SG-1100 Won’t Reboot on Upgrade - no internet access!
-
Got the license screen this time!
Tried usbrecovery, got the main boot menu, but was filling out the form for TAC support and couldn't stop it. So I decided to wait and watch.
Got the license screen. Just wish I knew what kind of magic juju I did to get it!
-
And lost it....
I must have specified the wrong kind of terminal. I could not respond to accept the license agreement.
So I reboot and get the Marvell prompt and run usbrecovery. It apparently wipes the drive and then I get:
-
I'm at a sticking point now.
It's complaining that it can't reach the Netgate servers. I have it hooked up, via USB, to my workstation. The connection to my ISP is downstairs from there, so is there some way to get it up and running to the point where I can reach it via wifi before it needs the servers?
-
@TangoOversway unfortunately you gotta have some way to connect to the internet. I don't see how connected by USB to your workstation helps for that.
https://docs.netgate.com/pfsense/en/latest/install/install-pfsense.html
"This installer is an online installer and requires Internet connectivity to download installation data from Netgate servers. Currently the installer supports DHCP, static IP address, and PPPoE configurations. Connect the WAN port of the device into a live network connection supporting one of those connectivity types."
That is the new installer, maybe TAC can send you an (older) offline installer (not sure that still exists).
-
@patient0 I need the USB connection so I can run the installer on the serial connection. I have the installer coming up, but it wants to talk to the internet. So I found a USB-B cable long enough for me to use with a server near where my SG1100 needs to go to connect to the WAN and hooked it up.
At this point it gets confusing, since the installer asks me about my LAN connection and I just hit <return> and accept it. It's connected to my LAN through the normal LAN interface and to my ISP through the WAN connector - just like normal. So I let it go on, but it can't connect to the internet. It provides the option to reconfigure my connections, but from what's given on the text menu from the installer, I don't know which device is LAN or WAN and I don't want to mix them up.
-
@TangoOversway https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/switch-overview.html
should be according to the docs:
WAN : mvneta0.4090
LAN :mvneta0.4091Do you know how you get onto the internet with your ISP? Did you get an modem from you ISP? And/or PPPoE?
-
@patient0 I use Starlink. It uses its own router which uses the 192.168.1.xxx address space and has DHCP, so when I plug the WAN connector in to it, it gives it an IP address and specifies its DNS server (which I ignore and use Google's), and it works without issue. So even though I normally specify my own preferred DNS server, for setup purposes, it shouldn't have a problem with the one it gets from the Starlink DHCP server.
The Starlink router is in a safe weather controlled box, with about 1,000 feet of fiber optic cable between the SG1100 and it (but it's transparent to the network - looks like it's just an ethernet connection). So I may have to put on a jacket and sludge out to the field to get a wifi connection with the Starlink router to verify it sees the SG1100. (I can connect to the Starlink router remotely, but I don't get all the info I need from it.)
-
@TangoOversway if you get 192.168.1.x on WAN it will clash with the default LAN the pfSense will setup. You will have to give your LAN a different IP range.
On pfSense Configuration page further down is the interesting part for you:
"If the default LAN subnet conflicts with the WAN subnet, the LAN subnet must be changed before connecting it to the rest of the network. Attempting to access the GUI in this situation is unpredictable and unlikely to work until the conflict is resolved."
"The LAN IP address may be changed and DHCP may be disabled using the console:
- Open the console (VGA, serial, or using SSH from another interface)
- Choose option 2 from the console menu
- Enter the new LAN IP address, subnet mask, and specify whether or not to enable DHCP.
- Enter the starting and ending address of the DHCP pool if DHCP is enabled. This can be any range inside the given subnet."
-
@patient0 I'm not even getting to the point where I can enter any configuration info at all.
I was hoping I could load my configuration file and have it just set up the new replacement system using those settings. One of the docs pages indicates one option is to load a config for that, but I don't see that option.
I'm wondering if I should try connecting the LAN interface to the internet and see if I get a connection that way.
At this point, there is no wifi access at all. I've got a brick with a serial connection and no option to edit ANY settings.
-
@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
load my configuration file
https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html#configuration-restore
Try putting it on a different/second USB stick if it doesn't find it on the one with the installer...?
-
@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I was hoping I could load my configuration file and have it just set up the new replacement system using those settings. One of the docs pages indicates one option is to load a config for that, but I don't see that option.
But you are now seeing a menu like in picture 2 of the two I posted before?
I'm wondering if I should try connecting the LAN interface to the internet and see if I get a connection that way.
That won't work, no need to try.
At this point, there is no wifi access at all. I've got a brick with a serial connection and no option to edit ANY settings.
Restore: what SteveITS wrote.
How is Wifi playing into it? The 1100 doesn't have Wifi, no?
