A brief manual: NUT primary (master) on pfSense with an external NUT client (e.g. Synology)
-
A note after having spent many hours trying to configure something very basic, as I initially thought.
If you want an external NUT device such as your NAS or the like to connect to the NUT service on pfSense, three additional things have to be configured on pfSense, assuming that you got NUT on pfSense properly configured to work with your UPS (this has been covered in many posts on the net):
- Add a firewall rule that allows your client on LANx to connect to the pfSense LANx interface address, port 3493.
- pfSense's NUT (upsd) in default configuration only listens on loopback addresses 127.0.0.1 and ::1, tcp port 3493. This can be seen in Status -> System Logs -> System -> General after reloading the NUT service (or after a reboot). That's not helpful for us at all.
Therefore, in NUT configuration (Services -> UPS -> UPS Settings -> Advanced -> upsd.conf) configure an additional listening directive for your LANx interface, such as (note the spaces; the IP address is an example for your LANx interface address):
LISTEN 192.168.1.1 3493 - In NUT configuration (Services -> UPS -> UPS Settings -> Advanced -> upsd.users) add the correct user information as your NUT client demands.
For Synology NAS this is (literally):
[monuser]
password = secret
upsmon secondary
Lastly, as a note for Synology NUT clients: It is mandatory to rename the UPS to "ups" on pfSense because that is what the Synology DSM expects (without being able to change that expectation).
And then do not forget to restart the UPS service.
-
@pFence said in A brief manual: NUT primary (master) on pfSense with an external NUT client (e.g. Synology):
pfSense's NUT (upsd) in default configuration only listens on loopback addresses 127.0.0.1 and ::1, tcp port 3493. This can be seen in Status -> System Logs -> System -> General after reloading the NUT service (or after a reboot). That's not helpful for us at all.
Therefore, in NUT configuration (Services -> UPS -> UPS Settings -> Advanced -> upsd.conf) configure an additional listening directive for your LANx interface, such as (note the spaces; the IP address is an example for your LANx interface address):
LISTEN 192.168.1.1 3493Remote access for NUT is covered in the second post of the NUT support thread.
There are two options, one is the listen option that you have described and the other is the port forward option. While both approaches work, I generally recommend the port forward option because you can easily apply firewall rules.
-
S stephenw10 moved this topic from pfSense Packages on
-
@pFence Sorry for replying on this post that is so many months old but I haven't found that many results when searching for info on similar configurations to mine:
- CyberPower UPS connected to SG-1100 via USB
- NUT server running on pfSense
- Synology NAS as NUT client
Could you share more info about your config?
I'm specifically having an issue where I don't know how to control the delay between the server telling the clients to start the shutdown sequence, and telling the UPS to turn off the outlets. The current delay seems to be 20 seconds which is not enough for the Synology to complete a clean shutdown.Thanks for your help.
-
@diegus83 See if the UPS has a settable off delay. Most do. See "offdelay" in the usbhid-ups driver man page. This would go into the "Extra Arguments to driver" section. Take careful note of the warning about Cyber Power Systems.
You can also fake up a delay by using FINDELAY in upsmon.conf. This would go in the "Additional configuration lines for upsmon.conf" section.
-
@dennypage thanks for the detailed reply.
I setup the following values taking into account what the guide says about CPS:
offdelay = 300 ondelay = 360If I understood correctly, this should give me 5 minutes of power before the outlets turn off, and as per the guide ondelay is 6 minutes since it needs to be bigger and 1 minute would the minimum difference CPS would support.
The new values are reflected in the UPS Status tab:
ups.delay.shutdown 300 ups.delay.start 360So I'm assuming the setting works, I will know for sure once I do a controlled test.
I also setup this under "Extra arguments to driver", is this the correct way to initiate the shutdown when the battery reaches 50%?
override.battery.charge.warning = 60 override.battery.charge.low = 50I have no need to run the battery down to 10% like the default values seemed to do during my first test.
-
@diegus83 FWIW, 300 seconds might be a bit long. I expect the Synology shuts down a lot quicker than that (under 100). You may want to time it.
battery.charge.warning is not used and can be removed.
Regarding battery.charge.low, I would first check to see if this is writable in the UPS. Like so:
upsrw -s battery.charge.low=50 myupsI don't recall is just setting in the runtime actually works. There have been some issues in NUT with that in the past. If you do it this way, be sure to test it against your UPS.
-
@dennypage It seems I can't adjust that value:
upsrw -l ups [driver.debug] Current debug verbosity level of the driver program Type: NUMBER Value: 0 [driver.flag.allow_killpower] Safety flip-switch to allow the driver daemon to send UPS shutdown command (accessible via driver.killpower) Type: NUMBER Value: 0 [input.transfer.high] High voltage transfer point (V) Type: STRING Maximum length: 10 Value: 140 [input.transfer.low] Low voltage transfer point (V) Type: STRING Maximum length: 10 Value: 90 [ups.delay.shutdown] Interval to wait after shutdown with delay command (seconds) Type: STRING Maximum length: 10 Value: 20 [ups.delay.start] Interval to wait before (re)starting the load (seconds) Type: STRING Maximum length: 10 Value: 30I tried any way the admin user and password found in /usr/local/etc/nut/upsd.users and this was the output:
Unexpected response from upsd: ERR READONLYWhich I think confirms the admin/password is correct since any other credentials return ERR ACCESS-DENIED or ERR PASSWORD-REQUIRED
I guess I will have to test and see how the current configuration behaves.
The good news is that it seems I can adjust the delay shutdown and start directly in the UPS as per the output above, I didn't knew that!
I will test the whole system one of these days and definitely take note of the timing for the various NUT clients.
Your input has been very helpful, thank you.
-
@diegus83 Strange that it would show up in upsrw, but not allow change. Is it SNMP perhaps?
