Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A brief manual: NUT primary (master) on pfSense with an external NUT client (e.g. Synology)

    Scheduled Pinned Locked Moved UPS Tools
    8 Posts 3 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pFence
      last edited by

      A note after having spent many hours trying to configure something very basic, as I initially thought.

      If you want an external NUT device such as your NAS or the like to connect to the NUT service on pfSense, three additional things have to be configured on pfSense, assuming that you got NUT on pfSense properly configured to work with your UPS (this has been covered in many posts on the net):

      • Add a firewall rule that allows your client on LANx to connect to the pfSense LANx interface address, port 3493.
      • pfSense's NUT (upsd) in default configuration only listens on loopback addresses 127.0.0.1 and ::1, tcp port 3493. This can be seen in Status -> System Logs -> System -> General after reloading the NUT service (or after a reboot). That's not helpful for us at all.
        Therefore, in NUT configuration (Services -> UPS -> UPS Settings -> Advanced -> upsd.conf) configure an additional listening directive for your LANx interface, such as (note the spaces; the IP address is an example for your LANx interface address):
        LISTEN 192.168.1.1 3493
      • In NUT configuration (Services -> UPS -> UPS Settings -> Advanced -> upsd.users) add the correct user information as your NUT client demands.
        For Synology NAS this is (literally):
        [monuser]
        password = secret
        upsmon secondary

      Lastly, as a note for Synology NUT clients: It is mandatory to rename the UPS to "ups" on pfSense because that is what the Synology DSM expects (without being able to change that expectation).

      And then do not forget to restart the UPS service.

      dennypageD D 2 Replies Last reply Reply Quote 1
      • dennypageD
        dennypage @pFence
        last edited by

        @pFence said in A brief manual: NUT primary (master) on pfSense with an external NUT client (e.g. Synology):

        pfSense's NUT (upsd) in default configuration only listens on loopback addresses 127.0.0.1 and ::1, tcp port 3493. This can be seen in Status -> System Logs -> System -> General after reloading the NUT service (or after a reboot). That's not helpful for us at all.
        Therefore, in NUT configuration (Services -> UPS -> UPS Settings -> Advanced -> upsd.conf) configure an additional listening directive for your LANx interface, such as (note the spaces; the IP address is an example for your LANx interface address):
        LISTEN 192.168.1.1 3493

        Remote access for NUT is covered in the second post of the NUT support thread.

        There are two options, one is the listen option that you have described and the other is the port forward option. While both approaches work, I generally recommend the port forward option because you can easily apply firewall rules.

        1 Reply Last reply Reply Quote 0
        • stephenw10S stephenw10 moved this topic from pfSense Packages on
        • D
          diegus83 @pFence
          last edited by

          @pFence Sorry for replying on this post that is so many months old but I haven't found that many results when searching for info on similar configurations to mine:

          • CyberPower UPS connected to SG-1100 via USB
          • NUT server running on pfSense
          • Synology NAS as NUT client

          Could you share more info about your config?
          I'm specifically having an issue where I don't know how to control the delay between the server telling the clients to start the shutdown sequence, and telling the UPS to turn off the outlets. The current delay seems to be 20 seconds which is not enough for the Synology to complete a clean shutdown.

          Thanks for your help.

          dennypageD 1 Reply Last reply Reply Quote 0
          • dennypageD
            dennypage @diegus83
            last edited by dennypage

            @diegus83 See if the UPS has a settable off delay. Most do. See "offdelay" in the usbhid-ups driver man page. This would go into the "Extra Arguments to driver" section. Take careful note of the warning about Cyber Power Systems.

            You can also fake up a delay by using FINDELAY in upsmon.conf. This would go in the "Additional configuration lines for upsmon.conf" section.

            D 1 Reply Last reply Reply Quote 0
            • D
              diegus83 @dennypage
              last edited by

              @dennypage thanks for the detailed reply.

              I setup the following values taking into account what the guide says about CPS:

              offdelay = 300
ondelay = 360

              If I understood correctly, this should give me 5 minutes of power before the outlets turn off, and as per the guide ondelay is 6 minutes since it needs to be bigger and 1 minute would the minimum difference CPS would support.

              The new values are reflected in the UPS Status tab:

              ups.delay.shutdown	300
ups.delay.start	360

              So I'm assuming the setting works, I will know for sure once I do a controlled test.

              I also setup this under "Extra arguments to driver", is this the correct way to initiate the shutdown when the battery reaches 50%?

              override.battery.charge.warning = 60
override.battery.charge.low = 50

              I have no need to run the battery down to 10% like the default values seemed to do during my first test.

              dennypageD 1 Reply Last reply Reply Quote 0
              • dennypageD
                dennypage @diegus83
                last edited by

                @diegus83 FWIW, 300 seconds might be a bit long. I expect the Synology shuts down a lot quicker than that (under 100). You may want to time it.

                battery.charge.warning is not used and can be removed.

                Regarding battery.charge.low, I would first check to see if this is writable in the UPS. Like so:

                upsrw -s battery.charge.low=50 myups

                I don't recall is just setting in the runtime actually works. There have been some issues in NUT with that in the past. If you do it this way, be sure to test it against your UPS.

                D 1 Reply Last reply Reply Quote 0
                • D
                  diegus83 @dennypage
                  last edited by

                  @dennypage It seems I can't adjust that value:

                  upsrw -l ups
[driver.debug]
Current debug verbosity level of the driver program
Type: NUMBER
Value: 0

[driver.flag.allow_killpower]
Safety flip-switch to allow the driver daemon to send UPS shutdown command (accessible via driver.killpower)
Type: NUMBER
Value: 0

[input.transfer.high]
High voltage transfer point (V)
Type: STRING
Maximum length: 10
Value: 140

[input.transfer.low]
Low voltage transfer point (V)
Type: STRING
Maximum length: 10
Value: 90

[ups.delay.shutdown]
Interval to wait after shutdown with delay command (seconds)
Type: STRING
Maximum length: 10
Value: 20

[ups.delay.start]
Interval to wait before (re)starting the load (seconds)
Type: STRING
Maximum length: 10
Value: 30

                  I tried any way the admin user and password found in /usr/local/etc/nut/upsd.users and this was the output:

                  Unexpected response from upsd: ERR READONLY

                  Which I think confirms the admin/password is correct since any other credentials return ERR ACCESS-DENIED or ERR PASSWORD-REQUIRED

                  I guess I will have to test and see how the current configuration behaves.

                  The good news is that it seems I can adjust the delay shutdown and start directly in the UPS as per the output above, I didn't knew that!

                  I will test the whole system one of these days and definitely take note of the timing for the various NUT clients.

                  Your input has been very helpful, thank you.

                  dennypageD 1 Reply Last reply Reply Quote 0
                  • dennypageD
                    dennypage @diegus83
                    last edited by

                    @diegus83 Strange that it would show up in upsrw, but not allow change. Is it SNMP perhaps?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.