-
Current situation:
I am using my tablet as a hotspot so my workstation has internet access. Slow and a pain, but it works.
I've found a way to get the installer up every time. My SG1100 has CAT5 going from the WAN interface to the WAN connection (to the Starlink router) and CAT5 going from the LAN interface to a switch on my LAN. I have a USB-B cable connected to a Linux server and I'm using the GNU screen command to communicate with the SG1100 via serial. I've found out how to get to the installer every time now.
I plug in the power to the SG1100, wait for the first prompt to disable autoboot and hit a key. Get the Marvell prompt and type
run usbbootand wait. The "normal" boot menu comes up (the one in the 1st picture from @patient0). Let it autoboot. Then I get a long wait while it runs commands and generates keys (new keys each time, I presume). Then I get the license screen and know I'm in the installer. Get past the license screen to this:
If I pickAdvanced Options, I get this:
Note there are NO options to load any configuration. I did put the config on one of my USB sticks and put that in the other USB jack. No change.Then I have to confirm my network connections:
I did try, due to the info about the address space conflict, to disable the LAN. No change. Next is to get to that point and sludge out to my "Outpost" (on the far end of 1,000 feet of fiber optic cable and 1/0 power cable that I buried in 2' (or deeper) trench and connect to the Starlink wifi to verify it "sees" the SG100. There shouldn't be an issue. In the past I always just connect the SG1100 to the ethernet cable that goes to the fiber optic converters (those are invisible to the network, so just drop that as an issue right now!) and it gets an IP address from Starlink's DHCP and it connects without anything else for me to do.So now I'm stuck with the SG1100 not being able to connect to Netgate servers.
I've also copied my config xml file to the USB stick I've been booting the SG1100 off of and I'm going to see if the installer sees that config and offers to load it.
BE CLEAR: I am nowhere near any point on the install where I can configure anything. I can't specify a LAN address space or anything like that. I'm not anywhere near being able to do that.
Relevant info, but not as critical as above:
My ISP is, last I checked, online. (With snow, it could have changed, but Starlink is good about that.) The issue is I don't trust the Starlink router to act as firewall and it uses one address space and I use a different address space. I don't want to plug the CAT5 from Starlink into my switch for several reasons. (Oh - but that gives me an idea!)I had to scrounge around for a USB-B cable long enough to go from a Linux based media server in my tech closet to the SG1100 when it's connected to the LAN switch and to the WAN connection. Found it and I'm using the Linux system to work with the SG1100 over the serial connection. That's a solid connection. It's also on the first floor, so every time I need to do any research or check for posts here, I have to come upstairs to my workstation. It's a thrill a minute, I'm telling you! :(
-
... disable the LAN ...
You need LAN, you can't disable itI've also copied my config xml file to the USB stick I've been booting the SG1100 off of and I'm going to see if the installer sees that config and offers to load it.
If you copied it as in the doc the installer should see it (https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-configuration-from-media-during-install)
"The pfSense software memstick installation image contains a FAT partition which the installer can use for this purpose. If the partition is not visible on the workstation which wrote the memstick image, remove and reinsert the USB drive.
This feature works with any FAT or FAT32 partition the installer can mount during the install process. This can be a USB thumb drive/memory stick or an optical disk/virtual drive."
I can't specify a LAN address space or anything like that. I'm not anywhere near being able to do that.
The config of the LAN comes later, after the screenshots you made: https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html#select-lan-interface
-
Update:
I was able to connect to my Starlink router remotely, so while pfSense was trying to connect to the servers, I checked and Starlink had it listed and gave it an IP address. It listed the MAC address, but, as of now, I know of no way to verify it's the correct MAC address for the SG1100. It did list the device as "pfSense-Install", so I think it's safe to assume it saw that device. Still, no connection to the servers.I can think of 2 solutions, both involve frustration:
-
Take the SG1100 out to the "Outpost" (it's a post out in the field for the Starlink dish - so it's an outpost out there) and connect the WAN directly to the Starlink dish. It might work. The dish counts on POE to move and keep warm, but it shouldn't have to move for the time it takes to setup pfSense. (But I don't know if the dish will move to a storage position if it loses power.) If I do this, it won't have the LAN connection while doing the setup. But does it need that until it gets to the point where I would use the web interface?
-
Setup a Raspberry Pi to act as a wireless AP. I've done this before. Have it connect to the hotspot on my tablet and have the CAT5 coming out of it connect to the WAN on the SG1100. I know it's possible because when I got my Starlink dish, I had to wait for an adaptor for it and had to use the Pi as a bridge between my LAN and the Starlink router's wifi. (I just don't think I still have the notes on it, so I'd have to find them.)
