SG-1100 Won’t Reboot on Upgrade - no internet access!
-
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Ooops missed some posts! Nice result, much rejoicing indeed.
Well, there was - until the WAN won't connect to the internet - again. But it's loaded my config, which uses a different address space on the LAN side, so address space should not be an issue. Wondering if I should just keep trying, since the connection to the servers happened sometimes and not others.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Painful to read though. It shouldn't be that difficult.
There are some things that could have made this much easier. For instance, when the installer is unblocking the device, it gives a one line message and no indication it'll take a while, or that work is still being done (with a changing status update while it does the work). Also, touching a key during that time stops the process. So the command just sits there, looking like it's hung, and a keypress stops the process. Who designed that UI?!?
Also the address space issue. I'm sure there are people who use something like an SG1100 for a more secure LAN inside another LAN, so it should be able to have some flexibility on LAN address space during setup.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
It should work with LAN set as none. It only needs a valid WAN address and route to connect out. After install it can be reset to whatever is required.
When I finally got a connection to the servers, the first time was with the LAN deactivated. The next time was with it activated. (And the UI has a problem here - once you deactivate the LAN interface, you have to restart the installer to reactivate it.)
-
And a slightly different variation of the loop. I thought the WAN was
mvneta0. What should I put here, sinceadoesn't seem to return an effective result?
-
Just it <return> when it asked for the WAN name:
I see a flashing LED on the WAN RJ45, but it's down and I don't get the part about "Configuration references interfaces that do not exist," unless it's from my restored configuration. Also not at all clear about "Network interface mismatch," unless it's because it detects the 192.168.1.xxx ip address on the WAN and finds that a problem.
I'm still thinking a bridge with a RasPi would help - but now that's done through nmcli and I can't find anything (yet) about how to do that AND control the range where the IP address would be.
-
@TangoOversway
The 1100 uses VLANs, otherwise it is a switch:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/io-ports.htmlThe default install for an 1100 should set that up though. It's unclear why you're being prompted to assign interfaces. Presumably, a missing configuration?
The installer normally is able to use DHCP on WAN and connect out. Unclear why your experience is so much off-normal.
-
@TangoOversway > So it keeps trying to connect through the WAN to the internet ...
I'm out of my depth here, there are a few confusing messages in that startup screen, @stephenw10 may be of help.
External config loader 1.0 is now starting... mmcsd0p1 mmcsd0p2 mmcsd0p3
Is that a restore of a config backup?
Warning: Configuration references interfaces that do not exist: em0 em1
Why is it trying to assign these interefaces em0 em1, they are not from a SG1100. Did you restore a config (not from the SG1100)?
mvneta0 f0:ad:4e:0d:25:f5 (down) NETA controller
That's the switch of the SG1100 but I thought the switch gets configured in firmware, no idea how to do that here.
The default config is (needs VLAN on ports of the switch):
WAN : mvneta0.4090
LAN : mvneta0.4091 -
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Why is it trying to assign these interefaces em0 em1, they are not from a SG1100
Missed that, that would of course explain the interface reassignment.
-
General question first: Would any of these problems be solved if I installed pfSense to an external USB stick? Or reinstalled without my config and waited until I got everything working to upload my old config?
And if I install it to a USB stick, I take it there is some way to make sure when it reboots, it uses the stick instead of the internal drive?
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The 1100 uses VLANs, otherwise it is a switch:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/io-ports.htmlI also see this from the installer, when it asks to set up VLANS:
If VLANs will not be used, or only for optional interfaces, it is typical to say no here and use the webConfigurator to configure VLANs later, if required.So I would think I shouldn't set them up - I'm not sure, if I picked Yes, just what I'd do to set them up. (I don't use any - other than Tailscale, which is a rare usage and needed because Starlink doesn't support port forwarding.)
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The default install for an 1100 should set that up though. It's unclear why you're being prompted to assign interfaces. Presumably, a missing configuration?
Do you mean a configuration item or the whole configuration?
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The installer normally is able to use DHCP on WAN and connect out. Unclear why your experience is so much off-normal.
I wonder if it's related to the issue of not reaching the servers yesterday.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Is that a restore of a config backup?
I told it to use my old config when installing the new system and saw a reference at some points to the config being restored or loaded. I'm wondering if this could be a sign of something else - but since my firewall was working fine until I upgraded it (and is it any wonder I'm shy about doing upgrades?!?), so, other than the drive possibly wearing out, I would think everything else should be in good shape.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The default config is (needs VLAN on ports of the switch):
WAN : mvneta0.4090
LAN : mvneta0.4091It didn't like that;
Enter the WAN interface name or 'a' for auto-detection (mvneta0 or a): mvneta0.4090 Invalid interface name 'mvneta0.4090' -
Oh, one other question about the current situation:
Is there any reason to believe that if the WAN had an address space in, say, the 10.0.0.xxx range, instead of the 192.168.1.xxx range, that the WAN interface might behave better?
(Sorry for so many multi-posts, but I figure it's better to add a post than to edit one someone might have just read.)
-
Since I'm seeing lights flashing on the WAN connection, but the system sees no link-up, I unplugged the CAT5 and plugged it in. I get this:
2025-02-21T09:50:00.279393+00:00 - php-fpm 565 - - /rc.linkup: Ignoring link event during boot sequence. e6000sw0port3: link state changed to UP 2025-02-21T09:50:09.472790+00:00 - php-fpm 565 - - /rc.linkup: Ignoring link event during boot sequence.This is while it's waiting for me to enter the WAN interface name or 'a', so I don't see how it's during the boot sequence.
-
@TangoOversway As noted you seem to have restored a config file that isn't from an 1100?
At a high level, you will need to create the VLANs because they don't exist in a default non-1100 install.
