New Netgate SG-1100 2.4.5-RELEASE-p1 Available Packages Empty
-
Ok, after digging into this we were able locate an issue and developed a solution.
A small percentage of Netgate 1100 pfSense Plus appliances have been found to be unable to perform pfSense software updates (through our update servers) beyond version 2.4.5 p1.
Symptoms include the pfSense dashboard <Status/Dashboard> not showing any updates available beyond v2.4.5 p1. Please note that this is incorrect - the latest version of pfSense software available for the Netgate 1100 is version 21.05.2.
This issue affects Netgate 1100 appliances within the following serial number range: NTG2137000001 - NTG2137001503. If your unit’s serial number is within this range, please take the following steps to upgrade:
An affected system will show it to be running pfSense 2.4.5-RELEASE-p1, and state that the system is on the latest version:
To update an affected Netgate 1100, follow these steps:
Navigate to System>Update on the affected firewall. Here you should see a message encouraging 1100 users to select the SG-1100 update branch as outlined below:
Select the SG-1100 update branch from the drop-down menu and wait for the system to offer 21.05.2 as the Latest Base System:
Select “Confirm”.
The SG-1100 will be fully in conformance and able to perform future updates and package downloads without issue immediately after updating via the “SG-1100 update” option.
NOTE: It may take up to 24 hours for the blue text message “SG-1100 users should use the update selection “SG-1100 update” in the selector above” to disappear.
If you need technical assistance, please contact Netgate Support (select TAC Lite if you did not purchase a TAC subscription) .
We apologize for any inconvenience.
Steve
-
@stephenw10 that is excellent news - thanks for finding the problem! Will all new SG-1100 come with the fix? For example, if I order another one today?
-
Any that are in the affected range will see the new update branch. The code to allow that is at the update repo servers so nothing is required on the 1100 itself.
Steve
-
@stephenw10 Just chiming in with my experience. The update process mentioned appeared to have essentially bricked my brand new SG-1100 with a serial right in the middle of the range you provided. After the update it started an endless bootloop. It would then appear to boot up and start(light would be solid). But it would last for <1 minute at most. Then the would turn off and it would absolutely nothing for a couple minutes. Then start the process again.
When the light would be solid my laptop plugged in to the LAN port would sometimes get an IP, and sometimes be able to access the web GUI. It was entirely inconsistent.
The last time I was actually able to get into the GUI I started the process to go back to factory defaults. This appears to have fixed whatever the issue was. But I did lose the little bit of configuring that I had done. But I had only just gotten it out of the box so that's no biggie.
Edit: It just rebooted itself as I was going through the setup wizard...
-
Well I think I can say that mine is officially bricked. I tried doing a reboot with a filesystem check. The first few times it was able to start up my laptop ended up getting a connection from my internal network. Which the 1100 is plugged into for testing. It did not get assigned an address from pfSense.
I also got following gibberish when attempting to connect through the console port.
Now the light will flash fast for a few seconds every minute or so. Nothing else is happening and I cannot get any console connection at all.
Looks like I will need to reach out to support...
-
Yes, sounds like an additional issue. Please open a ticket with us.
https://www.netgate.com/tac-support-requestSteve
-
I recently purchased a handful of SG1100s and this fix has worked on all of the ones I've deployed so far, till tonight. I changed the update branch as usual, but it still failed to see an update is available, and the available packages are still empty. Any suggestions?
-
It showed the SG-1100 update branch?
Please run at the command line after selecting that branch:
pkg-static -d updateLet us know the output.