Otherwise, since I know the SG1100 is connecting to the Starlink router and getting an IP address from it, it should connect to the servers. My only guess, at this point, is that it may have an issue with the WAN connection being in a known LAN address space.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
If you copied it as in the doc the installer should see it (https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-configuration-from-media-during-install)
Oops. I saw that and mentally filled in a wildcard thinking, "Okay, so it takes config files," and figured it'd read one that was produced by the Backup function. Nope. Specifically config.xml. So I changed the name of the file on the USB stick. It read that and let me load it.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
You need LAN, you can't disable it
It offers the choice to disable the LAN. Since there could be an address space conflict (Starlink uses the 192.168.1.xxx space and pfSense defaults to using that for the LAN), I figured it was worth a try.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The config of the LAN comes later, after the screenshots you made
Exactly! So when you were quoting about disabling or changing the LAN address space, I was pointing out that I'm nowhere near being able to do anything like that.
-
-
Been dealing with this for about 12 hours now - haven't had time for anything else because we need the internet to work for remote work.
I am having a miserable time trying to set up a Pi to act as a bridge. The instructions I've found are outdated. So I have questions:
-
Does the SG1100 act as a "pass through" while it's on, but not actively being set up? I am pretty sure it does, because I can check my status with the Starlink router remotely and when I have the install app working, but not trying to connect to the servers, Starlink shows a lot of the systems on my LAN as connected to the Starlink router. (Which is odd, since it sees them, and sees the SG1100, but the SG1100 seems incapable of using it to reach the servers.)
-
How likely is the address space, as mentioned earlier, an issue? The Starlink router gives the SG1100 an address in the 192.168.1.xxx address space. (And it cannot be changed - Starlink routers use ONLY that address space!) Could the install program have an issue because the default LAN address space and its WAN address are in the same space?
-
Any ideas or suggestions on this? Right now I'm trying to use a Raspberry Pi as a bridge. The Pi connects to my phone hotspot by wifi, and connects to the SG1100 WAN connector by cable. That way I can put the WAN in the 10.0.0.xxx address space, so it doesn't conflict with the 192.168.1.xxx space - but it's still a reserved space, so would that be a problem? (I don't think so. I set up my SG1100 under a cellular internet connection, so it was on the LAN side of the cellular modem and in a private address space range. But I'm the ignorant guy in this situation!)
I have thought about taking the SG1100 out, as I mentioned, and connecting it to the Starlink dish directly, but there are multiple problems with that: I don't know if the dish will be oriented properly when I disconnect it from its own router. If that works, I still need to connect with the SG1100 by USB for serial communications and I don't have a decent laptop. (Plus it's about 20°F outside now and I really don't want to have to work out in a snowy field in the cold!)
-
-
@TangoOversway unconfigured, the 1100 is a 3 port switch.
I’d think you could disconnect the LAN port during the install and just use WAN, and the console, at least to get going. You can change the LAN subnet at the console. Or have it use your config file.
As alluded to above, you could try asking Netgate for the traditional/old image because you’re having trouble.
-
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I’d think you could disconnect the LAN port during the install and just use WAN, and the console, at least to get going. You can change the LAN subnet at the console. Or have it use your config file.
Tried that. Tried combinations, like plugging WAN into LAN - because you just don't know!
I don't know what's going on, but it's connecting to the Starlink router and, under normal conditions, the signal goes from the SG1100 WAN through the Starlink router with no issue, so I have no idea why it's not going through when the router can see it.
I think I may have no resort but to go to TAC, but if they help, without a big fee (and this has cost us money already - used up all my hotspot bandwidth for the month and I'm still using more, plus lost work time because if the inability to work remotely), it's not like it'll be high priority, so it could take another day or two.
I wish there were some way to see just what is happening with the failed server connection.
I've got a few things to try and if they fail, I'll submit a TAC report.
-
It started to behave - and then...
I have an issue about using an ISP's router on my LAN. Since back around 2000 or so, when I started learning Linux and how networking works, I've always had an ISP router, then a CAT5 running from that router to my firewall. I'd either shut down the ISP's wifi or use it as a guest wifi and have a wifi router inside my LAN, on the LAN side of my firewall.
Within a year or two after starting to do this, one day I went to my ISPs router to check or change a setting and found that my problem was that most of my settings had been reset to factory norms. Not all, but most. How? I didn't do it. So either a hacker or, more likely, the ISP. Since then I have been paranoid about using the ISP's router on my LAN without a firewall between the two.
So, to be honest, from when this started, I could have connected the CAT5 coming out of the fiber converter to my LAN switch but did not want to, for the reasons above. (And the contract for Starlink includes, as part of the agreement, that users recognize Martian colonies, when they are created, as sovereign nations - if an ISP can link stuff like that to their service, I protect myself from them!)
