SG-1100 Won’t Reboot on Upgrade - no internet access!

TangoOversway · Feb 21, 2025, 4:19 PM

Just it <return> when it asked for the WAN name:
login-to-view

I see a flashing LED on the WAN RJ45, but it's down and I don't get the part about "Configuration references interfaces that do not exist," unless it's from my restored configuration. Also not at all clear about "Network interface mismatch," unless it's because it detects the 192.168.1.xxx ip address on the WAN and finds that a problem.

I'm still thinking a bridge with a RasPi would help - but now that's done through nmcli and I can't find anything (yet) about how to do that AND control the range where the IP address would be.

SteveITS · Feb 21, 2025, 4:19 PM

@TangoOversway
The 1100 uses VLANs, otherwise it is a switch:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/io-ports.html

The default install for an 1100 should set that up though. It's unclear why you're being prompted to assign interfaces. Presumably, a missing configuration?

The installer normally is able to use DHCP on WAN and connect out. Unclear why your experience is so much off-normal.

patient0 · Feb 21, 2025, 4:23 PM

@TangoOversway > So it keeps trying to connect through the WAN to the internet ...

I'm out of my depth here, there are a few confusing messages in that startup screen, @stephenw10 may be of help.

External config loader 1.0 is now starting... mmcsd0p1 mmcsd0p2 mmcsd0p3

Is that a restore of a config backup?

Warning: Configuration references interfaces that do not exist: em0 em1

Why is it trying to assign these interefaces em0 em1, they are not from a SG1100. Did you restore a config (not from the SG1100)?

mvneta0 f0:ad:4e:0d:25:f5 (down) NETA controller

That's the switch of the SG1100 but I thought the switch gets configured in firmware, no idea how to do that here.

The default config is (needs VLAN on ports of the switch):
WAN : mvneta0.4090
LAN : mvneta0.4091

SteveITS · Feb 21, 2025, 4:27 PM

@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

Why is it trying to assign these interefaces em0 em1, they are not from a SG1100

Missed that, that would of course explain the interface reassignment.

TangoOversway · Feb 21, 2025, 4:38 PM

General question first: Would any of these problems be solved if I installed pfSense to an external USB stick? Or reinstalled without my config and waited until I got everything working to upload my old config?

And if I install it to a USB stick, I take it there is some way to make sure when it reboots, it uses the stick instead of the internal drive?

@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

The 1100 uses VLANs, otherwise it is a switch:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/io-ports.html

I also see this from the installer, when it asks to set up VLANS:

If VLANs will not be used, or only for optional interfaces, it is typical to say no here and use the webConfigurator to configure VLANs later, if required.

So I would think I shouldn't set them up - I'm not sure, if I picked Yes, just what I'd do to set them up. (I don't use any - other than Tailscale, which is a rare usage and needed because Starlink doesn't support port forwarding.)

@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

The default install for an 1100 should set that up though. It's unclear why you're being prompted to assign interfaces. Presumably, a missing configuration?

Do you mean a configuration item or the whole configuration?

@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

The installer normally is able to use DHCP on WAN and connect out. Unclear why your experience is so much off-normal.

I wonder if it's related to the issue of not reaching the servers yesterday.

@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

Is that a restore of a config backup?

I told it to use my old config when installing the new system and saw a reference at some points to the config being restored or loaded. I'm wondering if this could be a sign of something else - but since my firewall was working fine until I upgraded it (and is it any wonder I'm shy about doing upgrades?!?), so, other than the drive possibly wearing out, I would think everything else should be in good shape.

@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

The default config is (needs VLAN on ports of the switch):
WAN : mvneta0.4090
LAN : mvneta0.4091

It didn't like that;

Enter the WAN interface name or 'a' for auto-detection
(mvneta0 or a): mvneta0.4090

Invalid interface name 'mvneta0.4090'

TangoOversway · Feb 21, 2025, 4:43 PM

Oh, one other question about the current situation:

Is there any reason to believe that if the WAN had an address space in, say, the 10.0.0.xxx range, instead of the 192.168.1.xxx range, that the WAN interface might behave better?

(Sorry for so many multi-posts, but I figure it's better to add a post than to edit one someone might have just read.)

