Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure

    Scheduled Pinned Locked Moved General pfSense Questions
    29 Posts 4 Posters 4.7k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Michel-angeloM Offline
      Michel-angelo
      last edited by

      Hello, I just installed an UPS to protect my micro-firewall together with a mac computer running home automation software an and a data server.

      I need to shut down properly the SG-1000 on the suitable CSX alert from the UPS. The instruction would, I believe, need to be transmitted to the SG-1000 by a shell script initiated from xTension on the mac somewhere on the network (that would be a shell script embedded into by an AppleScript) or a shell script initiated bu a raspberry pi on one of it languages.

      Do the appropriate instructions exist for the SG-1000 ? If so where do I find them.

      Many thanks in advance.

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ Online
        JKnott @Michel-angelo
        last edited by

        @michel-angelo

        Have you installed the UPS software? You can choose from apcupsd, for APC UPS or nut for others.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        Michel-angeloM 1 Reply Last reply Reply Quote 0
        • Michel-angeloM Offline
          Michel-angelo @JKnott
          last edited by

          @jknott No, sorry, I had not. The mac does not appear to need it since it can be connected directly to the UPS via USB cable and hence obtain and share with xTension (the home automation software), if connected to the UPS, the relevant information ("AC power available", "Capacity in percent of the battery", "max capacity", "time to empty" in minutes, time to full" and "is charging"). My intent valid or not, is therefore simply to create events triggering the proper shut-down and the proper restart if the SG-1000 does not restart automatically when powered-on.

          I have now downloaded apcups and am not sure what I can or should do with it. It seems to me the mac has its own install of possibly the same piece of software in its power management system preference panel.

          Further, it also seems to me that the power management preference panel (the mac version of apcups ?) does not work properly: the mac would not restart upon return of power if it has been properly shut-down by the ups. Therefore I have been advised to refuse connecting the mac to the UPS by the USB data cable and let the mac shut down the hard way. Instead, A Raspberry pi would be connected to the UPS and hence collect, and deliver the above information.

          I realise the above is not clear, but it is the way it is to me.

          Thank you for the advice.

          JKnottJ 1 Reply Last reply Reply Quote 0
          • JKnottJ Online
            JKnott @Michel-angelo
            last edited by

            @michel-angelo

            Why would you want to run it on the Mac, if the goal is to shut down the SG-1000? While it is possible to run UPS software over the network, it's generally run on the device you want to shut down. So, you'd run it on the SG-1000 to shut it down and likewise on the Mac. If you have an APC UPS, there isn't much to set up. It just works. I have no experience with nut.

            BTW, running software over the network is generally done when you have more than one device powered by the UPS. One device can monitor it and tell the others when to shut down.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            Michel-angeloM 1 Reply Last reply Reply Quote 0
            • Michel-angeloM Offline
              Michel-angelo @JKnott
              last edited by

              @jknott hello
              Thanks. I begin to see the light. At my home, 4 items need to survive (for a short while) a power failure:
              My ISP’s fiber modem-router. No need to be gentle with it it will survive quite anything;
              My micro-firewall SG-1000. Double NAT. Does all the useful work on my network. I want to shut it down nicely;
              A switch (nota bright one, just a dumb switch. No need to be gentle with it;
              An iMac running my home automation and used as a back-up server. I want to shut it down gently if possible to preserve my back-ups.
              I will be away from home for 3 days, will explore the possibility of installing UPS software on the SG-1000 and will report here.

              The other possibility which I need to explore is to entrust the home automation with the task of triggering the shut down in sequence of (1) the computer. (2) the Sg-1000 and (3) all others

              Thanks, again, for your clear advice.

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                What UPS are you using? Is it supported by apcupsd or nut?

                If it is then just use that in pfSense and have other devices trigger from it.

                The SG-1000 is very RAM limited but it is possible to run it with RAM disks in some setups with care. In that situation just losing power is very unlikely to be a problem. I've yet to see a filesystem corruption issue when ram disks were in use. Though it is still possible.

                Steve

                Michel-angeloM 1 Reply Last reply Reply Quote 0
                • Michel-angeloM Offline
                  Michel-angelo @stephenw10
                  last edited by

                  @stephenw10 I just installed the Eaton UPS 35850F 850 kVA (Amazon.fr reference: https://www.amazon.fr/gp/product/B082TGMZGP/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1)

                  I believe it is compatible (with apcupsd and nut) but cannot prove it so far. Will look int that upon my return at home.

                  "use that in pfSense"

                  To feed the pfSense firewall, do I plug the USB data cable from the UPS into the USB port (console port ?) of the SG-1000 ? To use if in pfSense, will I then assume that the appropriate software is already usable part of the installed pfSense software or, alternatively, should I install the apsupsd or nut software in the SG-1000 ? How is that done ?

                  "have other devices trigger from it"

                  How is such triggering done ?

                  ALTERNATIVE WAY: CAN I TRIGGER FROM MY HOME AUTOMATION ON INSTRUCTIONS FROM A RASPBERRY P ?

