Netgate 2100 Customization of LEDs (Guide)
-
Hello fellow Netgate community,
I wanted to share a simple guide on how to customize LEDs on the Netgate 2100 and help mix them into your OpenVPN rules or any rule you want for that matter.
Hey you want your LEDS to Glow RED when your work laptop is on you can do it, or if you got a VPN connection running and you want it PURPLE you can do that.
Do you have a pcie mini card and use it as guest wifi, if there is any established states and you want it to flash you can do that too.
You can have Purple, Pink, Red, Blue, Green, Teal, White many different variations based on the 3 primary colors you have with each LED.
Here is how it is done.
check_current_states=$( pfctl -vvss | grep -e ', rule 93' -e ', rule 55' -e '192.168.1.11' -e '192.168.1.15' )
This is line of magic code is checking for my specified conditions and storing them into a variable named check_current_states.
pfctl -vvss will display the active states of your firewall. I want to check for rule 93 "this is my guest wifi" and rule 55 "my OpenVPN connection" also a couple IP addresses.
If you need to find the rule number you can do that by clicking the rules. Here is an example. But remember any change to your firewall rules with change the numbers also. So make sure your access control lists are pretty solid before you start locking LEDs to them.
(55 is my OpenVPN rule number)What my code does is check first to see if any of the following have established states.
-
- Does Rule 93 have any current states, Is anyone on the guest wifi.
-
- Does Rule 55 have any current states, is anyone logged in remotely to the VPN offsite
-
- Does device with static ip address 192.168.1.11 have any established states. Simply is this device online?
-
- Does device with static ip address 192.168.1.15 have any established states, Or is this online right now?
If so it stores them into my variable check_current_states if not this variable is empty and it will go to my default LED state a nice green color (green means go) Or good to go to turn off and test new firewall settings.
After I can instantiate 4 variables I use them as flags simply store a 1 in them they are named ...
-
res
-
resb
-
resc
-
resd
They all are instantiated with 1
Now I check them with case statements to store 0 in them if I find any information in my original variable check_current_states
So it checks the states stores them and after changes the flags on the variables res
Once this is done I now start to check the variables for specific conditions with if, else and case statements.
if [ $res = 0] && [$resb=0]this is my if statements that I use to adapt the LEDS
sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null gpioctl -f /dev/gpioc2 4 duty 15 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 55 >/dev/null gpioctl -f /dev/gpioc2 7 duty 20 >/dev/null gpioctl -f /dev/gpioc2 8 duty 15 >/dev/nullThis is where the magic happens.
Side note 2100 uses gpoid.2 3100 uses geoid.1
Here is the break down each LED has 3 LEDs in them a blue a red and a green
Here is the numbers you need to set each one.
Great Overview of LEDS Reference this webpage
(cited from webpage above for this image)sysctl -q dev.gpio.2.led.1.pwm=1 (can be 1 or 0) when set to zero it will pulse the LED. when set to one it will make them solid colors
So I am first using gpio.2.led1 setting that led to solid color mode and after setting the color it will turn off as followed with this code
gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null gpioctl -f /dev/gpioc2 4 duty 15 >/dev/nullBasically the code sets red to power 50 brightness and also set green to 15 brightness gets you a nice yellow. RED+GREEN=YELLOW like painting a nice sunshine with happy little clouds and trees.
sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 55 >/dev/null gpioctl -f /dev/gpioc2 7 duty 20 >/dev/null gpioctl -f /dev/gpioc2 8 duty 15 >/dev/nullThis code sets my led #2 to flash mode with a default flash pattern. However, I want it to flash with a white color.
So Some Red+Green+Blue=White so it make a nice White. Just some more color mixing.if [ $resc = 0 ] || [ $resd = 0 ]; then sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 50 >/dev/null gpioctl -f /dev/gpioc2 0 duty 50 >/dev/null else sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null gpioctl -f /dev/gpioc2 0 duty 0 >/dev/nullThis is my favorite we get PURPLE!!! Some red and blue is all it needs. I have this section set to turn on if my OpenVPN shows an established connection.
