SG-1100 Won’t Reboot on Upgrade - no internet access!
-
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I don't understand how 192.168.1.1 is still the default for so many routers, especially the more powerful one like the *sense's.
Fritzbox got 192.168.178.1/24, Sophos 172.16.16.16/24, Mikrotik 192.168.88.1/24 and it be really great if pfSense would also default to something else than .1.1.There's a starlink router upstream, right ?
Never saw one, so didn't see the GUI. But i'll traeat it like an ISP router : they have very little to no user settings at all. But it has one option : change it's base LAN addresses : push it from 192.168.1.1/24 to something else.
The day you have to reset it for whatever reason, no need to re install with USB or CD's. Just think about changing the LAN, change the password and done.Re installing pfSense is installing an OS again, and a router with a zillion options.
So, IMHO : make live as easy possible, do everything so the hardest install becomes more easy.
This SG1100 re install seems typically hard.
Connected to a starlink setup, 1000 feet away, that still uses the default 192.168.1.1/24 setup .... ok, why not.
=> get that changed "for the next time".
The SG 1100 can be re installed with all 'default' settings, the "Installer" will connect, do its thing without any paramter modifications needed.Next time, if possible, take you SG1100, throw it in the car, go visit a neighbor who has an RJ45 to share with you (check if it isn't using the 192.168.1.0/24 - right ?).
If Internet access is a priority, keep a USB drive with the latest pfSense ISO or Installer ready. Use and abuse the fact that if you have a tested backup plan, you won't need it ^^
Instead of a 1100, any old PC that you want to save from a landfill, can be used as a "pfSense" device (not a portable - never USB-NICs - if you see Realtel NIC, run away or landfill it at least 100 feet deep). Just slide in a second NIC, get 2.7.2 (free). Be ware that pfSense config are not easily interchangeable between different platforms, but this file is very useful as they contain a very readable (use a text editor) recap of your pfSense setup.
The console access : that's what I don't understand. Most people get it today, many devices have web interfaces to set them up. But what if there is an issue with a network interfaces ? pfSense is not a NAS, camera, printer, or smart-switch that can be reset with a button to a known working state. pfSense is a 'PC' with a hard disk and a real file system, a full fleshed OS. So, if no NICs, you'll need the most important access right away, the console access, and ready to be used at any time. And pfSense needs an UPS. Not for you so you can continue watching TV while all power is lost, but for your online device like pfSense (PC !?) can do a proper shut down.
Note : the spare-PC-emergecy-pfSense PC solution I mentioned above : that one doesn't need a serial (serial over USB) access, as it has a video card - and keyboard, so the console access would be like : hook up a VGA/HDMI screen, and an USB keyboard and your good, no serial USB driver to install.
Don't leave your pfSense config on pfSense. No need to export a config every hour or even day, but do get a (it's small) config for later on. Again : if you have it, you won't need it. USB recovery or ACB recovery is nice (if you can find your Device key ID) but treatb them as plan Z solution.
Last but not least, and be ware : the SG1100 doesn't' have the strongest storage device, some emmc storage, right ? Keep an eye on it, check out other forum threads for more info. If this one dies, you got yourself a nice white door stop.
Btw : just make a list of "what-to-do", and as soon as pfSense is back up again, go cool down outside, maybe some snow to remove somewhere ^^ do something else for a week - lol, 15 hours straight to gain Internet access again ...
but prepare a what to do list. And keep it updated.You'll be fine.
-
I would open a TAC ticket and request the legacy installer. Explain your situation. That will bypass most of the issues you're seeing.
However that fact you were running
usbrecovery, seeing it erase the eMMC and then still booting from it is not a good sign. It implies the eMMC might be bad and have gone read only.
It's possible to install onto another USB drive instead of the eMMC but you can only do that from the Net Installer.
-
it has one option : change it's base LAN addresses : push it from 192.168.1.1/24 to something else
OP said somewhere above the Starlink router isn’t changeable.
Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
Upvote 👍 helpful posts! -
It is truly the age of wonders!
I was working on it until about 4AM, local time, since 11 AM, so, about 17 hours. I was exhausted and having tons of issues - like the serial connection acting up repeatedly and so on. My plan was to get it to the point where it had failed twice (on 24.11 ad 24.03) - both times at the same spot. I figured once I got there, it would drop me in the shell and I could use fsck to see if there were issues that could be fixed. I got it to the point where it was fetching all the packages and went to bed. That was about 5 hours ago.
Got up to this. I'm going to drop into the shell, see what I can do to shut it down without just yanking the power, put it back in place, and turn it on and verify it's working.
More later, but I'm wiped out and have some things to catch up on that I couldn't do yesterday.
-
@TangoOversway And there was much rejoicing. :)
I find things…don’t work quite the same after 1am. Being tired rarely helps.
-
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
OP said somewhere above the Starlink router isn’t changeable.
Yeah - incredible but apparently true.
Had to FC that first. -
It should work with LAN set as none. It only needs a valid WAN address and route to connect out. After install it can be reset to whatever is required.
-
Ooops missed some posts! Nice result, much rejoicing indeed.
Painful to read though. It shouldn't be that difficult.
-
Well, the madness continues.
I figured when it rebooted, it would be ready for the web interface, so I took it downstairs and put it back in the normal place and hooked things up. Nope. So I hooked up the serial cable to see what's going on and got stuck in an endless loop:
So it keeps trying to connect through the WAN to the internet - and can't. Yet, again, Starlink reports it is attached and it connected yesterday. Also, remember, I'm not doing this because the system went bad. I just tried a normal update and it went bad. I'm stuck in that loop. I'm moving it back up to my study where I'm comfortable working on it. (Also, it's loaded my config, so the address space should not be an issue and the LEDs on the WAN RJ45 are on.)
I am ordering another SG1100. This has lasted years, but I had some wonky things happening, like serious serial connection issues over and over where I'd get gibberish or the system would complain about not being able to boot at all, then boot on the next attempt. Things have been horrendously inconsistent for a machine where everything is a 1 or a 0 and it should repeat the same errors over and over.
One thing that may or may not be worth noting: I tried installing the image (with Etcher) on a larger USB stick and found that the drive size was always the same no matter what. (If I recall, 64GB?). I checked and the fs was FAT, so I formatted at 128GB stick as FAT, with the same name as the installer volume. Then I copied all the files from the stick that was working to the larger volume. It worked on the SG1100 and that was the first time the install went through properly.
So, now, to catch up:
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
That could have been an issue the first time, yes. But since run usbrecovery is formating the drive that can not be it anymore.
So when it fetches, it stores the compacted file on the system drive and when it extracts it, it extracts to the system's drive - and NOT to the USB drive? See my comment just above my response to you. It could be coincidence, but the time it FINALLY installed was when I created my own 128GB USB stick and put the installer on there. I'm wondering if that made the difference. Since it always failed during an extraction, it made me think drive space could be an issue.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I was thinking more along the line of a different router os than router A. That's how I handle that. And a backup router B doesn't have to have all the rules setup but all that are necessary to have a working internet and whatever is necessary to work. But of course a second 1100 is also great.
Maybe this is a bad time to make that decision, since I'm rather tired, but I think I'm going with a second SG1100. I'll back up the config from the current one and put it on there and let it be my new firewall, keeping the older one as a backup. Considering the flakey serial issues and inconsistent behavior, and that I don't know what caused it all, I want to take this one out of primary use.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I don't understand how 192.168.1.1 is still the default for so many routers, especially the more powerful one like the *sense's.
