Hero Image

Adding Signal Notifications to OPNSENSE firewall

I was talking with a co-worker yesterday who challenged me to find a nice tool to tell you if some device has newly come up in your network. I found this opnarp. Its very nice, except that I wanted to send notifications via signal-cli this program (which is written in java, alas) makes it easy to send stdout from various daemons directly to your signal account. Keep in mind that in doing this, you do expose yourself to some risk , in that the program could download your messages. I am sure there is a better way to secure it (perhaps by using a second phone ONLY for these?). Just keep your boxes secure!. Here are some tips on getting it working:

  1. You will need to make a FREEBSD 13.1 virtual machine in your favourite vm runner (I use qemu)
  2. You will need add the openjdk-17 command
  3. Add GIT, rust, cmake, and protobuff. and LLVM stuff (make too).
  4. Follow directions for building the signal-cli jar
  5. Follow directions (mostly its a rust make and copy the .so libarry to the libsignal.jar) here
  6. Create a tarball of the source in the signal-cli (the jar stuff it will be in teh build directory)
  7. Install on your Opnsense Box
  8. opnsense box will need FREEBSD packages added in the repos
  9. install open java jre version 17
  10. Register your device (via qrencode & signal-cli).

I did try using the native binary, but it didn't work. They were using a WAY OLD (0.9x) which wouldn't work. Additionally the complexy way of using it so it stays 'resident' is to use dbus, but that goes beyond the perview of this blog article. You can now just add signal-cli to the nice openarp thing for notifications. TBD: Make opnarp populate vendor IDS for looked up items.