SG-1100 Won’t Reboot on Upgrade - no internet access!

TangoOversway

I've tried to use both usbboot and usbrecovery. They just end up with the normal menu appearing. This time I got a screen shot of part of the screen after running usbrecovery:

It stayed there a while, then gave me the normal menu, so I booted to the default and now I have this:

I've been there before. It does nothing for a long time. No status indicator or anything. Is it wiping my drive to prep for a recovery? Shouldn't I see something giving me an indication it's doing something? And if that is normal, how long should I wait?

patient0

@TangoOversway how did you write the image you got from Netgate to the USB? And what was the file named you got?

The message you are seeing means the installer is corrupt or it can't boot from it.

SteveITS

@TangoOversway The installer should start at a license screen:
https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html

Paging @stephenw10 ...

Just to ask, you did burn the USB stick with Etcher?
https://docs.netgate.com/pfsense/en/latest/install/write-memstick.html

TangoOversway

The filename is netgate-installer-aarch64.img.gz. After it wouldn't work with usbboot or usbrecovery, I put it on another USB stick to see if that was the issue. I'm using Balena Etcher.

I haven't seen a license screen yet.

It's at mountroot> random: unblocking device. Last time it was there and I hit <return> after a few minutes, I got a message that made it sound like a process was terminated.

TangoOversway

Finally got something firm. Tried burning it to a 3rd USB stick. Ended up with the main menu again, so I hit reboot and ran usbrecovery:

So I'm getting a bad USB device. Never got that - just saw it stop at the 1MMC erase: dev #`....1 line before.

patient0

@TangoOversway you are doing it all correct, the file is the correct one and Etcher is perfect for the job.

The 1100 has to USB ports, can you try the other port?

TangoOversway

@patient0 Just thought of that - and took the USB stick I know is a better quality product and put it in the other port:

SteveITS

@TangoOversway You could try opening a TAC ticket. They may be able to help under the free "zero to ping" support since this is a reinstall.

At a high level, the install on ARM devices erases the storage and copies in the new image.

patient0

@TangoOversway the 1100 doesn't see the USB stick, I guess you tried the first USB port too with the 3rd USB stick?

TangoOversway

I don't know how much this will help, since what I'm seeing could be part of a problem with the file or installer on the USB stick.

Just for reference, I have sticks A, B, and C. Tried etching to A and when it wouldn't boot or do the recovery thing, I tried B, which is a better quality stick. Did most of this with B. Then thought to try C, which is a cheaper USB stick. I tried C in the "Normal" USB connection, on the left of the panel. Got the error message about a bad device, so I stuck it in the other one and I could run usbboot from it, but got the menu again. (And I may have run recovery and had another bad device error.)

So I'm back to B, the good USB stick in terms of quality. Again, used Balena Etcher on all 3 and they verified. So I tried B in the 2nd port (on the right, with the SS on the USB symbol). Bad device, so I tried it back in the left side slot. It did the blocking thing, then started doing more - but things scrolled by so quickly I couldn't see them or see any error messages. (Also, at one point, it cleared the screen.) And, again, I get the main boot menu.

Okay, so I have bad media or something. What to do? Keep etching on other USB sticks and retrying?

Is there any way to verify what's on the stick on a Mac? It comes up as DTBAT0 as a volume. When I list it (with ll -la to get hidden files too), I get:

total 163
drwx------@ 1 hal   staff      0 Feb 20 13:47 ./
drwxr-xr-x  8 root  wheel    256 Feb 20 14:37 ../
drwx------  1 hal   staff    512 Feb 20 14:37 .fseventsd/
-rwx------  1 hal   staff  17302 Sep 19 16:49 armada-3720-gti-doorkeeper.dtb*
-rwx------  1 hal   staff  18022 Sep 19 16:49 armada-3720-netgate-1100.dtb*
-rwx------  1 hal   staff  13733 Sep 19 16:49 armada-3720-netgate-2100.dtb*
-rwx------  1 hal   staff  18022 Sep 19 16:49 armada-3720-sg1100.dtb*
-rwx------  1 hal   staff  13733 Sep 19 16:49 armada-3720-sg2100.dtb*

/Volumes/DTBFAT0/.fseventsd:
total 4
drwx------  1 hal  staff  512 Feb 20 14:37 ./
drwx------@ 1 hal  staff    0 Feb 20 13:47 ../
-rwx------  1 hal  staff   36 Feb 20 14:37 fseventsd-uuid*```

TangoOversway

@patient0 Yes. Tried B & C in both ports. Now trying A in the 2nd port.