Also if my Wife has her laptop running it's my most important state established mode for me it's basically, "DO NOT TURN OFF FIREWALL JON. ROYAL PURPLE MODE IS RUNNING AND ACTIVATED. I don't want to shut it off in the middle of work.
So I have a OpenVPN or Laptop with specific Ip address listed
gpioctl -f /dev/gpioc2 2 duty 50 >/dev/null gpioctl -f /dev/gpioc2 0 duty 50 >/dev/nullHere is my full program I made. I hope it inspires you to have custom LEDS also. Maybe some for game systems after hours or VPN connections, Wifi guests etc what ever you can think of you can do it now.
#!/bin/sh check_current_states=$( pfctl -vvss | grep -e ', rule 93' -e ', rule 55' -e '192.168.1.11' -e '192.168.1.15' ) res=1 resb=1 resc=1 resd=1 case "$check_current_states" in *", rule 93"* ) res=0 ;; esac case "$check_current_states" in *192.168.1.11* ) resb=0 ;; esac case "$check_current_states" in *192.168.1.15* ) resc=0 ;; esac case "$check_current_states" in *", rule 55"* ) resd=0 ;; esac if [ $res = 0 ] && [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null gpioctl -f /dev/gpioc2 4 duty 15 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 55 >/dev/null gpioctl -f /dev/gpioc2 7 duty 20 >/dev/null gpioctl -f /dev/gpioc2 8 duty 15 >/dev/null elif [ $res = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 55 >/dev/null gpioctl -f /dev/gpioc2 7 duty 20 >/dev/null gpioctl -f /dev/gpioc2 8 duty 15 >/dev/null elif [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 8 duty 0 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null gpioctl -f /dev/gpioc2 4 duty 15 >/dev/null else sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 50 >/dev/null gpioctl -f /dev/gpioc2 8 duty 0 >/dev/null fi if [ $resc = 0 ] || [ $resd = 0 ]; then sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 50 >/dev/null gpioctl -f /dev/gpioc2 0 duty 50 >/dev/null else sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null gpioctl -f /dev/gpioc2 0 duty 0 >/dev/null fiIf your wondering what is pfctl -vvss
This command will show all current states on the firewall. You can do this with command prompt to check it out it will be huge so do not do this on a firewall with millions of states, this is more for the home firewall use or small office.
I know what your thinking, where do I put this program I have listed here,
It is simple put it in the root folder if you want and save it Check it out...
Bingo now you might want to chmod it so your firewall can check the states with a cron job
I just did chmod 777 after with it you may want to set different permissions on it.
I did command chmod path to file
chmod 777 /root/deviceonlinedayThat is basically saying this can be run by the firewall or anyone it does not need root privileges or anything else to run the bash script.
Now test it with your command line
That should change the LEDS if you got it right.
If it works how you want set your cron job to run the script. I set mine to run every min it will check for states and change the LEDs if needed.
Ref:
https://github.com/JonathanDLee24/Netgate-SG2100-scripts
https://github.com/luckman212/Netgate-SG2100-scriptsPlease yet me know if you have any improvements of if I should use a different chmod, anything.
Thank you for all the members that helped with this program and provided information you know who you are. I wanted to share it again now that it works better.
-
-
Photos Restored Jan 28 23:36
-
J JonathanLee referenced this topic on
-
J JonathanLee referenced this topic on
-
I’m trying to figure out how I can modify this to work with system status? Specifically I would like to set all the led’s on my 4200 to bright red when the wan gateway is down. Not finding a bash script to do this though.
Box: SG-4200
-
You can.. all you would have to do is find some WAN connection you can use with a variable with pfctl -vsss
maybe just search for any WAN connections if you have a static IP it would be the best just search for that IP address with.So really basic "if else" it could be..
if-->
WAN not found
turn LEDs RED!!!
else-->
turn LEDS off or GREENuse this command in shell to find something that would work...
pfctl -vvssTo make all the LEDS red on 2100 is...
sysctl -q dev.gpio.2.led.0.pwm=0 gpioctl -f /dev/gpioc2 0 duty 200 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=0 gpioctl -f /dev/gpioc2 3 duty 200 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 200 >/dev/nullSo basically ...
