Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure

    Scheduled Pinned Locked Moved General pfSense Questions
    29 Posts 4 Posters 4.7k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S Offline
      stephenw10 Netgate Administrator
      last edited by

      What UPS are you using? Is it supported by apcupsd or nut?

      If it is then just use that in pfSense and have other devices trigger from it.

      The SG-1000 is very RAM limited but it is possible to run it with RAM disks in some setups with care. In that situation just losing power is very unlikely to be a problem. I've yet to see a filesystem corruption issue when ram disks were in use. Though it is still possible.

      Steve

      Michel-angeloM 1 Reply Last reply Reply Quote 0
      • Michel-angeloM Offline
        Michel-angelo @stephenw10
        last edited by

        @stephenw10 I just installed the Eaton UPS 35850F 850 kVA (Amazon.fr reference: https://www.amazon.fr/gp/product/B082TGMZGP/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1)

        I believe it is compatible (with apcupsd and nut) but cannot prove it so far. Will look int that upon my return at home.

        "use that in pfSense"

        To feed the pfSense firewall, do I plug the USB data cable from the UPS into the USB port (console port ?) of the SG-1000 ? To use if in pfSense, will I then assume that the appropriate software is already usable part of the installed pfSense software or, alternatively, should I install the apsupsd or nut software in the SG-1000 ? How is that done ?

        "have other devices trigger from it"

        How is such triggering done ?

        ALTERNATIVE WAY: CAN I TRIGGER FROM MY HOME AUTOMATION ON INSTRUCTIONS FROM A RASPBERRY P ?

        So far, I am still planning to install a raspberry pi, plug it to the UPS and feed with it the appropriate module on my home automation signal to get all relevant data and action points readily accessible.

        If I can indeed issue at the appropriate time from the iMac a shell script triggering the "halt system" command of the SG-1000 web interface, I would be done.

        Can the "Halt System" command in the SG-1000's web interface be triggered by a shell script ?

        Many thanks in advance.

        JKnottJ GertjanG 2 Replies Last reply Reply Quote 0
        • JKnottJ Online
          JKnott @Michel-angelo
          last edited by

          @michel-angelo

          Ummm... I believe that's 850 VA. When I read 850 KVA I thought you had a huge UPS that you'd find in a data centre. Also, apcupsd is for APC UPS. I don't know that it will work with other makes. It might though. I run it as I have 2 APC UPS here.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @Michel-angelo
            last edited by

            @michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

            Can the "Halt System" command in the SG-1000's web interface be triggered by a shell script ?

            Humm. To much questions that are already answered 'years ago'.

            If you know how a UPS works for a PC or MAC, you know how it works for pfSense, a device very comparable with a PC.

            It can be as easy as this :

            Chose an UPS that fits your needs. This means understanding and knowing answers to question like : how long, how often, what number of Watts and/or VA. How is it links to the device that it should protect. Does the OS of the device support that type and brand of UPS.

            You'll discover that a typical SoHo UPS uses a serial cable, and most often it's a USB type cable.

            This means : a typical sub 300 $ UPS protects 'one device'.
            That is, it can signal the state of the UPS to one device, typically your PC.
            Or, pfSense. See the NUT or apcupsd package. I use myself the "NUT" package, coupled with to a "APC Back-UPS XS 700U". This is a bit over kill for a pfSense device (an old desktop PC), but t also protects a couple of switches my ISP router and a bunch of access points.

            Thi UPS also protects my NAS, a Synology device.
            The NAS uses internally the same 'open source' software as the NUT pfSense package.
            I was able to inform my NAS that I had a "UPS-server" - the NUT pfSEnse package cn be set up like that - so that my NAS gets the shut down events and other power evets from 'pfSEnse'.

            The info from my NAS :

            fd05f561-462f-4543-83c5-984dbc60d8e7-image.png

            This works perfect.
            Whehn the power goes down, pfSense is onformed, and shuts down after a coupleof minutes.
            My NAS is also informed, over the network, and goes to stand-by mode.

            It's also possible to hook your PC or Mac up to your UPS over the network to the pfSense UPS NUT server :
            https://networkupstools.org/download.html#_binary_packages

            This software proposed is old. But it works still today under Windows 10, for me at home.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            JKnottJ 1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Yup that^.

              Your Home Autamtion system almost certainly also support NUT and either can be the serber node with the client node being configured to pull data from that.
              Really it just depends which is more convenient to connect the UPS USB cable to. The SG-1000 has a USB OTG port you would need to use so it might be easier to have that as the client.

              Steve

              1 Reply Last reply Reply Quote 0
              • JKnottJ Online
                JKnott @Gertjan
                last edited by

                @gertjan said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

                This means : a typical sub 300 $ UPS protects 'one device'.