I went through and made sure most of my systems are not connected to the main switch, but did allow wifi. (My rule: If it's stationary and has an RJ45, I use a landline.) Then I connected the line from Starlink to my switch, exposing only the systems on wifi and a couple IoT devices. Once I did that, it made things easier, since I could stop using a hotspot and browsing on my tablet easily. (And, honestly, the idea of connecting directly to the Starlink router never occurred to me before - probably out of paranoia.)
Then I used a RasPi on wifi and plugged the SG1100 into a switch upstairs, in my study, where I'm comfortable. I note that also means I was using different cables, so that makes me wonder if the cable might have caused some issues. (Doubt it, though.)
Then I did what I've done before: I disabled the LAN interface and didn't even hook it up. Like I said, I've done this before. Then I let the SG1100 search for the servers, expecting another failure. I tabbed over to another terminal session on my Pi and was working on setting up a networking bridge and when I stopped to think, tabbed back to the serial port session monitoring the SG1100. It's walking me through what looks like a normal setup.
What I do not get is why it worked this time when it didn't work before - unless it could be a different cable or something small and unexpected. I did not do anything I had not tried before - only the SG1100 was in a different room and I was monitoring it with a Pi instead of a Linux server. (And I don't buy that the system connected to it by a serial connection could make a difference.)
Okay, so it started downloading and extracting all the packages, then I got this - well, I can't upload the image. Says it's too big - but I've been uploading all day. Anyway, the last couple lines are:
I'm wondering if the same thing could have gone wrong when I was upgrading.
Also, I thought, "It's working now, I'll just retry and, instead of uploading the current version (I think it was 24.11), I'll upload the previous version. I think it was during an upgrade to this same version that it died in the first place.
Anyway, I tried to reinstall and ran into the same issue: Even with nothing plugged into the LAN connector and with the LAN disabled, I was still getting the problem with reaching the servers. So I think it was just luck I got through that one time.
-
@TangoOversway I don't assume you're having fun, getting an offline installer from TAC would be my first priority. Getting the offline installer should be free since you own a Netgate device and having lots of troubles.
My 2nd priority would be getting a backup router devices (whatever brand or type) to avoid this in the future.
And to stress again: WAN and LAN can not have the same IP range. That is like having a block of flats and two flats have the exact same flat number. The postman wouldn't know where to deliver the packages for that flat number.
so it started downloading and extracting all the packages, then I got this ...
What was the text next to "... terminated abnormally: Killed" ...? Maybe @stephenw10 has seen that before? It can't be not enought storage since the internal storage was wiped with
usbrecovery. -
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I don't assume you're having fun
Yeah - I was just venting. It's now been about 15 hours I've spent on this.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
getting an offline installer from TAC would be my first priority
Working on that now. But the latest issue is different and I'm wondering if there's a drive problem. (Are the drives in an SG110 replaceable? I don't think so.) Attempted to upgrade to 24.11 and 24.03. Both times it failed on the same command (see image a reply or two upline). Since it was extracting, I thought there might be an issue with the amount of space available. I took a pic of the screen after using
df. I'm wondering if using a bigger USB stick would help, since that's at 97% capacity and it might be getting too full during the extractions. (I don't know if the packages are extracted to the main drive or to the installer medium before being put in place.)
I'm betting this issue is the same thing that brought down the other install I tried.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
My 2nd priority would be getting a backup router devices (whatever brand or type) to avoid this in the future.
If I could get another SG110 quickly, I'd be ordering it (really, though, I need to wait for my paycheck first). On Amazon, it's 6 days before I can get one. But once I get this worked out, I will get a backup.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
And to stress again: WAN and LAN can not have the same IP range.
I have no control over that - unless I can make a wifi bridge with a Pi. I've found a lot of pages on that, but they're either outdated or the info in them doesn't work, or the newer methods (using nmcli) seem to work, but I haven't seen one guide that tells me how to control the IP address or range handed out to the ethernet part of the bridge. Starlink provides no way to control their address range and I'm nowhere near the point, with the install, where I can control anything like that. The two times I've been able to get it to download from servers were not the same. One time I had the LAN disabled, the other time it was enabled. I'd like to find a guide using nmcli that includes how to specify the bridge address range.
I agree it's a problem - and it's probably something that Netgate should consider addressing: Have the installer check the WAN interface and if it's pfSense's default address range, it should be changed.
One thought on that - I'm having it restore my config now, and I use 172.16.7.xxx. I don't know how soon it uses my config issues, but even with the config as part of the process, I've had trouble reaching the servers.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
What was the text next to "... terminated abnormally: Killed" ...?
[53/177] Extracting boost-libs-1.85.0: .........Child process pid=4196 termined abnormally: KilledI'd like to know where it extracts the packages as part of the install process. If it's treating the USB install drive as the main drive, then it could be extracting them to there. I'm going to try with a bigger drive. But the fact that it crashes on that line with both versions I've tried makes me think there's either an issue with the archive or there's a storage issue.