TangoOversway · Feb 21, 2025, 4:48 PM

Since I'm seeing lights flashing on the WAN connection, but the system sees no link-up, I unplugged the CAT5 and plugged it in. I get this:

2025-02-21T09:50:00.279393+00:00 - php-fpm 565 - - /rc.linkup: Ignoring link event during boot sequence.
e6000sw0port3: link state changed to UP
2025-02-21T09:50:09.472790+00:00 - php-fpm 565 - - /rc.linkup: Ignoring link event during boot sequence.

This is while it's waiting for me to enter the WAN interface name or 'a', so I don't see how it's during the boot sequence.

SteveITS · Feb 21, 2025, 4:51 PM

@TangoOversway As noted you seem to have restored a config file that isn't from an 1100?

At a high level, you will need to create the VLANs because they don't exist in a default non-1100 install.

Or just reinstall, but...yeah.

I would not expect the WAN subnet to have any impact until you define LAN to conflict with it. If unconfigured then LAN is irrelevant.

It's hard to follow/help because none of this seems normal.

I would think if you can get far enough to use the pfSense menu to reset to default settings then you'll have VLANs. Then you can change the LAN subnet. Then should be functional and can restore from the web GUI? Just...don't restore a non-1100 config file.

TangoOversway · Feb 21, 2025, 4:58 PM

@SteveITS

So maybe a fresh install without using my config.

I would agree. There is no way this is normal and the flakiness of things like the serial connection, that it boots sometimes and not others - all this is confusing.

When you talk about the pfSense menu, you mean the web menu, right?

The only config file I'm using is the backup I made just before I upgraded.

Is installing to the USB stick an option in the normal install process? (I'm about to look that up. I know USB drives are slower than internal, but a failing internal drive seems to be a real possibility.)

SteveITS · Feb 21, 2025, 5:04 PM

@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

When you talk about the pfSense menu, you mean the web menu, right?

no the console menu, option 4:
https://docs.netgate.com/pfsense/en/latest/config/console-menu.html

Double check your USB stick for other config.xml files? em0/em1 should not be interfaces in an 1100 config file. It should use mvneta0.4090 etc.

Yes it's possible to install to a USB stick as @stephenw10 said. There are a few threads like
https://forum.netgate.com/topic/196372/migrating-netgate-1100-from-emmc-to-usb-flash-storage-to-keep-it-fit

SteveITS · Feb 21, 2025, 5:05 PM

@TangoOversway Try assigning just WAN to mvneta0 and see if it lets you not assign LAN at all, at least to get to the menu.

TangoOversway · Feb 21, 2025, 5:15 PM

Akismet is flagging this as spam. Bet it's due to the XML data.

@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

Double check your USB stick for other config.xml files? em0/em1 should not be interfaces in an 1100 config file. It should use mvneta0.4090 etc.

From my config (only one on the USB stick):

	<interfaces>
		<wan>
			<enable></enable>
			<if>mvneta0.4090</if>
			<switchif>switch0.port3</switchif>
			<descr><![CDATA[WAN]]></descr>
			<alias-address></alias-address>
			<alias-subnet>32</alias-subnet>
			<spoofmac></spoofmac>
			<ipaddr>dhcp</ipaddr>
			<dhcphostname></dhcphostname>
			<dhcprejectfrom></dhcprejectfrom>
			<adv_dhcp_pt_timeout></adv_dhcp_pt_timeout>
			<adv_dhcp_pt_retry></adv_dhcp_pt_retry>
			<adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout>
			<adv_dhcp_pt_reboot></adv_dhcp_pt_reboot>
			<adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff>
			<adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval>
			<adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
			<adv_dhcp_send_options></adv_dhcp_send_options>
			<adv_dhcp_request_options></adv_dhcp_request_options>
			<adv_dhcp_required_options></adv_dhcp_required_options>
			<adv_dhcp_option_modifiers></adv_dhcp_option_modifiers>
			<adv_dhcp_config_advanced></adv_dhcp_config_advanced>
			<adv_dhcp_config_file_override></adv_dhcp_config_file_override>
			<adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path>
			<dhcpcvpt>bk</dhcpcvpt>
			<ipaddrv6>dhcp6</ipaddrv6>
			<dhcp6-duid></dhcp6-duid>
			<dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
			<dhcp6cvpt>bk</dhcp6cvpt>
			<adv_dhcp6_prefix_selected_interface>wan</adv_dhcp6_prefix_selected_interface>
		</wan>
		<lan>
			<enable></enable>
			<if>mvneta0.4091</if>
			<switchif>switch0.port2</switchif>
			<descr><![CDATA[LAN]]></descr>
			<spoofmac></spoofmac>
			<ipaddr>172.16.7.1</ipaddr>
			<subnet>22</subnet>
			<ipaddrv6>track6</ipaddrv6>
			<track6-interface>wan</track6-interface>
			<track6-prefix-id>0</track6-prefix-id>
		</lan>
		<opt1>
			<if>mvneta0.4092</if>
			<descr><![CDATA[OPT]]></descr>
			<enable></enable>
			<spoofmac></spoofmac>
		</opt1>
	</interfaces>

