation Complete