Steve
-
This is what I received
DBG(1)[85773]> pkg initialized pkg-static: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended Updating pfSense-core repository catalogue... DBG(1)[85773]> PkgRepo: verifying update for pfSense-core DBG(1)[85773]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[85773]> Fetch: fetching from: http://1100-repo.netgate.com/pkg/pfSense_plus-v22_01_aarch64-core/meta.conf with opts "i" DBG(1)[85773]> Fetch: fetching from: http://1100-repo.netgate.com/pkg/pfSense_plus-v22_01_aarch64-core/meta.txz with opts "i" DBG(1)[85773]> Fetch: fetching from: http://1100-repo.netgate.com/pkg/pfSense_plus-v22_01_aarch64-core/packagesite.txz with opts "i" pfSense-core repository is up to date. Updating pfSense repository catalogue... DBG(1)[85773]> PkgRepo: verifying update for pfSense DBG(1)[85773]> PkgRepo: need forced update of pfSense DBG(1)[85773]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[85773]> Fetch: fetching from: http://1100-repo.netgate.com/pkg/pfSense_plus-v22_01_aarch64-pfSense_plus_v21_05_2/meta.conf with opts "i" DBG(1)[85773]> Fetch: fetching from: http://1100-repo.netgate.com/pkg/pfSense_plus-v22_01_aarch64-pfSense_plus_v21_05_2/meta.txz with opts "i" pkg-static: http://1100-repo.netgate.com/pkg/pfSense_plus-v22_01_aarch64-pfSense_plus_v21_05_2/meta.txz: Not Found repository pfSense has no meta file, using default settings DBG(1)[85773]> Fetch: fetching from: http://1100-repo.netgate.com/pkg/pfSense_plus-v22_01_aarch64-pfSense_plus_v21_05_2/packagesite.txz with opts "i" pkg-static: http://1100-repo.netgate.com/pkg/pfSense_plus-v22_01_aarch64-pfSense_plus_v21_05_2/packagesite.txz: Not Found Unable to update repository pfSense Error updating repositories! -
Ah, that looks like a back end problem, we have corrected it.
Please re-test.
Steve.
-
I have this problem too. When I go to System > Update, I do not see the blue message about changing to "SG-1100 update" and the Branch dropdown only shows 2.4 and 2.4.4. Serial# NTG2132000231. If we can't fix it via the GUI, can I do a clean install via putty/SSH? The firewall is installed in a remote office, so I don't have access to its USB port.
-
Ah, that's a different problem. That is usually because the crypto hardware has become stuck in an unexpected mode. To resolve that you need to fully power cycle the device, so do a clean shutdown then remove the power for 10s.
It's not possible to reinstall without access to the USB console locally.Steve
-
Thank you. It would be much better if we could do that crypto reset remotely somehow. And if the GUI would detect the problem and explicitly recommend resetting the crypto.
I did the power cycle, and now I still get no updates but I'm getting these new errors:
Enter an option: 13 >>> Updating repositories metadata... Updating pfSense-core repository catalogue... pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/meta.txz: No address record repository pfSense-core has no meta file, using default settings pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/packagesite.txz: No address record Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/meta.txz: No address record repository pfSense has no meta file, using default settings pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/packagesite.txz: No address record Unable to update repository pfSense Error updating repositories! ERROR: Unable to compare version of pfSense-repo[2.4.5-RELEASE][admin@pfSenseVi.internal.<snipped>.com]/root: pkg-static -d update DBG(1)[42233]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[42233]> PkgRepo: verifying update for pfSense-core DBG(1)[42233]> PkgRepo: need forced update of pfSense-core DBG(1)[42233]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/meta.conf with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/meta.conf with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/meta.conf with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/meta.txz with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/meta.txz with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/meta.txz with opts "i" pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/meta.txz: No address record repository pfSense-core has no meta file, using default settings DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/packagesite.txz with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/packagesite.txz with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/packagesite.txz with opts "i" pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-core/packagesite.txz: No address record Unable to update repository pfSense-core Updating pfSense repository catalogue... DBG(1)[42233]> PkgRepo: verifying update for pfSense DBG(1)[42233]> PkgRepo: need forced update of pfSense DBG(1)[42233]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/meta.conf with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/meta.conf with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/meta.conf with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/meta.txz with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/meta.txz with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/meta.txz with opts "i" pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/meta.txz: No address record repository pfSense has no meta file, using default settings DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/packagesite.txz with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/packagesite.txz with opts "i" DBG(1)[42233]> Fetch: fetching from: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/packagesite.txz with opts "i" pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_5_aarch64-pfSense_factory-v2_4_5/packagesite.txz: No address record Unable to update repository pfSense Error updating repositories! -
Unfortunately there is no way to reset the crypto device from that state in software. The driver has since been updated to stop that happening though.