Or just reinstall, but...yeah.
I would not expect the WAN subnet to have any impact until you define LAN to conflict with it. If unconfigured then LAN is irrelevant.
It's hard to follow/help because none of this seems normal.
I would think if you can get far enough to use the pfSense menu to reset to default settings then you'll have VLANs. Then you can change the LAN subnet. Then should be functional and can restore from the web GUI? Just...don't restore a non-1100 config file.
-
So maybe a fresh install without using my config.
I would agree. There is no way this is normal and the flakiness of things like the serial connection, that it boots sometimes and not others - all this is confusing.
When you talk about the pfSense menu, you mean the web menu, right?
The only config file I'm using is the backup I made just before I upgraded.
Is installing to the USB stick an option in the normal install process? (I'm about to look that up. I know USB drives are slower than internal, but a failing internal drive seems to be a real possibility.)
-
@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
When you talk about the pfSense menu, you mean the web menu, right?
no the console menu, option 4:
https://docs.netgate.com/pfsense/en/latest/config/console-menu.htmlDouble check your USB stick for other config.xml files? em0/em1 should not be interfaces in an 1100 config file. It should use mvneta0.4090 etc.
Yes it's possible to install to a USB stick as @stephenw10 said. There are a few threads like
https://forum.netgate.com/topic/196372/migrating-netgate-1100-from-emmc-to-usb-flash-storage-to-keep-it-fit -
@TangoOversway Try assigning just WAN to mvneta0 and see if it lets you not assign LAN at all, at least to get to the menu.
-
Akismet is flagging this as spam. Bet it's due to the XML data.
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Double check your USB stick for other config.xml files? em0/em1 should not be interfaces in an 1100 config file. It should use mvneta0.4090 etc.
From my config (only one on the USB stick):
<interfaces> <wan> <enable></enable> <if>mvneta0.4090</if> <switchif>switch0.port3</switchif> <descr><![CDATA[WAN]]></descr> <alias-address></alias-address> <alias-subnet>32</alias-subnet> <spoofmac></spoofmac> <ipaddr>dhcp</ipaddr> <dhcphostname></dhcphostname> <dhcprejectfrom></dhcprejectfrom> <adv_dhcp_pt_timeout></adv_dhcp_pt_timeout> <adv_dhcp_pt_retry></adv_dhcp_pt_retry> <adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout> <adv_dhcp_pt_reboot></adv_dhcp_pt_reboot> <adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff> <adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval> <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options></adv_dhcp_send_options> <adv_dhcp_request_options></adv_dhcp_request_options> <adv_dhcp_required_options></adv_dhcp_required_options> <adv_dhcp_option_modifiers></adv_dhcp_option_modifiers> <adv_dhcp_config_advanced></adv_dhcp_config_advanced> <adv_dhcp_config_file_override></adv_dhcp_config_file_override> <adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path> <dhcpcvpt>bk</dhcpcvpt> <ipaddrv6>dhcp6</ipaddrv6> <dhcp6-duid></dhcp6-duid> <dhcp6-ia-pd-len>0</dhcp6-ia-pd-len> <dhcp6cvpt>bk</dhcp6cvpt> <adv_dhcp6_prefix_selected_interface>wan</adv_dhcp6_prefix_selected_interface> </wan> <lan> <enable></enable> <if>mvneta0.4091</if> <switchif>switch0.port2</switchif> <descr><![CDATA[LAN]]></descr> <spoofmac></spoofmac> <ipaddr>172.16.7.1</ipaddr> <subnet>22</subnet> <ipaddrv6>track6</ipaddrv6> <track6-interface>wan</track6-interface> <track6-prefix-id>0</track6-prefix-id> </lan> <opt1> <if>mvneta0.4092</if> <descr><![CDATA[OPT]]></descr> <enable></enable> <spoofmac></spoofmac> </opt1> </interfaces>Can't find EM0 or EM1 in there at all (other than in a string that looks like a crypto key or something like that - so it's part of a long string of random numbers and letters.)
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
ry assigning just WAN to mvneta0 and see if it lets you not assign LAN at all, at least to get to the menu.
If you mean do that now, after boot (post install), I've tried that and it didn't accept it.
I'll try a new install and disable the LAN when I do it. I'm reading up on installing it to a USB stick first.
-
Is the net installer the one I downloaded and have been using? I tried searching for "pfsense net installer" and didn't get anything useful.
-
Yes, the Net Installer is what you downloaded from the store.
I assume the config you are restoring was from the 1100?
The em NICs it's complaining about there are probably from the default config. pfSense builds a config based on a default file with additions for specific hardware. So for an 1100 it should see that and add the default VLANs and switch config. You should not see em0,em1.
So somehow it's losing the config that would have been generated at install.
I suggest installing clean and keeping the default config until you're able to access the webgui. Then restore your config there.
-
Re-installing. Got to this screen:
I notice both are
mvneta0. Later when I have to name the interface (in the post install part where I was caught in a loop), I'm wondering if I should have connected to the LAN. There was no name other than mvneta0 as an option. (I tried mvneta0.4090, as suggested, and got an error.) -
Yes, those are the correct default interfaces for the 1100. It only has one NI (mvneta0) so the interfaces are VLANs on that NIC.
After install it should boot completely without asking you reassign the NICs. It's unclear why it somehow pulled in the pfSense default config with em0 and em1 whoch don't exist in the 1100.
-
To re-assign WAN as that after install you have to answer Yes when it asks if you want to create VLANs Then create 4090 and 4091 on mvneta0. Then it will allow you set mvneta0.4090 as WAN
-
Do you have the TAC ticket ID you opened? They usually respond to those in minutes.
