-
I'm having issues with NUT shutting down the pfSense, but it is NOT shutting down the UPS after the pfSesnse shuts down.
I am using a CyberPower UPS, with all default settings of the NUT package in pfSense. I am using the driver of 'usbhid-ups'. It is able to monitor the UPS without any issue.
From an ssh console of pfSense, if i issue 'upsdrvctl shutdown' it will shut down the UPS, so at least I know the driver works properly. But how do I get it so that it will shutdown the pfSense physical server, and then shutdown the UPS immediately after? It seems like it should just "work" based on what I've read about NUT, but perhaps I am missing a setting.
The reason I need it to behave this way is that if the UPS battery is good for 30 minutes, pfSense shuts down after 20 minutes. Then there is 10 minutes battery remaining - and if power resumes before the UPS is fully depleted, there is no way for the pfSense server to know that power was restored, and it will stay in an off situation, requiring human intervention.
Thanks!
-
bdf0506, can you please confirm that you haven't modified any of the system or nut scripts by hand? I will have a look at this, but it will be about a week before I can.
-
Thanks for the reply. I've added a LISTEN section into upsd.conf for another device to query NUT, but that is all. Everything else should be the default.
I'm not convinced this is an issue with the pfsense port of NUT, but perhaps its a NUT configuration setting all together that I am missing. I have noticed that some of the files - especially upsmon.conf are missing a lot of values vs the sample file, but maybe some of those fields are just the default fields.
Here's the config files that I have:
[2.3.4-RELEASE][root@pfSense.home]/root: cat /usr/local/etc/nut/ups.conf [ups] driver=usbhid-ups port=auto[2.3.4-RELEASE][root@pfSense.home]/root: cat /usr/local/etc/nut/upsd.conf LISTEN 127.0.0.1 LISTEN ::1 LISTEN 192.168.10.1 3493[2.3.4-RELEASE][root@pfSense.home]/root: cat /usr/local/etc/nut/upsmon.conf MONITOR ups 1 monuser 615fdd64b1d37893a33d master SHUTDOWNCMD "/sbin/shutdown -p +0" POWERDOWNFLAG /etc/killpower NOTIFYCMD /usr/local/pkg/nut/nut_email.php NOTIFYFLAG ONLINE SYSLOG+WALL+EXEC NOTIFYFLAG ONBATT SYSLOG+WALL+EXEC NOTIFYFLAG LOWBATT SYSLOG+WALL+EXEC NOTIFYFLAG FSD SYSLOG+WALL+EXEC NOTIFYFLAG COMMOK SYSLOG+WALL+EXEC NOTIFYFLAG COMMBAD SYSLOG+WALL+EXEC NOTIFYFLAG SHUTDOWN SYSLOG+WALL+EXEC NOTIFYFLAG REPLBATT SYSLOG+WALL+EXEC NOTIFYFLAG NOCOMM SYSLOG+WALL+EXEC NOTIFYFLAG NOPARENT SYSLOG+WALL+EXEC[2.3.4-RELEASE][root@pfSense.home]/root: cat /usr/local/etc/nut/upsd.users [admin] password=ca21ff457d2db2f4d776 actions=set instcmds=all [monuser] password=615fdd64b1d37893a33d upsmon masterAnd here is an output of my actual ups device, showing that NUT is working and can connect to it.
[2.3.4-RELEASE][root@pfSense.home]/root: upsc ups@localhost battery.charge: 28 battery.charge.low: 10 battery.charge.warning: 20 battery.mfr.date: CPS battery.runtime: 714 battery.runtime.low: 300 battery.type: PbAcid battery.voltage: 12.9 battery.voltage.nominal: 12 device.mfr: CPS device.model: EC650LCD device.type: ups driver.name: usbhid-ups driver.parameter.pollfreq: 30 driver.parameter.pollinterval: 2 driver.parameter.port: auto driver.parameter.synchronous: no driver.version: 2.7.4 driver.version.data: CyberPower HID 0.4 driver.version.internal: 0.41 input.transfer.high: 142 input.transfer.low: 100 input.voltage: 123.0 input.voltage.nominal: 120 output.voltage: 123.0 ups.beeper.status: enabled ups.delay.shutdown: 20 ups.delay.start: 30 ups.load: 16 ups.mfr: CPS ups.model: EC650LCD ups.productid: 0501 ups.realpower.nominal: 390 ups.status: OL CHRG ups.test.result: No test initiated ups.timer.shutdown: -60 ups.timer.start: 0 ups.vendorid: 0764[2.3.4-RELEASE][root@pfSense.home]/root: upsdrvctl -t shutdown Network UPS Tools - UPS driver controller 2.7.4 *** Testing mode: not calling exec/kill 0.000000 If you're not a NUT core developer, chances are that you're told to enable debugging to see why a driver isn't working for you. We're sorry for the confusion, but this is the 'upsdrvctl' wrapper, not the driver you're interested in. Below you'll find one or more lines starting with 'exec:' followed by an absolute path to the driver binary and some command line option. This is what the driver starts and you need to copy and paste that line and append the debug flags to that line (less the 'exec:' prefix). 0.000219 Shutdown UPS: ups 0.000240 exec: /usr/local/libexec/nut/usbhid-ups -a ups -k -
In package manager, I can see nut is installed, but there is an orange warning "Newer version available", followed by a "Package is configured but not (fully) installed". No update button exists. See attached screenshot.