Ok, that looks like a DNS problem. Are you able to resolve anything from Diag > DNS Lookup in the GUI?
It could be a DNSSec issue if you are not passing a DNS server to it via DHCP. Try adding 8.8.8.8 in System > General Setup to get past it.
Steve
-
@stephenw10 You're right, I found out that the WAN interface shows "no carrier" now, and I have to wait until Monday for someone onsite to fix it. So if you don't hear back, that means I'm good to go. Thanks for your help.
-
Ok, we fixed the WAN issue. Now pfSense can resolve and ping google.com. But pfSense still won't update.
[2.4.5-RELEASE][admin@pfSenseVi.internal.<snip>.com]/root: pkg-static -d update DBG(1)[24465]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[24465]> PkgRepo: verifying update for pfSense-core DBG(1)[24465]> PkgRepo: need forced update of pfSense-core DBG(1)[24465]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.conf with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo00.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.conf with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.conf with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo00.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz with opts "i" pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Bad Request repository pfSense-core has no meta file, using default settings DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/packagesite.txz with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo00.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/packagesite.txz with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/packagesite.txz with opts "i" pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/packagesite.txz: Bad Request Unable to update repository pfSense-core Updating pfSense repository catalogue... DBG(1)[24465]> PkgRepo: verifying update for pfSense DBG(1)[24465]> PkgRepo: need forced update of pfSense DBG(1)[24465]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/meta.conf with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo00.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/meta.conf with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/meta.conf with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/meta.txz with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo00.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/meta.txz with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/meta.txz with opts "i" pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/meta.txz: Bad Request repository pfSense has no meta file, using default settings DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/packagesite.txz with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo00.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/packagesite.txz with opts "i" DBG(1)[24465]> Fetch: fetching from: https://repo01.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/packagesite.txz with opts "i" pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/packagesite.txz: Bad Request Unable to update repository pfSense Error updating repositories!Enter an option: 13 >>> Updating repositories metadata... Updating pfSense-core repository catalogue... pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/meta.txz: Bad Request repository pfSense-core has no meta file, using default settings pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-core/packagesite.txz: Bad Request Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/meta.txz: Bad Request repository pfSense has no meta file, using default settings pkg-static: https://repo.netgate.com/pkg/pfSense_factory-v2_4_4_aarch64-pfSense_factory-v2_4_4/packagesite.txz: Bad Request Unable to update repository pfSense Error updating repositories! ERROR: Unable to compare version of pfSense-repo -
What does the Update Branch say in the GUI? System->Updates
-
@rcoleman-netgate I just did another factory reset. Immediately after the setup wizard, pfSense checked for updates and did not find any. Here is the Update page:
-
@jeremy11one Previously you said that you aren't local to the device but now you've done a factory reset. Does that mean you're on site?
If so I recommend requesting the 22.01 image from TAC and reimaging the system.
-
@rcoleman-netgate No, I'm still remote. There is a laptop onsite that is connected to the neighbor's Wi-Fi and also plugged into our LAN via ethernet. So I can remote into the laptop through the neighbor's Wi-Fi connection, then access the firewall through its LAN port since it's plugged into our network. That lets me do Factory Resets and anything else through the pfSense box's LAN port.
If there's no way to fix it via the LAN port, I can ship a USB cable to them so I can re-image it that way, but shipping will take a few days.
What is causing this "Bad Request" error? Is there some SSH command to tell pfSense to download and install a new image from another source?
