Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - dennypage

Pages: [1] 2 3 4 5 ... 55
1
Packages / Re: NUT package
« on: February 18, 2018, 02:15:13 pm »
Thank you - I'll give it a try.

I've noticed the following errors appearing in my logs, any idea why this would be?

Code: [Select]
...
Feb 18 11:01:52 snmp-ups 44002 dstate_setflags: base variable (battery.runtime.low) is immutable
Feb 18 11:01:20 snmp-ups 44002 dstate_setflags: base variable (battery.runtime.low) is immutable
Feb 18 11:00:48 snmp-ups 44002 dstate_setflags: base variable (battery.runtime.low) is immutable
...

I believe it means that the variable is marked read-only in the SNMP MIB. For more information on this, I would suggest checking the nut users list.

FWIW, if it were me I would just remove the setting of runtime and use charge %. You donít need both.

2
Packages / Re: NUT package
« on: February 18, 2018, 11:08:18 am »
How can I delay pfsense powering down until esxi has completed shutting down?

The HOSTSYNC variable controls how long the master will wait for slaves to initiate their shutdown. You can find information on this in the ups.conf man page.

3
Packages / Re: NUT package
« on: February 13, 2018, 03:19:49 pm »
Also, will the ups power back on automatically after mains is restored after a power kill?

It should. Most all UPSs are designed to.

4
Packages / Re: NUT package
« on: February 13, 2018, 12:43:19 pm »
The ISSUE is my APC is not shutting down after pfsense and synology shuts off. It keeps running till battery  becomes 0.

See post #1, version 2.7.4_6 which addresses this issue.

5
Packages / Re: LLDP daemon package
« on: February 08, 2018, 05:18:21 pm »
The pr is in. Reviews are complete, but not sure how long before it would appear in the package repos though. Folks are busy. :)

6
Packages / Re: LLDP daemon package
« on: February 07, 2018, 11:21:14 pm »
It's about the (new) pfSense lldpd package. Lldpd is similar to LADVD but is a but more up to date and compliant with 802.1ab.

7
Packages / LLDP daemon package
« on: February 07, 2018, 07:38:13 pm »
This post is a placeholder for discussion of the lldpd package.

8
Packages / Re: Just want pfSense to shutdown when UPS goes to battery
« on: January 24, 2018, 11:22:05 pm »
Using NUT on pfSense you have a couple of options:
  • Directly monitor the UPS via SNMP
  • The NUT client can talk to a remove apcupsd server.
Given a choice, I would choose option 1 as this works regardless of whether the Windows system is functioning or not.

I can't speak to apcupsd on pfSense.

9
Packages / Re: NUT package
« on: January 11, 2018, 05:28:15 pm »
Is this the right package to monitor a UPS and shut down pfsense if I get a low battery?

I'm poking around and tried to add a remote snmp UPS but there doesn't seem to be a field to specify a community string. I don't run public for obvious reasons.

Yes, this is the right package.

As to the community string, if you are using the default ("public"), then you don't need to specify a community string. If you are using something other than the default, you would specify the community in the Extra Arguments to driver section. See the snmp-ups man page for more information on snmp driver arguments.

As an aside, a unique community name can be marginally effective at preventing accidents, but it offers nothing in the way of actual security because the name is sent across the network in clear text. While it used to be considered an important best practice to change the community name with v1/v2, many people don't bother any more. For actual security you need to use v3, at which point it doesn't matter if the community name is public. Even when using a unique community name for read/write with v1/v2/v3, it is common to leave public in place as an read only v1 community for monitoring things such as UPSs.

10
Packages / Re: NUT package
« on: January 08, 2018, 01:09:20 pm »
I found some additional information that states you can change the username/password by editing /etc/config/ups/upsmon.conf on the QNAP (it was on my system volume).

Yes, you can do the same thing with the Synology. The problem is that it the Synology (and presumably QNAP) will reset every time you touch the service or perform an OS update.


In that file I found:

Code: [Select]
RUN_AS_USER admin
MONITOR qnapups@192.168.34.5 1 admin 123456 slave
...

For now I haven't changed the configuration.  Would I need to change "admin" in both lines? Since the RUN_AS_USER parameter is <userid> and the MONITOR parameter is <username>, it's unclear.  Further, it appears that changing <userid> in RUN_AS_USER might cause some permission issues?

It is only the MONITOR line that you would change. The RUN_AS_USER is a directive saying under what username the nut services should run on the local (QNAP) machine.

Given that changes will end up being sporadically reset by the NAS, I would leave the username/password alone and live with it. If you are feeling adventuresome, you could file a security bug report with QNAP.

11
Packages / Re: NUT package
« on: January 07, 2018, 11:59:04 pm »
For 'remote access', it sounds like you mean any device other than the pfSense Master?  So the QNAP on the same LAN  is considered remote?  Sorry, it's not the context I'm used to for local/remote.

Remote access in this context refers to anything not running locally on the box that the UPS is attached to.


So, I in adding the QNAP as a slave/user, I have read here (and elsewhere) that it only will accept admin/123456:

Very disappointing, but not horribly surprising. Synology does something equally stupid by hardcoding "monuser" and "secret".

12
General Questions / Re: Increased RTT times
« on: January 07, 2018, 03:31:46 pm »
Low levels of packet loss on the WAN link will result in increased latency on the VPN link. Higher levels of packet loss on the WAN link will result in both the WAN and VPN connections resetting. This is likely why you are seeing frequent restarts of dpinger.

13
General Questions / Re: Increased RTT times
« on: January 07, 2018, 02:16:59 pm »
Harvy has a particularly nice WAN link. Here is a 2 day graph from my more pedestrian link.

14
Packages / Re: NUT package
« on: January 07, 2018, 02:03:05 pm »
I did not have to setup the remote access user as described in post 2.

You will want to set up a user for remote access as discussed in reply #2. The monuser in the config is intended for local use only. It is automatically generated based on a random number for security, and will change from time to time. If you set up your own user, the name and password will be under your control and will not change.


In post #64, there are instructions to place directives in the advanced section for ups.conf if you want to override the shutdown levels:

Code: [Select]
ignorelb
override.battery.charge.low = 50
override.battery.runtime.low = 600

However, later posts (e.g. #85) say that UPS specific arguments should be entered in the section above that says "Extra Arguments to driver".

Reply #64 discusses pollinterval which does belong in the global section for ups.conf. The battery parameters are UPS specific, and belong in the driver section as noted in #85 and elsewhere. Your post above shows it in the correct section.

15
General Questions / Re: Increased RTT times
« on: January 07, 2018, 02:44:00 am »
The amount of packet loss seems high to me.

Pages: [1] 2 3 4 5 ... 55