#!/bin/sh check_current_states=$( pfctl -vvss | grep -e ‘STATIC WAN IP ADDRESS HERE’ ) WAN=1 case "$check_current_states" in *WAN IP* ) WAN=1 ;; esac if [ $WAN = 0 ]; #meaning if it is offline turn them to red then sysctl -q dev.gpio.2.led.0.pwm=0 gpioctl -f /dev/gpioc2 0 duty 200 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=0 gpioctl -f /dev/gpioc2 3 duty 200 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 200 >/dev/null else #turn all LEDs off or what ever you need.... sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 0 duty 0 >/dev/null gpioctl -f /dev/gpioc2 1 duty 0 >/dev/null gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null gpioctl -f /dev/gpioc2 5 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 8 duty 0 >/dev/null fiOr for the else condition you could set it to green if WAN is online
sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 50 >/dev/null gpioctl -f /dev/gpioc2 8 duty 0 >/dev/nullMake a cron job to run the scrip every so often to check...
keep in mind you would have to also disable the current LEDS too
sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 0 duty 0 >/dev/null gpioctl -f /dev/gpioc2 1 duty 0 >/dev/null gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null gpioctl -f /dev/gpioc2 5 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 8 duty 0 >/dev/nullor just create a while loop to do that..
-
Side Note:
if your 4200 has lots of traffic... I am talking thousands of clients... running pfctl over and over every minute might not be for you,, as it takes up some memory when you do this..
However for a small office or a dozen or so clients this is no big deal....
-
@JonathanLee
So I could just use something like 8.8.8.8 for the static WAN? -
@wgstarks That's the DNS yes if the gateway went offline I am sure that state would no longer exist. Try that unplug wan for 10 mins see if it glows red plug it v=back in wait ten mins see if it normalizes. Great idea
-
@JonathanLee
Do you know what the factory default is for the “or else”? -
I think it is very close too..
sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 8 duty 30 >/dev/nullit pulses blue like that... I never used the default once I went to custom blinking light mode
Remember you have to disable the others before you change it back with
sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 0 duty 0 >/dev/null gpioctl -f /dev/gpioc2 1 duty 0 >/dev/null gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null gpioctl -f /dev/gpioc2 5 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 8 duty 0 >/dev/nullThis would be like a reset turns them all off..
-
@JonathanLee
Thanks. Might be simpler to just set it to red and green. I never remember what the default patterns mean anyway.
-
@wgstarks One other item with the custom LEDs you will not see the firmware LED program run so I added a email alert for updates program with it that another user shared on Netgate...
https://forum.netgate.com/topic/137707/auto-update-check-checks-for-updates-to-base-system-packages-and-sends-email-alerts/
That way you still get a alert that you have updates without the Orange LED
-
Thanks. Have had that installed for a while.
-
J JonathanLee referenced this topic on
-
@stephenw10 Can you please help me?
Where is the standard led program in pfSense filesystem located it would be easier to just call that program if the gateway is up for @wgstarks request. He wants to normalize the LED behavior if the gateway is up. I could just set the scrip to call that program if needed. /dev/led is not listed in 2100 file system -
To normalize it call this program originally sets bootup conditions, I am searching for the file it calls
/usr/local/sbin/pfSense-led.sh
-
set the program to call
/usr/local/sbin/pfSense-led.sh readyUse that for the else condition that would normalize it automatically for your model
-
Thanks. I’ll test this and see if I can get it working.
-
This post is deleted! -
I got it don't use DNS use the interfaces name and pinger
pfctl -vvss | grep -e "mvneta0 icmp"
that works!!!
#!/bin/sh led_intensity=0 while [ $led_intensity -le 8 ]; do gpioctl -f /dev/gpioc2 $led_intensity duty 0 >/dev/null led_intensity=$(( led_intensity + 1 )) done check_current_states=$( pfctl -vvss | grep -e "mvneta0 icmp" ) WAN=0 case "$check_current_states" in *icmp* ) WAN=1 ;; esac if [ $WAN = 0 ]; then sysctl -q dev.gpio.2.led.0.pwm=0 gpioctl -f /dev/gpioc2 0 duty 200 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=0 gpioctl -f /dev/gpioc2 3 duty 200 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 200 >/dev/null else /usr/local/sbin/pfSense-led.sh ready fi
Your mvneta0 might be different over the 2100 check it on Interface Assignments, that is the pinger state used to check to see if gateway is up just use it for the program also
YEAH!!
