To pull information from the system, graphs, back it up etc. Be keen to know what you did 
Thanks!
I donāt own pfSense, but canāt you do that with SNMP?
Yes, there are many ways. Just interested to hear thoughts from people who have used it. FauxAPI also provides some access into the system
1 Like
i have a PC waiting with pFsense and some portsā¦
never seem to find the time to this switch ā¦ still with my old router ā¦
maybe if someone will give me some kind of push
what are the benefits, for OH?
i can think of a good presence detection for phonesā¦ but what more?
I have pfSense but have not looked into any sort of integration with it. I suppose itād be nice to detect when phones join the network instead of relying on the Network binding polling but Iāve not come up with any other good use cases yet.
I tend to avoid using OH as a general purpose IT monitoring service. If and when I want that Iāll probably go down the Prometheus route or use Zabbix or something like that instead. Something that is better designed to actually do network and computer monitoring. I only put into OH enough network monitoring so OH can take action when something is offline it needs to use (e.g. send an alert if the garage door controller was commanded but the RPi that controls it is offline).
But Iām curious to see what ideas people have.
I wasnāt aware this existed. Iāll need to look into it. I may not use it in my OH config but I could see using it in some of my Ansible scripts.
- It makes managing the DHCP leases pretty easy so itās easy to assign IPs to specific devices.
- It is also dead simple to set up OpenVPN. I still use myopenhab.org but the vast majority of all my interactions with OH are through OpenVPN.
- Iāve not been super happy with the bandwidth monitoring (the only thing I want is to see how much Iāve used since a specific day of the month and I still canāt find a good way to do it). Iād love suggestions. Iāve tried pfTop and darkstat so far.
- pfBlockerNG is like piHole only itās built in instead of needing a separate machine and it is fantastic for reducing ads and blocking malware sites. I highly recommend it.
- Iāve played around with Snort but I donāt actually check the alerts often enough to make running it worth while.
- Override your ISPās DNS servers LAN wide is simple.
I still am trying to figure out how to create a guest network using pfSense and my DD-WRT wireless AP. I just canāt find the right tutorial apparently. Once I do that I will look into separating the home automation and media networks so as I add more little ESP8266s and the like they wonāt slow down my Rokus.
Some or all of these may be available on your existing router.
The big thing you will notice though is that the direct benefit to OH is not super obvious and for the most part OH benefits mostly because your whole network benefits.
1 Like
yep most of your points is why i want to take my ISP router out of the game ā¦
i cannot do even decent dhcp there, one day i will be brave and will change this
I do exactly this. I have a shell script that runs on the pfsense box (via cron), which checks the pfsense arp tables for mobile phones, and posts the results to openHAB items using REST (via curl commands).
2 Likes
Having OH report your public IP address if you are on DHCP from an ISP is probably helpful to know if it updates.
I also looked into attempting this at one point, the vlan setup on DD-WRT (at the time) seemed like more effort than it was worth; and/or it was the br* interfaces that gave me trouble trying to setup a second SSID and eventually just lead me to obtaining Cisco APs my company were going to chuck to the curb.
Along those lines, pfSense actually supports automatically updating dynamic dns addresses with a number of providers. If I want to find that out myself though I usually just open a browser to go to whatsmyip.com. Thatās faster than logging into the OH app for me.
The funny thing I seem to have both the vlan set up on pfSense and the br interfaces set up on the AP. I just canāt seem to get them to work together. Iāll get a bee in my bonnet again some day and try it again. I have no hope of getting cast off APs to solve my problem. 
It will become a bit more important when my little one getās older. My plan is to put him on a guest network with parental controls and monitoring turned up. That seemed to be a decent approach when I looked into it. Maybe not.
pfblockerNG is awesome, i use my own OH2 Cloud, pfBlockerNG pulls the AWS JSON IP range file and allows it inbound on a weekly basis
awesome
1 Like
In my case Dynamic DNS options donāt work as I place the firewalls in VMs and their āpublicā is actually another NATāed space. Also I believe if there is a DHCP change it may take time for records to be updated (although I doubt it would be a long time even with free account options), all depends on what needs to be fixed while away from home and considered a ācrisesā.
I also recall DD-WRT has a vlan structure of 0 - 15, which confused me on why it could only handle the first 15/16ā¦it makes more sense to limit users to a total of that many and allow them to select the values. 