                I believe apcupsd can work with multiple devices on the same UPS. One device monitors the UPS and tells the others when to shut down. In businesses, it's common for one large UPS to power multiple devices.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                Michel-angeloM 1 Reply Last reply Reply Quote 0
                • Michel-angeloM Offline
                  Michel-angelo @JKnott
                  last edited by

                  @jknott

                  Thanks to all of you. I was not at home and am now back, late evening, just fit for bed. I apologise to forum members for wasting their time with already answered questions. Also I had not fully explored internet resources.

                  My UPS is a cheap 850 VA (not kVA) EATON UPS which is NUT-compatible. All devices are within easy access to the UPS' USB plug. My priorities are:

                  (1) to properly shut down the SG-1000 as it is the least hardened devices in my home set-up (so the SG-1000 would initially be the sole NUT client: the simplest set-up);

                  (2) Later, in addition, to issue an alarm via mail and/or SMS to help inform somebody at home or a neighbour nearby that power is down ar my home, in the kitchen (this is intended to preserve frozen food from decaying): this may be a task for home automation, maybe triggered by a Raspberry Pi configured either as master or as slave using NUT;

                  (3) properly shut-donw the iMac, used as a back-up server (slave under NUT).

                  (4) Nothing more.

                  So, tomorrow, one of my first orders of business will be to check how to install (preferably with a package ?) NUT for free-BSD 12.2 on the SG-1000 (using the console ?) and thereafter configure (if needed) the NUT software on the SG-1000 (if it does not "just work").

                  Thanks again to all of you. Bedtime for me.

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    There is a proper pfSense package for NUT. You can install and configure it in the GUI and it's config is retained in the main file etc.

                    Michel-angeloM 1 Reply Last reply Reply Quote 0
                    • Michel-angeloM Offline
                      Michel-angelo @stephenw10
                      last edited by

                      @stephenw10
                      Great ! Thanks @stephenw10. I have installed the package from the GUI. I doubt, I have not attempted to do any configuration. Maybe it just works. as it is I still need to connect the micro USB of the SG-1000 to the UPS USB: a plug similar to big hard drive's USB plugs.

                      Michel-angeloM 1 Reply Last reply Reply Quote 0
                      • Michel-angeloM Offline
                        Michel-angelo @Michel-angelo
                        last edited by

                        Corrrection ! I just checked: The NUT [and else] package is installed but not configured yet. So it is currently not enabled yet. Configuration is also in the GUI. I will configure it in its simplest configuration (USB) as soon as I will have installed the USB cable (with a micro-USB connexion on the SG-1000 side).

                        I have also noted that I will be able to notify status by email, which is what I needed to preserve my freezer whenever a power failure occur during vacation time. I won't need to install a raspberry-pi to feed my home automation simply to the purpose of notification.

                        My congratulations to the pfSense programmers forethought. Possibly all replies to my questions above ere answered by the package.

                        Michel-angeloM 1 Reply Last reply Reply Quote 1
                        • Michel-angeloM Offline
                          Michel-angelo @Michel-angelo
                          last edited by

                          @michel-angelo
                          The UPS is a Eaton 3S/ Verifications made:
                          NUT is compatible with Eaton (despite the fact Eaton no longer collaborates with NUT). s
                          SLLenection: Simple, via USB . I use the Eaton supplied USB cable, together with a Raspberry-pi connector micro-usb (male) to USB A (female).
                          In the SG-1000 Command reached through the Graphic interface,
                          Services / UPS type : Local USB
                          UPS Name: Eaton UPS
                          Driver: upsdhid.
                          After a long wait for the UPS daemon, the SG-1000 stops waiting and declares the UPS does not work.
                          Not found any configuration possibility for the EATON.
                          NO SUCCESS.

                          SO FAR, SUCCEEDED Ato set a direct connection via USB to an iIMac
                          FAILED a direct connection via USB to the SG-1000.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S Offline
                            stephenw10 Netgate Administrator
                            last edited by

                            Do you see the new device logged in the system log when you connect the USB cable?

                            What does it appear as if you run: usbconfig dump_device_desc ?

                            Steve

                            GertjanG 1 Reply Last reply Reply Quote 0
                            • GertjanG Offline
                              Gertjan @stephenw10
                              last edited by Gertjan

                              ... and use the obtained info here to get more details : https://networkupstools.org/stable-hcl.html

                              No "help me" PM's please. Use the forum, the community will thank you.
                              Edit : and where are the logs ??

                              Michel-angeloM 1 Reply Last reply Reply Quote 0
                              • Michel-angeloM Offline
                                Michel-angelo @Gertjan
                                last edited by

                                @gertjan
                                Thanks, stephenw10 and Gertjan

                                I am deeply confused. Indeed I had a doubt that the USB connection, using the Raspberry-pi USB A female to micro USB could be defective. I did not know how to check but believed the connection was OK. It was not.