Just updated after testing 4:07 7-18-24
-
Update to mine to reflect the gateway offline
#!/bin/sh check_current_states=$( pfctl -vvss | grep -e ', rule 105' -e ', rule 52' -e '192.168.1.11' -e '192.168.1.15' -e 'mvneta0 icmp' ) res=1 resb=1 resc=1 resd=1 WAN=1 case "$check_current_states" in *icmp* ) WAN=0 ;; esac if [ $WAN = 1 ]; then sysctl -q dev.gpio.2.led.0.pwm=0 gpioctl -f /dev/gpioc2 0 duty 200 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=0 gpioctl -f /dev/gpioc2 3 duty 200 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 200 >/dev/null exit 1 fi case "$check_current_states" in *", rule 105"* ) res=0 ;; esac case "$check_current_states" in *192.168.1.11* ) resb=0 ;; esac case "$check_current_states" in *192.168.1.15* ) resc=0 ;; esac case "$check_current_states" in *", rule 52"* ) resd=0 ;; esac if [ $res = 0 ] && [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null gpioctl -f /dev/gpioc2 4 duty 15 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 55 >/dev/null gpioctl -f /dev/gpioc2 7 duty 20 >/dev/null gpioctl -f /dev/gpioc2 8 duty 15 >/dev/null elif [ $res = 0 ]; then sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 55 >/dev/null gpioctl -f /dev/gpioc2 7 duty 20 >/dev/null gpioctl -f /dev/gpioc2 8 duty 15 >/dev/null elif [ $resb = 0 ]; then sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 0 >/dev/null gpioctl -f /dev/gpioc2 8 duty 0 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 50 >/dev/null gpioctl -f /dev/gpioc2 4 duty 15 >/dev/null else sysctl -q dev.gpio.2.led.1.pwm=1 gpioctl -f /dev/gpioc2 3 duty 0 >/dev/null gpioctl -f /dev/gpioc2 4 duty 0 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=1 gpioctl -f /dev/gpioc2 6 duty 0 >/dev/null gpioctl -f /dev/gpioc2 7 duty 50 >/dev/null gpioctl -f /dev/gpioc2 8 duty 0 >/dev/null fi if [ $resc = 0 ] || [ $resd = 0 ]; then sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 50 >/dev/null gpioctl -f /dev/gpioc2 0 duty 50 >/dev/null else sysctl -q dev.gpio.2.led.0.pwm=1 gpioctl -f /dev/gpioc2 2 duty 0 >/dev/null gpioctl -f /dev/gpioc2 0 duty 0 >/dev/null fi -
When I test in shell I get the following result-
gpio_open: No such file or directory gpio_open: No such file or directory gpio_open: No such file or directory gpio_open: No such file or directory gpio_open: No such file or directory gpio_open: No such file or directory gpio_open: No such file or directory gpio_open: No such file or directory gpio_open: No such file or directoryMy script-
#!/bin/sh led_intensity=0 while [ $led_intensity -le 8 ]; do gpioctl -f /dev/gpioc2 $led_intensity duty 0 >/dev/null led_intensity=$(( led_intensity + 1 )) done check_current_states=$( pfctl -vvss | grep -e "igc3 icmp" ) WAN=0 case "$check_current_states" in *icmp* ) WAN=1 ;; esac if [ $WAN = 0 ]; then sysctl -q dev.gpio.2.led.0.pwm=0 gpioctl -f /dev/gpioc2 0 duty 200 >/dev/null sysctl -q dev.gpio.2.led.1.pwm=0 gpioctl -f /dev/gpioc2 3 duty 200 >/dev/null sysctl -q dev.gpio.2.led.2.pwm=0 gpioctl -f /dev/gpioc2 6 duty 200 >/dev/null else /usr/local/sbin/pfSense-led.sh ready fi