Fritzbox got 192.168.178.1/24, Sophos 172.16.16.16/24, Mikrotik 192.168.88.1/24 and it be really great if pfSense would also default to something else than .1.1.Starlink is a mixed "blessing." First, it means those of us who live in rural areas where cable companies won't go (and we have cable on both ends of this road - we're in a 1 mile gap they won't service) can get real internet. It's got great uptime. For a while, super-heavy thunderstorms might stop it for 20 minutes or so, but that seems to no longer be an issue. It's also a "black box" kind of thing: They want it to work by just plugging it in and connecting the wires. That means if you need a special setup, you've got a lot of hacking to do. Believe it or not, the internet brought to you by a leading spaceship maker can NOT change or expand the address space on the LAN. And I doubt they will. (Starlink is notorious for providing things "as is" and not listening to suggestions. There is no way to call and talk to a human - but, on the other hand, it's amazingly stable.)
I think pfSense really needs to deal with this. I'm sure there are people who use SG1100s (or want to use them) between LAN sections, so it should be smart enough to detect the WAN IP address and, if there is no configuration to specify the address space on the LAN, shift to a different space than that used on the WAN side.
Another issue I think they need to look into is adding some more verbosity to commands that can take a long time to process. For instance, the installer would say it was unblocking a device. Okay, I'm pretty sure I know what that means, but it's still confusing and it takes a long time. Pressing ANY key during that function aborts. I would have saved an hour if it said, "Unblocking drive...this could take a few minutes," or if it actually had a status display showing the process somehow, so I knew it had not just hung on something. I think I encountered this issue on mroe than just that command.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Nope, that wouldn't work because the USB drive can be too small. It will extract them onto the target device. But 'terminated abnormally: Killed' doesn't sound like a storage issue but a operating system issue somehow.
Okay. Like I said, it could be just coincidence that the time it worked was when I used the larger USB stick. I was thinking "killed" might be because it ran out of space and crashed.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
It is for sure very annoying to loose internet for that long, I can understand.
Thanks! And with remote work and, for me, I work from home, in my own business, but I need the internet for what I do.
@Gertjan said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
There's a starlink router upstream, right ?
Never saw one, so didn't see the GUI. But i'll traeat it like an ISP router : they have very little to no user settings at all. But it has one option : change it's base LAN addresses : push it from 192.168.1.1/24 to something else.As mentioned previously, that's not possible with Starlink. You can't change the LAN address space. So that option is not available on Starlink.
@Gertjan said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
This SG1100 re install seems typically hard.
Connected to a starlink setup, 1000 feet away, that still uses the default 192.168.1.1/24 setup .... ok, why not.I'm not clear if you mean atypically here. I don't know how hard a normal reinstall is. If it's this hard, then Netgate has issues.
The 1,000' part isn't an issue except for the few times I have to go out to the "Outpost" for some reason. Once I got Starlink up and running, and made sure it had a UPS so it didn't lose power during power flickers, that hasn't been an issue. I can't put it closer without cutting down a LOT of trees. Starlink needs a wide part of the sky unblocked, not just a single line to a single satellite in geostationary orbit.
@Gertjan said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Next time, if possible, take you SG1100, throw it in the car, go visit a neighbor who has an RJ45 to share with you (check if it isn't using the 192.168.1.0/24 - right ?).
Nice thought. The reason we have Starlink is we're in an agricultural area. Many neighbors don't have internet. Plus, did you see my mention of the snow storm? Yeah. We have a 1/3 mile drive from the garage to the road. It'll be a day or two before we can get out. Meanwhile, no work from home until this gets resolved.
@Gertjan said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
If Internet access is a priority, keep a USB drive with the latest pfSense ISO or Installer ready.
Have you noticed just how many problems I have had once I got the installer image? That was the least of my issues!
@Gertjan said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
do something else for a week - lol, 15 hours straight to gain Internet access again
There are "have to do" things that are piling up that require internet. Sadly, just taking time off right now would have been an option if it had taken me ONE hour to fix it, but now - well, I'm behind and we've lost income and - well, it's a mess.
@Gertjan said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
You'll be fine.