TangoOversway

Got the license screen this time!

Tried usbrecovery, got the main boot menu, but was filling out the form for TAC support and couldn't stop it. So I decided to wait and watch.

Got the license screen. Just wish I knew what kind of magic juju I did to get it!

TangoOversway

And lost it....

I must have specified the wrong kind of terminal. I could not respond to accept the license agreement.

So I reboot and get the Marvell prompt and run usbrecovery. It apparently wipes the drive and then I get:

TangoOversway

I'm at a sticking point now.

It's complaining that it can't reach the Netgate servers. I have it hooked up, via USB, to my workstation. The connection to my ISP is downstairs from there, so is there some way to get it up and running to the point where I can reach it via wifi before it needs the servers?

patient0

@TangoOversway unfortunately you gotta have some way to connect to the internet. I don't see how connected by USB to your workstation helps for that.

https://docs.netgate.com/pfsense/en/latest/install/install-pfsense.html

"This installer is an online installer and requires Internet connectivity to download installation data from Netgate servers. Currently the installer supports DHCP, static IP address, and PPPoE configurations. Connect the WAN port of the device into a live network connection supporting one of those connectivity types."

That is the new installer, maybe TAC can send you an (older) offline installer (not sure that still exists).

TangoOversway

@patient0 I need the USB connection so I can run the installer on the serial connection. I have the installer coming up, but it wants to talk to the internet. So I found a USB-B cable long enough for me to use with a server near where my SG1100 needs to go to connect to the WAN and hooked it up.

At this point it gets confusing, since the installer asks me about my LAN connection and I just hit <return> and accept it. It's connected to my LAN through the normal LAN interface and to my ISP through the WAN connector - just like normal. So I let it go on, but it can't connect to the internet. It provides the option to reconfigure my connections, but from what's given on the text menu from the installer, I don't know which device is LAN or WAN and I don't want to mix them up.

patient0

@TangoOversway https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/switch-overview.html

should be according to the docs:
WAN : mvneta0.4090
LAN :mvneta0.4091

Do you know how you get onto the internet with your ISP? Did you get an modem from you ISP? And/or PPPoE?

TangoOversway

@patient0 I use Starlink. It uses its own router which uses the 192.168.1.xxx address space and has DHCP, so when I plug the WAN connector in to it, it gives it an IP address and specifies its DNS server (which I ignore and use Google's), and it works without issue. So even though I normally specify my own preferred DNS server, for setup purposes, it shouldn't have a problem with the one it gets from the Starlink DHCP server.

The Starlink router is in a safe weather controlled box, with about 1,000 feet of fiber optic cable between the SG1100 and it (but it's transparent to the network - looks like it's just an ethernet connection). So I may have to put on a jacket and sludge out to the field to get a wifi connection with the Starlink router to verify it sees the SG1100. (I can connect to the Starlink router remotely, but I don't get all the info I need from it.)

patient0

@TangoOversway if you get 192.168.1.x on WAN it will clash with the default LAN the pfSense will setup. You will have to give your LAN a different IP range.

On pfSense Configuration page further down is the interesting part for you:

"If the default LAN subnet conflicts with the WAN subnet, the LAN subnet must be changed before connecting it to the rest of the network. Attempting to access the GUI in this situation is unpredictable and unlikely to work until the conflict is resolved."

"The LAN IP address may be changed and DHCP may be disabled using the console:

• Open the console (VGA, serial, or using SSH from another interface)
• Choose option 2 from the console menu
• Enter the new LAN IP address, subnet mask, and specify whether or not to enable DHCP.
• Enter the starting and ending address of the DHCP pool if DHCP is enabled. This can be any range inside the given subnet."

TangoOversway

@patient0 I'm not even getting to the point where I can enter any configuration info at all.

I was hoping I could load my configuration file and have it just set up the new replacement system using those settings. One of the docs pages indicates one option is to load a config for that, but I don't see that option.

I'm wondering if I should try connecting the LAN interface to the internet and see if I get a connection that way.

At this point, there is no wifi access at all. I've got a brick with a serial connection and no option to edit ANY settings.