                                The log, which I had not checked, reported "26341 Poll UPS [Eaton] failed - Driver not connected"

                                I had already looked at https://networkupstools.org/stable-hcl.html, which selected for my Eaton 3S the default driver of the pfSense package. The configuration instructions were already correct

                                So the sole thing missing was an effective USB connection between the Eaton UPS and the microfirewall. I will get a better quality connector within a couple of days but, this morning, after making absolutely sure that the micro-USB connected effectively to the SG-1000. it all worked by magic and the Services > UPS Status Details reported as expected. I will test it right away, but I am certain it will work.

                                I can also report on the attempt I made yesterday with direct USB Connection to the iMac, which simply worked without any need for software installation.

                                I must now find the way to (1) get the SG-1000 to relay the instruction to shut down to the iMac and (2) get the iMac to accept this instruction and effectively shut down.

                                Many thanks for the correct pointers.

                                GertjanG 1 Reply Last reply Reply Quote 0
                                • GertjanG Offline
                                  Gertjan @Michel-angelo
                                  last edited by

                                  @michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

                                  I must now find the way to (1) get the SG-1000 to relay the instruction to shut down

                                  "NUT" is more then just 'ahev a chat with the locally connected USB-UPS and do something when it says the power switched to battery". Its far more capable.then that.

                                  With this :

                                  977572c0-cadf-44e0-86fe-fbbe6d3bae16-image.png

                                  These settings expose my pfSense LAN IP as a NUT (upsmon) server.
                                  As I showed earlier, my Synology NAS can now connect to pfSense for UPS info, with out an UPS connected directly to the NAS.

                                  No "help me" PM's please. Use the forum, the community will thank you.
                                  Edit : and where are the logs ??

                                  Michel-angeloM 1 Reply Last reply Reply Quote 0
                                  • Michel-angeloM Offline
                                    Michel-angelo @Gertjan
                                    last edited by

                                    @gertjan
                                    Hello Gertjan, Steve and others, time for a pause.

                                    Indeed, I had a USB Connection between the UPS and the SG-1000, this connection is now gone again, I have not succeeded to restore it. I definitely believe the micro USB connector provided by my Raspberry Pi in not the best I could use. So I will be waiting for the arrival of a new connector to resume on my tests.

                                    Steve, with the the defect I have in my USB connection, here is the result of the shell Script you suggested me [I ran it bravely on the pfSense SG-1000 trusting it would not damage anything].

                                    Shell Output - usbconfig dump_device_desc
                                    ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

                                    bLength = 0x0012
                                    bDescriptorType = 0x0001
                                    bcdUSB = 0x0200
                                    bDeviceClass = 0x0009 <HUB>
                                    bDeviceSubClass = 0x0000
                                    bDeviceProtocol = 0x0001
                                    bMaxPacketSize0 = 0x0040
                                    idVendor = 0x0000
                                    idProduct = 0x0000
                                    bcdDevice = 0x0100
                                    iManufacturer = 0x0001 <Mentor Graphics>
                                    iProduct = 0x0002 <OTG Root HUB>
                                    iSerialNumber = 0x0000 <no string>
                                    bNumConfigurations = 0x0001

                                    ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

                                    bLength = 0x0012
                                    bDescriptorType = 0x0001
                                    bcdUSB = 0x0200
                                    bDeviceClass = 0x0009 <HUB>
                                    bDeviceSubClass = 0x0000
                                    bDeviceProtocol = 0x0001
                                    bMaxPacketSize0 = 0x0040
                                    idVendor = 0x0000
                                    idProduct = 0x0000
                                    bcdDevice = 0x0100
                                    iManufacturer = 0x0001 <Mentor Graphics>
                                    iProduct = 0x0002 <OTG Root HUB>
                                    iSerialNumber = 0x0000 <no string>
                                    bNumConfigurations = 0x0001

                                    This is it, non more

                                    GertjanG 1 Reply Last reply Reply Quote 0
                                    • GertjanG Offline
                                      Gertjan @Michel-angelo
                                      last edited by

                                      @michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

                                      here is the result of the shell Script

                                      You can also look in the log.
                                      Look closely at this one : Status > System Logs > System > OS Boot
                                      I found my UPS :

                                      ugen0.3: <American Power Conversion Back-UPS XS 700U FW:924.Z5 .I USB FW:Z5> at usbus0
                                      

                                      No "help me" PM's please. Use the forum, the community will thank you.
                                      Edit : and where are the logs ??

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Yes, it must appear as a USB device in that list before NUT or any drover can use it.

                                        I assume you're using the USB OTG port? Can you see other devices connected there? A keyboard or flash drive maybe? If not it probably is the adapter you're using.

