pfSense Gold Subscription

Author Topic: NUT package  (Read 25582 times)

ribula and 1 Guest are viewing this topic.

Offline digitalgimpus

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #285 on: December 24, 2017, 05:33:18 pm »

Covered earlier in this thread. See reply 1.

Thanks! I missed that.

Offline dtallon13

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #286 on: December 29, 2017, 12:02:12 pm »
Hey dtallon13,

Have you rebooted pfSense since you first installed NUT? If you have not, there is a USB permissions problem that may be tripping you up. Just leave the UPS connected via USB, and reboot the firewall.

If a reboot doesn't address the issue, then check the system log (Status / System Logs / System / General) for messages matching 'nut' or 'ups' and report back what you find please.

Reboot worked like magic. Thanks!

Offline DownloadDeviant

  • Newbie
  • *
  • Posts: 20
  • Karma: +2/-0
    • View Profile
Re: NUT package
« Reply #287 on: January 05, 2018, 03:14:10 pm »
Hello,

My NUT package displays as 2.7.4_5.
This page says there is a version 2.7.4_6 but I am offered no option to update.
What am I doing wrong?


Recent changes I've made -
I was running pfSense 2.3.4x.  I upgraded to 2.4.2, saved a config after checking everything was running properly.
I then did a fresh install of 2.4.2 (went with ZFS this time), then upgraded to p1 and restored from the backup config.xml.

Everything went as smooth as possible. Not a single hiccup. UPS service is accurate and working.

*IF it matters, my pfSense box is a slave to my Synology DS415+ for UPS.

Thanks for any advice.
System: pfSense 2.4.2p1 - ZFS CPU: AMD Athlon 5350 (Kabini) MOBO: ASRock AM1H-ITX HD: 60GB SSD Patriot Inferno RAM: G.SKILL Sniper 2x4GB DDR3 2133 NIC: Intel I350-T2 CASE: Antec ISK 310-150 PS: Lite-On 75W AC Adapter PACKAGES: Cron, NUT
NASes: Synology DS415+ & FreeNAS 11.1

Offline dennypage

  • Hero Member
  • *****
  • Posts: 715
  • Karma: +136/-0
    • View Profile
Re: NUT package
« Reply #288 on: January 05, 2018, 03:27:51 pm »
My NUT package displays as 2.7.4_5. This page says there is a version 2.7.4_6 but I am offered no option to update.

NUT package version 2.7.4_6 isn't offered for pfSense 2.4.2 because the changes in 2.7.4_6 require pfSense 2.4.3 or later to function. Currently, you will only see 2.7.4_6 if you are running a pfSense development snapshot.

Offline DownloadDeviant

  • Newbie
  • *
  • Posts: 20
  • Karma: +2/-0
    • View Profile
Re: NUT package
« Reply #289 on: January 06, 2018, 04:59:27 pm »
Ahhh, OK. Whew! I was thinking I borked my fresh install or something didn't translate from the backup config.
Thanks for the reply. I'll sleep better tonight.  ;D
System: pfSense 2.4.2p1 - ZFS CPU: AMD Athlon 5350 (Kabini) MOBO: ASRock AM1H-ITX HD: 60GB SSD Patriot Inferno RAM: G.SKILL Sniper 2x4GB DDR3 2133 NIC: Intel I350-T2 CASE: Antec ISK 310-150 PS: Lite-On 75W AC Adapter PACKAGES: Cron, NUT
NASes: Synology DS415+ & FreeNAS 11.1

Offline dennypage

  • Hero Member
  • *****
  • Posts: 715
  • Karma: +136/-0
    • View Profile
Re: NUT package
« Reply #290 on: January 06, 2018, 05:08:46 pm »
Thanks for the reply. I'll sleep better tonight.  ;D

LOL. You're welcome.

Offline newberger

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #291 on: January 07, 2018, 12:09:11 pm »
Hi New pfSense user.  I appreciate your work on NUT, it's the first package I have installed.

I'm running pfSense on Netgate SG-3100, which I have as UPS Master.  I have a QNAP T-882 as slave.

UPS is CyberPower OR700 and is connected to SG-3100 via USB.

I have configured the psSense as described in post #2, in the pfSense: Services/UPS and the UPS shows up in properly in pfSense.   



Here's how I configured the NAT rule.  I am still working up the learning curve on Firewall in pfSense, so please let me know if you see any issues.



I did not have to setup the remote access user as described in post 2.  In post #64, there are instructions to place directives in the advanced section for ups.conf if you want to override the shutdown levels:

Code: [Select]
ignorelb
override.battery.charge.low = 50
override.battery.runtime.low = 600

However, later posts (e.g. #85) say that UPS specific arguments should be entered in the section above that says "Extra Arguments to driver".

So I added like this:



After setting the Port Forward, the QNAP can now see the UPS:



Any feedback is appreciated and, hopefully this will be helpful for other new users.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 715
  • Karma: +136/-0
    • View Profile
Re: NUT package
« Reply #292 on: January 07, 2018, 02:03:05 pm »
I did not have to setup the remote access user as described in post 2.

You will want to set up a user for remote access as discussed in reply #2. The monuser in the config is intended for local use only. It is automatically generated based on a random number for security, and will change from time to time. If you set up your own user, the name and password will be under your control and will not change.


In post #64, there are instructions to place directives in the advanced section for ups.conf if you want to override the shutdown levels:

Code: [Select]
ignorelb
override.battery.charge.low = 50
override.battery.runtime.low = 600

However, later posts (e.g. #85) say that UPS specific arguments should be entered in the section above that says "Extra Arguments to driver".

