OPNsense, as a robust open-source firewall and routing platform, plays a crucial role in safeguarding network infrastructure against various threats. However, ensuring uninterrupted operation of this critical system is equally vital. This is where a UPS (Uninterruptible Power Supply) comes into play.
A UPS serves as a protective barrier against power outages, surges, and fluctuations. By providing a continuous flow of power to OPNsense even during electrical disruptions, a UPS prevents unexpected shutdowns and ensures uninterrupted network connectivity. This is particularly crucial in environments where maintaining network uptime is paramount, such as businesses, data centers, or critical infrastructure.
Moreover, abrupt power losses can lead to data corruption or loss, potentially compromising the integrity of firewall configurations, logs, and other critical data stored on OPNsense. With a UPS in place, OPNsense has sufficient time to gracefully shut down, preserving data integrity and preventing potential system damage.
In the guidelines below, I’ll show you on how to install and configure the APC UPS with the plugin on OPNSENSE
In my case the UPS used was an entry level APC Back-UPS (750VA/410W, 4x Schuko, USB, AVR) with data connection over the USB cable. (Amazon.us)
HW INSTALLATION
UPS should be connected directly to main power source
OPNSENSE appliance needs to be connected with AC plug at the back of the UPS
USB cable needs to be connected from UPS to OPNSENSE free USB-A slot
OPNSENSE INSTALLATION
Access OPNsense Web Interface: Open a web browser and log in to your OPNsense firewall’s web interface.
Navigate to Package Manager: Once logged in, go to the “System” menu and select “Firmware” from the dropdown. Then, choose the “Plugins” tab.
Search for os-apcupsd: In the Plugins tab, you’ll find a search box. Type “os-apcupsd” into this box and hit Enter. This should display the
os-apcupsd
package if it’s available for your OPNsense version.Install os-apcupsd: Once you find
os-apcupsd
, click on the “Install” button next to it. OPNsense will then download and install the package.Configuration: After installation, you may need to configure
os-apcupsd
according to your specific APC UPS setup. This typically involves setting up communication parameters such as UPS model, connection type (USB, serial, etc.), and optionally configuring actions to take in case of power events.
Start the Service: Once configured, you’ll need to start the
apcupsd
service. You can do this from the command line or the OPNsense web interface, depending on your preference.Testing: After installation and configuration, it’s a good idea to test
os-apcupsd
to ensure it’s functioning correctly. You can simulate power events to see if the UPS triggers actions properly.You may create an OPNSENSE dashboard widget to display current state of the UPS
Remember to always take caution when dealing with system configurations, especially on networking devices like firewalls. Incorrect configurations can lead to system instability or security vulnerabilities. If you’re unsure about any step, it’s best to consult the documentation or seek assistance from someone with experience in managing OPNsense systems.
How to fix errors when APCUPSD is disabled on OPNSENSE if crashed
When you cannot re-enable the plugin for apcupsd in OPNSENSE with following error
Error: apcupsd is disabled
Usually it means that service is being locked due to crash. To delete the lock you would need to SSH to your OPNSENSE instance select Option 8 for shell and type in:
rm -r /var/spool/lock
Then reboot the device. The service should be running fine again.
Source: https://forum.opnsense.org/index.php?topic=34819.0
Maciej Zytowiecki
Network security expert with a deep passion for wireless networks, networking and data security. When I'm not working, you'll find me diving into hobby projects, contributing to open-source initiatives, or enjoying hands-on experiments with cutting-edge tech. My goal is to bridge the gap between complex concepts and accessible knowledge, making the world of network security both intriguing and approachable for all.