Something I must do here?
-
There is nothing you need to do. What you are seeing below the blue line is actually the legend for the entire package list. I.E. what the icons and colors mean. If you only have one package installed, it can be visually confusing.
-
Thanks for the clarification!
-
Hello :)
I enabled email notifications, and now I am being flooded by these kinds of messages:
Wed, 14 Jun 2017 19:25:41 +0200 Communications with UPS ups@192.168.2.21 lost Wed, 14 Jun 2017 19:25:46 +0200 Communications with UPS ups@192.168.2.21 established
Wed, 14 Jun 2017 22:49:25 +0200 Communications with UPS ups@192.168.2.21 lost
Wed, 14 Jun 2017 22:49:30 +0200 Communications with UPS ups@192.168.2.21 established
And there's loads of them, as the attached screenshot shows.
Meanwhile, in system logs I see this:Jun 15 17:14:01 php-cgi nut_email.php: Message sent to [SCRUBBED]OK
Jun 15 17:14:00 upsmon 40316 Communications with UPS ups@192.168.300.117 established
Jun 15 17:13:56 php-cgi nut_email.php: Message sent to [SCRUBBED]OK
Jun 15 17:13:55 upsmon 40316 Communications with UPS ups@192.168.300.117 lost
Jun 15 17:13:55 upsmon 40316 Poll UPS [[email]ups@192.168.300.117] failed - Write error: Permission denied
Jun 15 17:12:35 php-cgi nut_email.php: Could not send the message to [SCRUBBED]– Error: it was not possible to read line from the SMTP server: data access time out
Jun 15 17:11:40 php-cgi nut_email.php: Message sent to [SCRUBBED]OK
Jun 15 17:11:40 upsmon 40316 Communications with UPS ups@192.168.300.117 established
Jun 15 17:11:35 upsmon 40316 Communications with UPS ups@192.168.300.117 lost
Jun 15 17:11:35 upsmon 40316 Poll UPS [[email]ups@192.168.300.117] failed - Write error: Permission deniedNut is acting as a client ("Remote NUT server") to a Synology (the ..300.117) that acts as a NUT-server in the network segment, and which is connected (via USB) to an APC UPS. So, since it is acting as a client, there isn't anything much to configure in the pfSense package.
Would anybody know how I can fix this problem?
Thank you in advance,
Bye,Nut is acting as a client ("Remote NUT server") to a Synology (the ..300.117) that acts as a NUT-server in the network segment, and which is connected (via USB) to an APC UPS. So, since it is acting as a client, there isn't anything much to configure in the pfSense package.
Would anybody know how I can fix this problem?
Thank you in advance,
Bye,
-
What are you seeing on the Synology?
-
With the help off this forum, the Syno forum and the NUT man pages, I hooked up my APC UPS USB to pfSense, pfSense is the "NUT server".
My Syno is the client off pfSense-NUT.
Works great for me.Btw : it seems to me that you have network errors. And "NUT" complains about it.
Your mail server isn't playing it softly neither ….
-
What are you seeing on the Synology?
Thank you Denny :P
Syno says nothing, other machines that are clients to Syno UPS-server also don't log anything.
Latest power outage (going on the UPS) was June 9 (per attached pic).
Thank you :D
-
With the help off this forum, the Syno forum and the NUT man pages, I hooked up my APC UPS USB to pfSense, pfSense is the "NUT server".
My Syno is the client off pfSense-NUT.
Works great for me.I've had it the other way around for the past 6 years, which worked fine. That is: I don't recall ever enabling email notifications (which is not to say I haven't done that. Simply don't recall it), which therefor never bugged me before either because the problem never existed in the past - or always existed but was never emailed to me.
Btw : it seems to me that you have network errors. And "NUT" complains about it.