                                        Steve

                                        Michel-angeloM 1 Reply Last reply Reply Quote 0
                                        • Michel-angeloM Offline
                                          Michel-angelo @stephenw10
                                          last edited by

                                          @stephenw10

                                          Yes, Steve, I am looking at the USB OTG port, which is in the middle of the SG-1000. On its left, I see another port, certainly a micro USB as well, for the console. In it, I always leave plugged the USB to USB cable which came with the SG-1000, for the unlikely devent I would need to connect the device to a console. I fear losing the console cable and the connectors are so tiny I do not want to ruin then by plugging and unplugging them all the time. The USB is connected to the Eaton UPS.

                                          So, no devices, no keyboards nor what else is connected to the USB OTG port.

                                          The config of the UPS is

                                          UPS: Local USB

                                          UPS Name is EatonUPS

                                          Notifications is unchecked

                                          Driver is usbhid (default driver, recommended for Eaton 3S UPS)

                                          Extra (optional) is empty

                                          In USB Status, a red alert reads "The UPS requires attention"

                                          In UPS status,

                                          Name is EatonUPS@localhost

                                          Summary status is "falled to retrieve status"

                                          UPS detail is now empty (it has been full for a short while, which proves the config is correct but my defective cable ruins it all).

                                          Running again usbconfig dump_device_desc

                                          Shell Output - usbconfig dump_device_desc
                                          ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

                                          bLength = 0x0012
                                          bDescriptorType = 0x0001
                                          bcdUSB = 0x0200
                                          bDeviceClass = 0x0009 <HUB>
                                          bDeviceSubClass = 0x0000
                                          bDeviceProtocol = 0x0001
                                          bMaxPacketSize0 = 0x0040
                                          idVendor = 0x0000
                                          idProduct = 0x0000
                                          bcdDevice = 0x0100
                                          iManufacturer = 0x0001 <Mentor Graphics>
                                          iProduct = 0x0002 <OTG Root HUB>
                                          iSerialNumber = 0x0000 <no string>
                                          bNumConfigurations = 0x0001

                                          ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

                                          bLength = 0x0012
                                          bDescriptorType = 0x0001
                                          bcdUSB = 0x0200
                                          bDeviceClass = 0x0009 <HUB>
                                          bDeviceSubClass = 0x0000
                                          bDeviceProtocol = 0x0001
                                          bMaxPacketSize0 = 0x0040
                                          idVendor = 0x0000
                                          idProduct = 0x0000
                                          bcdDevice = 0x0100
                                          iManufacturer = 0x0001 <Mentor Graphics>
                                          iProduct = 0x0002 <OTG Root HUB>
                                          iSerialNumber = 0x0000 <no string>
                                          bNumConfigurations = 0x0001

                                          Running again usbconfig dump_device_desc

                                          After removing the cables gives the same output

                                          Shell Output - usbconfig dump_device_desc
                                          ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

                                          bLength = 0x0012
                                          bDescriptorType = 0x0001
                                          bcdUSB = 0x0200
                                          bDeviceClass = 0x0009 <HUB>
                                          bDeviceSubClass = 0x0000
                                          bDeviceProtocol = 0x0001
                                          bMaxPacketSize0 = 0x0040
                                          idVendor = 0x0000
                                          idProduct = 0x0000
                                          bcdDevice = 0x0100
                                          iManufacturer = 0x0001 <Mentor Graphics>
                                          iProduct = 0x0002 <OTG Root HUB>
                                          iSerialNumber = 0x0000 <no string>
                                          bNumConfigurations = 0x0001

                                          ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

                                          bLength = 0x0012
                                          bDescriptorType = 0x0001
                                          bcdUSB = 0x0200
                                          bDeviceClass = 0x0009 <HUB>
                                          bDeviceSubClass = 0x0000
                                          bDeviceProtocol = 0x0001
                                          bMaxPacketSize0 = 0x0040
                                          idVendor = 0x0000
                                          idProduct = 0x0000
                                          bcdDevice = 0x0100
                                          iManufacturer = 0x0001 <Mentor Graphics>
                                          iProduct = 0x0002 <OTG Root HUB>
                                          iSerialNumber = 0x0000 <no string>
                                          bNumConfigurations = 0x0001

                                          From now on and for as long as I have not changed my defective micro-USB male connector, to prevent possible damages, I will keep the UPS monitoring as disabled.

                                          Thanks for the attention.

                                          GertjanG 1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            Yes, seems like a bad OTG cable. You should see he UPS listed even if nothing can talk to it.

                                            I wouldn't worry too much about the connectors. I've plugged cables in the units have here hundreds of times (thousands maybe?) without issue. microUSB connectors are used in phones by millions and are really pretty reliable. Care should always be taken of course.

                                            Steve

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.