Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure

JKnott

@michel-angelo

Why would you want to run it on the Mac, if the goal is to shut down the SG-1000? While it is possible to run UPS software over the network, it's generally run on the device you want to shut down. So, you'd run it on the SG-1000 to shut it down and likewise on the Mac. If you have an APC UPS, there isn't much to set up. It just works. I have no experience with nut.

BTW, running software over the network is generally done when you have more than one device powered by the UPS. One device can monitor it and tell the others when to shut down.

Michel-angelo

@jknott hello
Thanks. I begin to see the light. At my home, 4 items need to survive (for a short while) a power failure:
My ISP’s fiber modem-router. No need to be gentle with it it will survive quite anything;
My micro-firewall SG-1000. Double NAT. Does all the useful work on my network. I want to shut it down nicely;
A switch (nota bright one, just a dumb switch. No need to be gentle with it;
An iMac running my home automation and used as a back-up server. I want to shut it down gently if possible to preserve my back-ups.
I will be away from home for 3 days, will explore the possibility of installing UPS software on the SG-1000 and will report here.

The other possibility which I need to explore is to entrust the home automation with the task of triggering the shut down in sequence of (1) the computer. (2) the Sg-1000 and (3) all others

Thanks, again, for your clear advice.

stephenw10

What UPS are you using? Is it supported by apcupsd or nut?

If it is then just use that in pfSense and have other devices trigger from it.

The SG-1000 is very RAM limited but it is possible to run it with RAM disks in some setups with care. In that situation just losing power is very unlikely to be a problem. I've yet to see a filesystem corruption issue when ram disks were in use. Though it is still possible.

Steve

Michel-angelo

@stephenw10 I just installed the Eaton UPS 35850F 850 kVA (Amazon.fr reference: https://www.amazon.fr/gp/product/B082TGMZGP/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1)

I believe it is compatible (with apcupsd and nut) but cannot prove it so far. Will look int that upon my return at home.

"use that in pfSense"

To feed the pfSense firewall, do I plug the USB data cable from the UPS into the USB port (console port ?) of the SG-1000 ? To use if in pfSense, will I then assume that the appropriate software is already usable part of the installed pfSense software or, alternatively, should I install the apsupsd or nut software in the SG-1000 ? How is that done ?

"have other devices trigger from it"

How is such triggering done ?

ALTERNATIVE WAY: CAN I TRIGGER FROM MY HOME AUTOMATION ON INSTRUCTIONS FROM A RASPBERRY P ?

So far, I am still planning to install a raspberry pi, plug it to the UPS and feed with it the appropriate module on my home automation signal to get all relevant data and action points readily accessible.

If I can indeed issue at the appropriate time from the iMac a shell script triggering the "halt system" command of the SG-1000 web interface, I would be done.

Can the "Halt System" command in the SG-1000's web interface be triggered by a shell script ?

Many thanks in advance.

JKnott

@michel-angelo

Ummm... I believe that's 850 VA. When I read 850 KVA I thought you had a huge UPS that you'd find in a data centre. Also, apcupsd is for APC UPS. I don't know that it will work with other makes. It might though. I run it as I have 2 APC UPS here.

Gertjan

@michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

Can the "Halt System" command in the SG-1000's web interface be triggered by a shell script ?

Humm. To much questions that are already answered 'years ago'.

If you know how a UPS works for a PC or MAC, you know how it works for pfSense, a device very comparable with a PC.

It can be as easy as this :

Chose an UPS that fits your needs. This means understanding and knowing answers to question like : how long, how often, what number of Watts and/or VA. How is it links to the device that it should protect. Does the OS of the device support that type and brand of UPS.

You'll discover that a typical SoHo UPS uses a serial cable, and most often it's a USB type cable.

This means : a typical sub 300 $ UPS protects 'one device'.
That is, it can signal the state of the UPS to one device, typically your PC.
Or, pfSense. See the NUT or apcupsd package. I use myself the "NUT" package, coupled with to a "APC Back-UPS XS 700U". This is a bit over kill for a pfSense device (an old desktop PC), but t also protects a couple of switches my ISP router and a bunch of access points.

Thi UPS also protects my NAS, a Synology device.
The NAS uses internally the same 'open source' software as the NUT pfSense package.
I was able to inform my NAS that I had a "UPS-server" - the NUT pfSEnse package cn be set up like that - so that my NAS gets the shut down events and other power evets from 'pfSEnse'.

The info from my NAS :

This works perfect.
Whehn the power goes down, pfSense is onformed, and shuts down after a coupleof minutes.
My NAS is also informed, over the network, and goes to stand-by mode.

It's also possible to hook your PC or Mac up to your UPS over the network to the pfSense UPS NUT server :
https://networkupstools.org/download.html#_binary_packages

This software proposed is old. But it works still today under Windows 10, for me at home.

stephenw10

Yup that^.

Your Home Autamtion system almost certainly also support NUT and either can be the serber node with the client node being configured to pull data from that.
Really it just depends which is more convenient to connect the UPS USB cable to. The SG-1000 has a USB OTG port you would need to use so it might be easier to have that as the client.

Steve

JKnott

@gertjan said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

This means : a typical sub 300 $ UPS protects 'one device'.

I believe apcupsd can work with multiple devices on the same UPS. One device monitors the UPS and tells the others when to shut down. In businesses, it's common for one large UPS to power multiple devices.

Michel-angelo

@jknott

Thanks to all of you. I was not at home and am now back, late evening, just fit for bed. I apologise to forum members for wasting their time with already answered questions. Also I had not fully explored internet resources.