                  So far, I am still planning to install a raspberry pi, plug it to the UPS and feed with it the appropriate module on my home automation signal to get all relevant data and action points readily accessible.

                  If I can indeed issue at the appropriate time from the iMac a shell script triggering the "halt system" command of the SG-1000 web interface, I would be done.

                  Can the "Halt System" command in the SG-1000's web interface be triggered by a shell script ?

                  Many thanks in advance.

                  JKnottJ GertjanG 2 Replies Last reply Reply Quote 0
                  • JKnottJ Online
                    JKnott @Michel-angelo
                    last edited by

                    @michel-angelo

                    Ummm... I believe that's 850 VA. When I read 850 KVA I thought you had a huge UPS that you'd find in a data centre. Also, apcupsd is for APC UPS. I don't know that it will work with other makes. It might though. I run it as I have 2 APC UPS here.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • GertjanG Offline
                      Gertjan @Michel-angelo
                      last edited by

                      @michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

                      Can the "Halt System" command in the SG-1000's web interface be triggered by a shell script ?

                      Humm. To much questions that are already answered 'years ago'.

                      If you know how a UPS works for a PC or MAC, you know how it works for pfSense, a device very comparable with a PC.

                      It can be as easy as this :

                      Chose an UPS that fits your needs. This means understanding and knowing answers to question like : how long, how often, what number of Watts and/or VA. How is it links to the device that it should protect. Does the OS of the device support that type and brand of UPS.

                      You'll discover that a typical SoHo UPS uses a serial cable, and most often it's a USB type cable.

                      This means : a typical sub 300 $ UPS protects 'one device'.
                      That is, it can signal the state of the UPS to one device, typically your PC.
                      Or, pfSense. See the NUT or apcupsd package. I use myself the "NUT" package, coupled with to a "APC Back-UPS XS 700U". This is a bit over kill for a pfSense device (an old desktop PC), but t also protects a couple of switches my ISP router and a bunch of access points.

                      Thi UPS also protects my NAS, a Synology device.
                      The NAS uses internally the same 'open source' software as the NUT pfSense package.
                      I was able to inform my NAS that I had a "UPS-server" - the NUT pfSEnse package cn be set up like that - so that my NAS gets the shut down events and other power evets from 'pfSEnse'.

                      The info from my NAS :

                      fd05f561-462f-4543-83c5-984dbc60d8e7-image.png

                      This works perfect.
                      Whehn the power goes down, pfSense is onformed, and shuts down after a coupleof minutes.
                      My NAS is also informed, over the network, and goes to stand-by mode.

                      It's also possible to hook your PC or Mac up to your UPS over the network to the pfSense UPS NUT server :
                      https://networkupstools.org/download.html#_binary_packages

                      This software proposed is old. But it works still today under Windows 10, for me at home.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      JKnottJ 1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        Yup that^.

                        Your Home Autamtion system almost certainly also support NUT and either can be the serber node with the client node being configured to pull data from that.
                        Really it just depends which is more convenient to connect the UPS USB cable to. The SG-1000 has a USB OTG port you would need to use so it might be easier to have that as the client.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • JKnottJ Online
                          JKnott @Gertjan
                          last edited by

                          @gertjan said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

                          This means : a typical sub 300 $ UPS protects 'one device'.

                          I believe apcupsd can work with multiple devices on the same UPS. One device monitors the UPS and tells the others when to shut down. In businesses, it's common for one large UPS to power multiple devices.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          Michel-angeloM 1 Reply Last reply Reply Quote 0
                          • Michel-angeloM Offline
                            Michel-angelo @JKnott
                            last edited by

                            @jknott

                            Thanks to all of you. I was not at home and am now back, late evening, just fit for bed. I apologise to forum members for wasting their time with already answered questions. Also I had not fully explored internet resources.

                            My UPS is a cheap 850 VA (not kVA) EATON UPS which is NUT-compatible. All devices are within easy access to the UPS' USB plug. My priorities are:

                            (1) to properly shut down the SG-1000 as it is the least hardened devices in my home set-up (so the SG-1000 would initially be the sole NUT client: the simplest set-up);

                            (2) Later, in addition, to issue an alarm via mail and/or SMS to help inform somebody at home or a neighbour nearby that power is down ar my home, in the kitchen (this is intended to preserve frozen food from decaying): this may be a task for home automation, maybe triggered by a Raspberry Pi configured either as master or as slave using NUT;

                            (3) properly shut-donw the iMac, used as a back-up server (slave under NUT).

                            (4) Nothing more.

                            So, tomorrow, one of my first orders of business will be to check how to install (preferably with a package ?) NUT for free-BSD 12.2 on the SG-1000 (using the console ?) and thereafter configure (if needed) the NUT software on the SG-1000 (if it does not "just work").

                            Thanks again to all of you. Bedtime for me.

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S Offline
                              stephenw10 Netgate Administrator
                              last edited by

                              There is a proper pfSense package for NUT. You can install and configure it in the GUI and it's config is retained in the main file etc.