Yes, I will - eventually. Because I'll work my tail off to make that happen. But it will ONLY be because I work my tail off.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I would open a TAC ticket and request the legacy installer. Explain your situation. That will bypass most of the issues you're seeing.
Opened one about 3 AM last night. No response yet.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
However that fact you were running usbrecovery, seeing it erase the eMMC and then still booting from it is not a good sign. It implies the eMMC might be bad and have gone read only.
Yeah, that bothers me and makes me wonder if the trouble booting regularly could be part of that. (But it wouldn't explain the poor serial connections.) That's why I decided to not wait for payday and just order another SG110 now. I'll move this one to backup use (once I get it working, that is!). That way it will only be needed for a few days of use.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
It's possible to install onto another USB drive instead of the eMMC but you can only do that from the Net Installer.
I'll keep that in mind. I haven't looked at (or even knew about) the net installer, unless you mean the one I'm using (as opposed to any offline installer). Since it has installed and is now at the configuration stage with the questions it's asking (after a reboot), I'm hoping I won't have to do that.
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I find things…don’t work quite the same after 1am. Being tired rarely helps.
I'm a night person. I'm much more alert after 9 PM until somewhere around 2-4 AM than I am before 2 PM in daylight! Still, I was hoping to get to bed early and sleep late before this happened!
-
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Ooops missed some posts! Nice result, much rejoicing indeed.
Well, there was - until the WAN won't connect to the internet - again. But it's loaded my config, which uses a different address space on the LAN side, so address space should not be an issue. Wondering if I should just keep trying, since the connection to the servers happened sometimes and not others.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Painful to read though. It shouldn't be that difficult.
There are some things that could have made this much easier. For instance, when the installer is unblocking the device, it gives a one line message and no indication it'll take a while, or that work is still being done (with a changing status update while it does the work). Also, touching a key during that time stops the process. So the command just sits there, looking like it's hung, and a keypress stops the process. Who designed that UI?!?
Also the address space issue. I'm sure there are people who use something like an SG1100 for a more secure LAN inside another LAN, so it should be able to have some flexibility on LAN address space during setup.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
It should work with LAN set as none. It only needs a valid WAN address and route to connect out. After install it can be reset to whatever is required.
When I finally got a connection to the servers, the first time was with the LAN deactivated. The next time was with it activated. (And the UI has a problem here - once you deactivate the LAN interface, you have to restart the installer to reactivate it.)
-
And a slightly different variation of the loop. I thought the WAN was
mvneta0. What should I put here, sinceadoesn't seem to return an effective result?
-
Just it <return> when it asked for the WAN name:
I see a flashing LED on the WAN RJ45, but it's down and I don't get the part about "Configuration references interfaces that do not exist," unless it's from my restored configuration. Also not at all clear about "Network interface mismatch," unless it's because it detects the 192.168.1.xxx ip address on the WAN and finds that a problem.
I'm still thinking a bridge with a RasPi would help - but now that's done through nmcli and I can't find anything (yet) about how to do that AND control the range where the IP address would be.
-
@TangoOversway
The 1100 uses VLANs, otherwise it is a switch:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/io-ports.htmlThe default install for an 1100 should set that up though. It's unclear why you're being prompted to assign interfaces. Presumably, a missing configuration?
The installer normally is able to use DHCP on WAN and connect out. Unclear why your experience is so much off-normal.
-
@TangoOversway > So it keeps trying to connect through the WAN to the internet ...
I'm out of my depth here, there are a few confusing messages in that startup screen, @stephenw10 may be of help.
External config loader 1.0 is now starting... mmcsd0p1 mmcsd0p2 mmcsd0p3
Is that a restore of a config backup?
Warning: Configuration references interfaces that do not exist: em0 em1
Why is it trying to assign these interefaces em0 em1, they are not from a SG1100. Did you restore a config (not from the SG1100)?
mvneta0 f0:ad:4e:0d:25:f5 (down) NETA controller
That's the switch of the SG1100 but I thought the switch gets configured in firmware, no idea how to do that here.