However it sounds like you made it much further than I did!
1 Like
As far as I know that 15 vlan is the actual number of vlans itās hardware suporter by the router chip. You can use other vlan numbers like 20 or 100 etc but you can only have max 15 vlans. Cheers
1 Like
@Liviu_Ancas Good to know, perhaps this changed with newer versions of DD-WRT. I think I had a v5 of the actual WRT54G device and the vlans were static/hard set on the GUI, never went far into the CLi if that is how to change the numbers (hate having to learn stripped down CLi/OSes to configure things I can do with full CLI/OSes).
1 Like
could you share some details of what use to achieve this scripts, openhab rules to process this information,more comments on how u achieved it, thanks
Create a shell script on the pfSense server that does the following:
-
Checks pfSenseās arp table for the mobile phone(s) that you are detecting. E.g the script below returns a count of the number of times the mobile phone name defined in the variable
$phoneis found in the arp table:
/usr/sbin/arp -a | /usr/bin/grep -i $phone | /usr/bin/wc -l -
If the count is zero, the mobile phone is not currently present (or is switched off/airplane mode etc).
-
If the count is greater than zero, then the device is active on the network.
-
Assuming the result of the previous arp command is assigned to a variable
count, we can post an update to openHABās switch itemxxxx_atHome_arpfor tracking this device:
if [ $count -gt 0 ]; then /usr/local/bin/curl -X POST --header "Content-Type: text/plain" --header "Accept: application/json" -d "ON" "http://openhab:8080/rest/items/xxxx_atHome_arp" >/dev/null 2>&1 else /usr/local/bin/curl -X POST --header "Content-Type: text/plain" --header "Accept: application/json" -d "OFF" "http://openhab:8080/rest/items/xxxx_atHome_arp" >/dev/null 2>&1 fi
Once the script is working, you can create a cron task to run it as frequently as you need (I have mine being executed every 2 minutes).
There is no particular rules required for processing the above in openHAB (unless you want to do your own post processing). It just updates a switch item with ON for when the mobile phone is found in the arp table, or OFF otherwise.
2 Likes
I have both pfsense with pfblockerNG and use openvpn to remotely access OH too. Iāll keep an eye on this thread for interesting suggestions!
1 Like
It seems like this stranded here, and I canāt find any other topics that is closer. Iām looking for a way to get some basic āstateā information from OPNsense (a pfSense fork that is still āopenā, pfSense has gone down a dark path). What Iād primarily like to know is if the Internet connection or one of the VPN tunnels goes down. I have a siren and lights controlled by OH that could alert me to ātake actionā if something goes down.
While posting the status to OH using scripts like described above doesnāt look to bad, such solutions end up being pretty āfragileā for me because I forget the details once Iāve worked on a couple of other projects, and when an upgrade of one of the involved system breaks it, I have to start all over again.
Has anyone found a āless manualā solution since this was last discussed?
I have been working on a binding for pfsense. The problem with pfsense was that there was no official api. I had to use a third party addon api. I have now switched and working on a opnsense addon. Opnsense has a json api. Iām mainly focusing on features like presence and to toggle rules on and off.
Main problem is to find time so I canāt give a time line. For detecting if a vpn is down I think it will work to make a request over that interface. I run my vpn on a separate vlan, so is quite easy for me to test. Iām running a script that tests my vpn connection and publishes the result using mqtt.
1 Like
Thatās great to hear, I think my remaining pfSense installation will become OPNsense too in the near future, itās hard for me to see why anyone would stay with pfSense considering their ādirectionā, unless they have some very specific needs of course.
I donāt know what the OPNsense API exposes, but Iād imagine that once you have the āframeworkā of a plugin in place, adding channels for the state of interfaces and tunnels probably wouldnāt be too hardā¦?
Time is always a problem. Do you have your work on a public repo like GitHub or similar?
I understand that thereās lots of ways to monitor āconnectionā status, I could probably use one of the existing bindings in openHAB and just make it ping āstrategic addressesā. Iām not a fan of āspammingā connections with ICMP if the information can be gotten from the source though. My goal at this point is just to orientate myself of what approaches that do exist, so that I can pick what I consider the ābestā one.
If pfSense/OPNsense support SNMP, the SNMP binding would be another option.