                              Michel-angeloM 1 Reply Last reply Reply Quote 0
                              • Michel-angeloM Offline
                                Michel-angelo @stephenw10
                                last edited by

                                @stephenw10
                                Great ! Thanks @stephenw10. I have installed the package from the GUI. I doubt, I have not attempted to do any configuration. Maybe it just works. as it is I still need to connect the micro USB of the SG-1000 to the UPS USB: a plug similar to big hard drive's USB plugs.

                                Michel-angeloM 1 Reply Last reply Reply Quote 0
                                • Michel-angeloM Offline
                                  Michel-angelo @Michel-angelo
                                  last edited by

                                  Corrrection ! I just checked: The NUT [and else] package is installed but not configured yet. So it is currently not enabled yet. Configuration is also in the GUI. I will configure it in its simplest configuration (USB) as soon as I will have installed the USB cable (with a micro-USB connexion on the SG-1000 side).

                                  I have also noted that I will be able to notify status by email, which is what I needed to preserve my freezer whenever a power failure occur during vacation time. I won't need to install a raspberry-pi to feed my home automation simply to the purpose of notification.

                                  My congratulations to the pfSense programmers forethought. Possibly all replies to my questions above ere answered by the package.

                                  Michel-angeloM 1 Reply Last reply Reply Quote 1
                                  • Michel-angeloM Offline
                                    Michel-angelo @Michel-angelo
                                    last edited by

                                    @michel-angelo
                                    The UPS is a Eaton 3S/ Verifications made:
                                    NUT is compatible with Eaton (despite the fact Eaton no longer collaborates with NUT). s
                                    SLLenection: Simple, via USB . I use the Eaton supplied USB cable, together with a Raspberry-pi connector micro-usb (male) to USB A (female).
                                    In the SG-1000 Command reached through the Graphic interface,
                                    Services / UPS type : Local USB
                                    UPS Name: Eaton UPS
                                    Driver: upsdhid.
                                    After a long wait for the UPS daemon, the SG-1000 stops waiting and declares the UPS does not work.
                                    Not found any configuration possibility for the EATON.
                                    NO SUCCESS.

                                    SO FAR, SUCCEEDED Ato set a direct connection via USB to an iIMac
                                    FAILED a direct connection via USB to the SG-1000.

                                    1 Reply Last reply Reply Quote 0
                                    • stephenw10S Offline
                                      stephenw10 Netgate Administrator
                                      last edited by

                                      Do you see the new device logged in the system log when you connect the USB cable?

                                      What does it appear as if you run: usbconfig dump_device_desc ?

                                      Steve

                                      GertjanG 1 Reply Last reply Reply Quote 0
                                      • GertjanG Offline
                                        Gertjan @stephenw10
                                        last edited by Gertjan

                                        ... and use the obtained info here to get more details : https://networkupstools.org/stable-hcl.html

                                        No "help me" PM's please. Use the forum, the community will thank you.
                                        Edit : and where are the logs ??

                                        Michel-angeloM 1 Reply Last reply Reply Quote 0
                                        • Michel-angeloM Offline
                                          Michel-angelo @Gertjan
                                          last edited by

                                          @gertjan
                                          Thanks, stephenw10 and Gertjan

                                          I am deeply confused. Indeed I had a doubt that the USB connection, using the Raspberry-pi USB A female to micro USB could be defective. I did not know how to check but believed the connection was OK. It was not.

                                          The log, which I had not checked, reported "26341 Poll UPS [Eaton] failed - Driver not connected"

                                          I had already looked at https://networkupstools.org/stable-hcl.html, which selected for my Eaton 3S the default driver of the pfSense package. The configuration instructions were already correct

                                          So the sole thing missing was an effective USB connection between the Eaton UPS and the microfirewall. I will get a better quality connector within a couple of days but, this morning, after making absolutely sure that the micro-USB connected effectively to the SG-1000. it all worked by magic and the Services > UPS Status Details reported as expected. I will test it right away, but I am certain it will work.

                                          I can also report on the attempt I made yesterday with direct USB Connection to the iMac, which simply worked without any need for software installation.

                                          I must now find the way to (1) get the SG-1000 to relay the instruction to shut down to the iMac and (2) get the iMac to accept this instruction and effectively shut down.

                                          Many thanks for the correct pointers.

                                          GertjanG 1 Reply Last reply Reply Quote 0
                                          • GertjanG Offline
                                            Gertjan @Michel-angelo
                                            last edited by

                                            @michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

                                            I must now find the way to (1) get the SG-1000 to relay the instruction to shut down

                                            "NUT" is more then just 'ahev a chat with the locally connected USB-UPS and do something when it says the power switched to battery". Its far more capable.then that.

                                            With this :

                                            977572c0-cadf-44e0-86fe-fbbe6d3bae16-image.png

                                            These settings expose my pfSense LAN IP as a NUT (upsmon) server.
                                            As I showed earlier, my Synology NAS can now connect to pfSense for UPS info, with out an UPS connected directly to the NAS.

                                            No "help me" PM's please. Use the forum, the community will thank you.
                                            Edit : and where are the logs ??

                                            Michel-angeloM 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.