Can't find EM0 or EM1 in there at all (other than in a string that looks like a crypto key or something like that - so it's part of a long string of random numbers and letters.)

@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

ry assigning just WAN to mvneta0 and see if it lets you not assign LAN at all, at least to get to the menu.

If you mean do that now, after boot (post install), I've tried that and it didn't accept it.

I'll try a new install and disable the LAN when I do it. I'm reading up on installing it to a USB stick first.

TangoOversway · Feb 21, 2025, 5:17 PM

Is the net installer the one I downloaded and have been using? I tried searching for "pfsense net installer" and didn't get anything useful.

stephenw10 · Feb 21, 2025, 5:30 PM

Yes, the Net Installer is what you downloaded from the store.

I assume the config you are restoring was from the 1100?

The em NICs it's complaining about there are probably from the default config. pfSense builds a config based on a default file with additions for specific hardware. So for an 1100 it should see that and add the default VLANs and switch config. You should not see em0,em1.

So somehow it's losing the config that would have been generated at install.

I suggest installing clean and keeping the default config until you're able to access the webgui. Then restore your config there.

TangoOversway · Feb 21, 2025, 5:43 PM

Re-installing. Got to this screen:

login-to-view

I notice both are mvneta0. Later when I have to name the interface (in the post install part where I was caught in a loop), I'm wondering if I should have connected to the LAN. There was no name other than mvneta0 as an option. (I tried mvneta0.4090, as suggested, and got an error.)

stephenw10 · Feb 21, 2025, 5:46 PM

Yes, those are the correct default interfaces for the 1100. It only has one NI (mvneta0) so the interfaces are VLANs on that NIC.

After install it should boot completely without asking you reassign the NICs. It's unclear why it somehow pulled in the pfSense default config with em0 and em1 whoch don't exist in the 1100.

stephenw10 · Feb 21, 2025, 5:48 PM

To re-assign WAN as that after install you have to answer Yes when it asks if you want to create VLANs Then create 4090 and 4091 on mvneta0. Then it will allow you set mvneta0.4090 as WAN

stephenw10 · Feb 21, 2025, 5:49 PM

Do you have the TAC ticket ID you opened? They usually respond to those in minutes.

TangoOversway · Feb 21, 2025, 6:07 PM

I thought I opened a TAC ticket late last night, but had left the form up so I could get the SN and other info from my box. So I filled that in and sent it in today - maybe an hour ago, maybe longer.

I'm back to trying to reach the servers. I've deactivated the LAN and trying it over and over.

I'm wondering if there might be a reason why it only took a few retries in the early morning (US Eastern time) and during the day it's just not connecting.

Again, I see the LEDs flashing on the RJ45 and it doesn't complain about the NIC being inactive or anything.

This is the part where I wonder if a different IP address would help.

TangoOversway · Feb 21, 2025, 6:15 PM

I had disabled the LAN and it couldn't reach the servers. Enabled it and it did, first try. Then I realized I forgot to put in the blank USB stick in the USB3.0 socket, so I had to go back and restart. Again left the LAN on and it went through first time. So it's formatting and preparing to install to the USB stick.

A thought on that: While I have a new SG1100 coming in next week, I'm wondering if, once I get it working on the USB stick, it would be easy to copy or clone that system to the main drive and see if it works on there.

Ah - it's fetching and stuff now. So I guess I can take a break and get one or two things done while it spends time doing that.