Reply #64 discusses pollinterval which does belong in the global section for ups.conf. The battery parameters are UPS specific, and belong in the driver section as noted in #85 and elsewhere. Your post above shows it in the correct section.

Offline newberger

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #293 on: January 07, 2018, 04:24:06 pm »
Thanks for the reply!

You will want to set up a user for remote access as discussed in reply #2. The monuser in the config is intended for local use only. It is automatically generated based on a random number for security, and will change from time to time.

For 'remote access', it sounds like you mean any device other than the pfSense Master?  So the QNAP on the same LAN  is considered remote?  Sorry, it's not the context I'm used to for local/remote.

If you set up your own user, the name and password will be under your control and will not change.

So, I in adding the QNAP as a slave/user, I have read here (and elsewhere) that it only will accept admin/123456:







Offline dennypage

  • Hero Member
  • *****
  • Posts: 715
  • Karma: +136/-0
    • View Profile
Re: NUT package
« Reply #294 on: January 07, 2018, 11:59:04 pm »
For 'remote access', it sounds like you mean any device other than the pfSense Master?  So the QNAP on the same LAN  is considered remote?  Sorry, it's not the context I'm used to for local/remote.

Remote access in this context refers to anything not running locally on the box that the UPS is attached to.


So, I in adding the QNAP as a slave/user, I have read here (and elsewhere) that it only will accept admin/123456:

Very disappointing, but not horribly surprising. Synology does something equally stupid by hardcoding "monuser" and "secret".

Offline newberger

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #295 on: January 08, 2018, 12:30:36 pm »
Thanks for clarifying the remote/local definitions.

Very disappointing, but not horribly surprising. Synology does something equally stupid by hardcoding "monuser" and "secret".

I found some additional information that states you can change the username/password by editing /etc/config/ups/upsmon.conf on the QNAP (it was on my system volume).

In that file I found:

Code: [Select]
RUN_AS_USER admin
MONITOR qnapups@192.168.34.5 1 admin 123456 slave
...

For now I haven't changed the configuration.  Would I need to change "admin" in both lines? Since the RUN_AS_USER parameter is <userid> and the MONITOR parameter is <username>, it's unclear.  Further, it appears that changing <userid> in RUN_AS_USER might cause some permission issues?

Offline dennypage

  • Hero Member
  • *****
  • Posts: 715
  • Karma: +136/-0
    • View Profile
Re: NUT package
« Reply #296 on: January 08, 2018, 01:09:20 pm »
I found some additional information that states you can change the username/password by editing /etc/config/ups/upsmon.conf on the QNAP (it was on my system volume).

Yes, you can do the same thing with the Synology. The problem is that it the Synology (and presumably QNAP) will reset every time you touch the service or perform an OS update.


In that file I found:

Code: [Select]
RUN_AS_USER admin
MONITOR qnapups@192.168.34.5 1 admin 123456 slave
...

For now I haven't changed the configuration.  Would I need to change "admin" in both lines? Since the RUN_AS_USER parameter is <userid> and the MONITOR parameter is <username>, it's unclear.  Further, it appears that changing <userid> in RUN_AS_USER might cause some permission issues?

It is only the MONITOR line that you would change. The RUN_AS_USER is a directive saying under what username the nut services should run on the local (QNAP) machine.

Given that changes will end up being sporadically reset by the NAS, I would leave the username/password alone and live with it. If you are feeling adventuresome, you could file a security bug report with QNAP.

Offline newberger

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #297 on: January 08, 2018, 11:36:29 pm »
Given that changes will end up being sporadically reset by the NAS, I would leave the username/password alone and live with it.

Good to know and I'll leave as is.  Thanks for all of your help!

Offline Maxburn

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #298 on: January 11, 2018, 02:44:47 pm »
Is this the right package to monitor a UPS and shut down pfsense if I get a low battery?

I'm poking around and tried to add a remote snmp UPS but there doesn't seem to be a field to specify a community string. I don't run public for obvious reasons.

Edit; it's a Liebert GXT. My synology had no issue monitoring it and doing shutdown. Looked through the MAN pages linked under advanced config and didn't see anything mentioning community strings.

Edit2; added public in the UPS and it worked, where can I specify that in this package?

Also where do I specify shutdown settings?
« Last Edit: January 11, 2018, 03:11:08 pm by Maxburn »

Offline dennypage

  • Hero Member
  • *****
  • Posts: 715
  • Karma: +136/-0
    • View Profile
Re: NUT package
« Reply #299 on: January 11, 2018, 05:28:15 pm »
Is this the right package to monitor a UPS and shut down pfsense if I get a low battery?

I'm poking around and tried to add a remote snmp UPS but there doesn't seem to be a field to specify a community string. I don't run public for obvious reasons.

Yes, this is the right package.

As to the community string, if you are using the default ("public"), then you don't need to specify a community string. If you are using something other than the default, you would specify the community in the Extra Arguments to driver section. See the snmp-ups man page for more information on snmp driver arguments.

As an aside, a unique community name can be marginally effective at preventing accidents, but it offers nothing in the way of actual security because the name is sent across the network in clear text. While it used to be considered an important best practice to change the community name with v1/v2, many people don't bother any more. For actual security you need to use v3, at which point it doesn't matter if the community name is public. Even when using a unique community name for read/write with v1/v2/v3, it is common to leave public in place as an read only v1 community for monitoring things such as UPSs.