LEDs and OpenVPN state established LED program short simple bash script

JonathanLee

Hello fellow Netgate community members,

I wanted to share with you some cool code I have been working on for some time now. This code will check for specific states and adapt the LED's on an official Netgate appliance. Mine is a 2100.

My VPN rule is 57 my guest wifi is rule 110

Here is the code...

#!/bin/sh
check_current_states=$( pfctl -vvss | grep -e ', rule 110' -e ', rule 57' -e '192.168.1.11' -e '192.168.1.15' )
res=1
resb=1
resc=1
resd=1
case "$check_current_states" in 
  *", rule 110"* ) res=0 ;;
esac
case "$check_current_states" in
  *192.168.1.11* ) resb=0 ;;
esac
case "$check_current_states" in
  *192.168.1.15* ) resc=0 ;;
esac
case "$check_current_states" in
  *", rule 57"* ) resd=0 ;;
esac
if [ $res = 0 ] && [ $resb = 0 ]; 
then
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null
elif [ $res = 0 ];
then
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null
elif [ $resb = 0 ];
then
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null
else
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 7 duty 50 >/dev/null
  
fi
if [ $resc = 0 ] || [ $resd = 0 ];
then
  sysctl -q dev.gpio.2.led.0.pwm=1
  gpioctl -f /dev/gpioc2 2 duty 50 >/dev/null
  gpioctl -f /dev/gpioc2 0 duty 50 >/dev/null
else
  sysctl -q dev.gpio.2.led.0.pwm=1
  gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 0 duty 0 >/dev/null

fi

Overview:

This area below is my variable that will store output from a pfctl and grep to any rule you want I have rule 110 and 57 as well as some private ip addresses.
pfctl lists the current states on the firewall.

What this code does for me is check for guest wifi use and if someone is on the guest network change first led to red, if my 192.168.1.11 is running enable and set the second LED to red and if 192.168.1.15 or a VPN is in online change the thrid LED to purple (meaning do not restart the firewall) if non of this occurs set first LED to green and turn off the others.

check_current_states=$( pfctl -vvss | grep -e ', rule 110' -e ', rule 57' -e '192.168.1.11' -e '192.168.1.15' )

This next section is my variables I use them as flags they are all set to one to instantiate them:

res=1
resb=1
resc=1
resd=1

This next section checks for my conditions within the variable:

case "$check_current_states" in 
  *", rule 110"* ) res=0 ;;
esac

case "$check_current_states" in
  *192.168.1.11* ) resb=0 ;;
esac

case "$check_current_states" in
  *192.168.1.15* ) resc=0 ;;
esac

case "$check_current_states" in
  *", rule 57"* ) resd=0 ;;
esac

This next section is where I have my if else rules that set the LEDS

if [ $res = 0 ] && [ $resb = 0 ]; 
then
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null
elif [ $res = 0 ];
then
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 6 duty 50 >/dev/null
elif [ $resb = 0 ];
then
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null
else
  sysctl -q dev.gpio.2.led.1.pwm=1
  gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null
  sysctl -q dev.gpio.2.led.2.pwm=1
  gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 7 duty 50 >/dev/null
  
fi
if [ $resc = 0 ] || [ $resd = 0 ];
then
  sysctl -q dev.gpio.2.led.0.pwm=1
  gpioctl -f /dev/gpioc2 2 duty 50 >/dev/null
  gpioctl -f /dev/gpioc2 0 duty 50 >/dev/null
else
  sysctl -q dev.gpio.2.led.0.pwm=1
  gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null
  gpioctl -f /dev/gpioc2 0 duty 0 >/dev/null

Now save your code into your pfSense. chmod the bash script so it can execute this file...

Now set a cron job to run this every couple minutes or so.

For more help with how the colors on the LEDs work please reference this URL below. It is great I can't thank this guy enough. I hope he sees my code I made to work with the LED info he posted.

https://www.zacharyschneider.ca/2019/12/customizing-leds-netgate-sg-3100/

Bingo now you got custom LEDs that change when your states establish. You could set it to glow any color you want when OpenVPN connects.

How do you get your state number.... Simple just click on the rule states area you made in your firewall and see what shows..

Example:

Click here and it will show what rule id it is

Guest wifi for me is rule 105