My UPS is a cheap 850 VA (not kVA) EATON UPS which is NUT-compatible. All devices are within easy access to the UPS' USB plug. My priorities are:

(1) to properly shut down the SG-1000 as it is the least hardened devices in my home set-up (so the SG-1000 would initially be the sole NUT client: the simplest set-up);

(2) Later, in addition, to issue an alarm via mail and/or SMS to help inform somebody at home or a neighbour nearby that power is down ar my home, in the kitchen (this is intended to preserve frozen food from decaying): this may be a task for home automation, maybe triggered by a Raspberry Pi configured either as master or as slave using NUT;

(3) properly shut-donw the iMac, used as a back-up server (slave under NUT).

(4) Nothing more.

So, tomorrow, one of my first orders of business will be to check how to install (preferably with a package ?) NUT for free-BSD 12.2 on the SG-1000 (using the console ?) and thereafter configure (if needed) the NUT software on the SG-1000 (if it does not "just work").

Thanks again to all of you. Bedtime for me.

stephenw10

There is a proper pfSense package for NUT. You can install and configure it in the GUI and it's config is retained in the main file etc.

Michel-angelo

@stephenw10
Great ! Thanks @stephenw10. I have installed the package from the GUI. I doubt, I have not attempted to do any configuration. Maybe it just works. as it is I still need to connect the micro USB of the SG-1000 to the UPS USB: a plug similar to big hard drive's USB plugs.

Michel-angelo

Corrrection ! I just checked: The NUT [and else] package is installed but not configured yet. So it is currently not enabled yet. Configuration is also in the GUI. I will configure it in its simplest configuration (USB) as soon as I will have installed the USB cable (with a micro-USB connexion on the SG-1000 side).

I have also noted that I will be able to notify status by email, which is what I needed to preserve my freezer whenever a power failure occur during vacation time. I won't need to install a raspberry-pi to feed my home automation simply to the purpose of notification.

My congratulations to the pfSense programmers forethought. Possibly all replies to my questions above ere answered by the package.

Michel-angelo

@michel-angelo
The UPS is a Eaton 3S/ Verifications made:
NUT is compatible with Eaton (despite the fact Eaton no longer collaborates with NUT). s
SLLenection: Simple, via USB . I use the Eaton supplied USB cable, together with a Raspberry-pi connector micro-usb (male) to USB A (female).
In the SG-1000 Command reached through the Graphic interface,
Services / UPS type : Local USB
UPS Name: Eaton UPS
Driver: upsdhid.
After a long wait for the UPS daemon, the SG-1000 stops waiting and declares the UPS does not work.
Not found any configuration possibility for the EATON.
NO SUCCESS.

SO FAR, SUCCEEDED Ato set a direct connection via USB to an iIMac
FAILED a direct connection via USB to the SG-1000.

stephenw10

Do you see the new device logged in the system log when you connect the USB cable?

What does it appear as if you run: usbconfig dump_device_desc ?

Steve

Gertjan

... and use the obtained info here to get more details : https://networkupstools.org/stable-hcl.html

Michel-angelo

@gertjan
Thanks, stephenw10 and Gertjan

I am deeply confused. Indeed I had a doubt that the USB connection, using the Raspberry-pi USB A female to micro USB could be defective. I did not know how to check but believed the connection was OK. It was not.

The log, which I had not checked, reported "26341 Poll UPS [Eaton] failed - Driver not connected"

I had already looked at https://networkupstools.org/stable-hcl.html, which selected for my Eaton 3S the default driver of the pfSense package. The configuration instructions were already correct

So the sole thing missing was an effective USB connection between the Eaton UPS and the microfirewall. I will get a better quality connector within a couple of days but, this morning, after making absolutely sure that the micro-USB connected effectively to the SG-1000. it all worked by magic and the Services > UPS Status Details reported as expected. I will test it right away, but I am certain it will work.

I can also report on the attempt I made yesterday with direct USB Connection to the iMac, which simply worked without any need for software installation.

I must now find the way to (1) get the SG-1000 to relay the instruction to shut down to the iMac and (2) get the iMac to accept this instruction and effectively shut down.

Many thanks for the correct pointers.

Gertjan

@michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

I must now find the way to (1) get the SG-1000 to relay the instruction to shut down

"NUT" is more then just 'ahev a chat with the locally connected USB-UPS and do something when it says the power switched to battery". Its far more capable.then that.

With this :

These settings expose my pfSense LAN IP as a NUT (upsmon) server.
As I showed earlier, my Synology NAS can now connect to pfSense for UPS info, with out an UPS connected directly to the NAS.

Michel-angelo

@gertjan
Hello Gertjan, Steve and others, time for a pause.

Indeed, I had a USB Connection between the UPS and the SG-1000, this connection is now gone again, I have not succeeded to restore it. I definitely believe the micro USB connector provided by my Raspberry Pi in not the best I could use. So I will be waiting for the arrival of a new connector to resume on my tests.

Steve, with the the defect I have in my USB connection, here is the result of the shell Script you suggested me [I ran it bravely on the pfSense SG-1000 trusting it would not damage anything].

Shell Output - usbconfig dump_device_desc
ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

This is it, non more

Gertjan

@michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

here is the result of the shell Script

You can also look in the log.
Look closely at this one : Status > System Logs > System > OS Boot
I found my UPS :

ugen0.3: <American Power Conversion Back-UPS XS 700U FW:924.Z5 .I USB FW:Z5> at usbus0

stephenw10

Yes, it must appear as a USB device in that list before NUT or any drover can use it.

I assume you're using the USB OTG port? Can you see other devices connected there? A keyboard or flash drive maybe? If not it probably is the adapter you're using.

Steve