The default config is (needs VLAN on ports of the switch):
WAN : mvneta0.4090
LAN : mvneta0.4091 -
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Why is it trying to assign these interefaces em0 em1, they are not from a SG1100
Missed that, that would of course explain the interface reassignment.
-
General question first: Would any of these problems be solved if I installed pfSense to an external USB stick? Or reinstalled without my config and waited until I got everything working to upload my old config?
And if I install it to a USB stick, I take it there is some way to make sure when it reboots, it uses the stick instead of the internal drive?
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The 1100 uses VLANs, otherwise it is a switch:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/io-ports.htmlI also see this from the installer, when it asks to set up VLANS:
If VLANs will not be used, or only for optional interfaces, it is typical to say no here and use the webConfigurator to configure VLANs later, if required.So I would think I shouldn't set them up - I'm not sure, if I picked Yes, just what I'd do to set them up. (I don't use any - other than Tailscale, which is a rare usage and needed because Starlink doesn't support port forwarding.)
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The default install for an 1100 should set that up though. It's unclear why you're being prompted to assign interfaces. Presumably, a missing configuration?
Do you mean a configuration item or the whole configuration?
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The installer normally is able to use DHCP on WAN and connect out. Unclear why your experience is so much off-normal.
I wonder if it's related to the issue of not reaching the servers yesterday.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Is that a restore of a config backup?
I told it to use my old config when installing the new system and saw a reference at some points to the config being restored or loaded. I'm wondering if this could be a sign of something else - but since my firewall was working fine until I upgraded it (and is it any wonder I'm shy about doing upgrades?!?), so, other than the drive possibly wearing out, I would think everything else should be in good shape.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The default config is (needs VLAN on ports of the switch):
WAN : mvneta0.4090
LAN : mvneta0.4091It didn't like that;
Enter the WAN interface name or 'a' for auto-detection (mvneta0 or a): mvneta0.4090 Invalid interface name 'mvneta0.4090' -
Oh, one other question about the current situation:
Is there any reason to believe that if the WAN had an address space in, say, the 10.0.0.xxx range, instead of the 192.168.1.xxx range, that the WAN interface might behave better?
(Sorry for so many multi-posts, but I figure it's better to add a post than to edit one someone might have just read.)
-
Since I'm seeing lights flashing on the WAN connection, but the system sees no link-up, I unplugged the CAT5 and plugged it in. I get this:
2025-02-21T09:50:00.279393+00:00 - php-fpm 565 - - /rc.linkup: Ignoring link event during boot sequence. e6000sw0port3: link state changed to UP 2025-02-21T09:50:09.472790+00:00 - php-fpm 565 - - /rc.linkup: Ignoring link event during boot sequence.This is while it's waiting for me to enter the WAN interface name or 'a', so I don't see how it's during the boot sequence.
-
@TangoOversway As noted you seem to have restored a config file that isn't from an 1100?
At a high level, you will need to create the VLANs because they don't exist in a default non-1100 install.
Or just reinstall, but...yeah.
I would not expect the WAN subnet to have any impact until you define LAN to conflict with it. If unconfigured then LAN is irrelevant.
It's hard to follow/help because none of this seems normal.
I would think if you can get far enough to use the pfSense menu to reset to default settings then you'll have VLANs. Then you can change the LAN subnet. Then should be functional and can restore from the web GUI? Just...don't restore a non-1100 config file.
-
So maybe a fresh install without using my config.
I would agree. There is no way this is normal and the flakiness of things like the serial connection, that it boots sometimes and not others - all this is confusing.
When you talk about the pfSense menu, you mean the web menu, right?
The only config file I'm using is the backup I made just before I upgraded.
Is installing to the USB stick an option in the normal install process? (I'm about to look that up. I know USB drives are slower than internal, but a failing internal drive seems to be a real possibility.)