How do you see that I have network problems if I could ask? Would you happen to know what kind of network problems?
Because I don't experience any network problems at all :-[
-
The NUT connection problem, and the SMTP problem are both suggestive of TCP connections being forcibly closed or timing out.
Questions:
Is the Synology that is hosting NUT also hosting your SMTP?
Is the Synology accessed via the LAN interface on pfSense?
Do you have anything set up on pfSense to kill states?
Do you have the firewall enabled on the Synology?
What is between pfSense and the Synology? A switch? Another firewall?@Mr.:
How do you see that I have network problems if I could ask? Would you happen to know what kind of network problems?
-
The NUT connection problem, and the SMTP problem are both suggestive of TCP connections being forcibly closed or timing out.
Questions:
1. Is the Synology that is hosting NUT also hosting your SMTP?
2. Is the Synology accessed via the LAN interface on pfSense?
3. Do you have anything set up on pfSense to kill states?
4. Do you have the firewall enabled on the Synology?
5. What is between pfSense and the Synology? A switch? Another firewall?@Mr.:
How do you see that I have network problems if I could ask? Would you happen to know what kind of network problems?
Thank you Denny :)
1. Yes.
2. Yes, both in the same LAN.
3. No.
4. No.
5. HP Procurve 1910 switch. -
@Mr.:
How do you see that I have network problems if I could ask? Would you happen to know what kind of network problems?
Because I don't experience any network problems at all :-[
[/quote]
upsmon says you so :
@Mr.:…..
Jun 15 17:11:35 upsmon 40316 Communications with UPS ups@192.168.300.117 lost
….
5 seconds later :
Jun 15 17:11:40 upsmon 40316 Communications with UPS ups@192.168.300.117 established
…..These log lines are from upsmon running on pfSense.
"ups@192.168.300.117" is the identity of the server, running on your diskstation (IP 192.168.300.117). This connection (some TCP link or whatever) fails and is reconstructed 5 seconds later.
At least, that's what I make on it.edit : ah ….
Wait a minute.
your smtp server is running on your diskstation. Using other words : your smtp sever is running on your LAN.
Are these :
..... ups@192.168.300.117 …...
log lines that indicate "smtp handshake" errors ? (being pfSense as a mail client and the app running on the diskstation as the mail server) ?One big advise : DO NOT, NEVER EVER run a smtp server on a LAN. Live is just to short. I know, a Synology can do many things, but don't make it think it is a (relaying) smtp server. Mail server settings are ..... huge. Far more easy will be : use the mail server of your ISP - or, why not, our your own mail server on a host on the net (your dedicated or VPS server somewhere on the net).
Client to server smtp communication is easy to debug, pfSense is just a pile of PHP script lines when it concerns the smtp transaction so you can find out easily what's up. But then your smtp mail server has to deliver the mail, so it reached out from your LAN to, for example, mail.gmail.com (GMail's mail server) and in that case your "DNS reverse" has to be ok, SPF should be fine, DKIM should be rock solid, and recently you better have your DMARC set correctly.
When I have some time I'll try to activate the "smtp server app" in my diskstation to I can see what you saw ... -
Something is interfering with TCP connections between your pfSense instance and the Synology on the LAN. Usually this would be a firewall, but that doesn't seem the case here based on your answers. Best thing I can suggest is to run tcpdump on both, and see if you can at least identify the direction packets are being lost in.
With regard to running an SMTP server in the LAN, I don't see an issue with this. You certainly don't want the SMTP server in the LAN exposed (tunneled) to the internet, but when used in conjunction with a an external server which handles the internet connections it is quite safe. I would consider it as a very common architecture.
I myself use a Synology as the internal IMAP/SMTP server, with Postfix in the DMZ as the external server.
-
bdf0506, can you please confirm that you haven't modified any of the system or nut scripts by hand? I will have a look at this, but it will be about a week before I can.
Any chance you've had a chance to look at this? Config files were provided in a previous post. Thanks!
-
I have. The power kill logic is gone from the base os level. Still searching to find out when and why.
-
I have. The power kill logic is gone from the base os level. Still searching to find out when and why.
Ah, interesting. Sounds like it isn't an issue with my specific setup and it is a bug affecting anyone trying to use that functionality in the NUT package. Looking forward to seeing a fix for this whenever one can be found.
-
Sounds like it isn't an issue with my specific setup and it is a bug affecting anyone trying to use that functionality in the NUT package.
Correct.
-
Gertjan, Are you using link aggregation on pfSense or bonding on the Synology?
Something is interfering with TCP connections between your pfSense instance and the Synology on the LAN.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.