SG-1100 Won’t Reboot on Upgrade - no internet access!
-
Even better!
It never asked me for any LAN info or to connect to the internet or anything like that. All the stuff I dealt with before are no issue now, at all. Only thing question it asked before this menu came up was to set my password.
And notice it's using the same address space on both NICs. Well, we'll change that when I upload my config through the web.
I have to leave for an appointment soon, so if I don't post an update, what I'm going to do now is to halt the system, disconnect the WAN connection, connect the LAN directly to my Mac, and upload my backed up configuration.
I'm surprised that if I had just left the LAN interface defined during setup, this time things would have gone smoothly. Yesterday there were so many wacky things that didn't make sense, it's like a dream. I had problems with serial connections, with it booting, and other issues I reported. I'm wondering if a lot of them could be explained by failing internal storage. That could have led to problems booting, reading settings and info, and maybe more.
-
Just this part to show the web config is up and running AND it's using my config info, with my LAN address space!
I was hoping to take it downstairs and plug it in where it belongs and quickly check to see if things are behaving, but I won't be able to now, since it has to finish reinstalling packages.
I've got an appointment and about 90 minutes of driving coming up (to get there and back), so that'll give me time to mentally review everything. I want to list the issues that came up and see if it's possible to figure out why they weren't a problem today when they were so hard to deal with yesterday.
-
Well looking much better at least!
-
Short version: It's all working fine now.
Also, I want to thank everyone who chipped in and helped along the way. Some people spent a lot of time on this thread writing helpful comments and suggestions and reading through a lot of my details to help me work things out. That is deeply appreciated!
This may be long, but I'm trying to be thorough. I think pfSense is a strong program and I've been using it for so long I don't remember when I first used it. I want to say it was somewhere around 2005, but I'm not sure. First I used the open source version on a Soekris net5501 (if that's the right model number) for many years, then switched to the SG1100 5 years ago. If any of this rotten experience helps improve any part of the program, I'll be glad it helps.
Yesterday (Thursday) was horrendous and I feel like I went through a worst-case restore situation. The only two ways it could have been worse is if my SG1100 completely crashed and I didn't have a config backup or if I had not backed up the config before it went bad. I think it's important to stress that it did not just crash on its own. It crashed as I was upgrading, not when I tried something tricky or experimental.
I've been thinking through what happened and what could have made it easier for me to restore my device to functionality. I can see why there is no way to do a factory reset. I do wish that the boot firmware had ssh included so there would be a way to connect without a serial cable, but I understand there are probably reasons against that.
So that leaves my experience and the things that went wrong (or the things that were good). I think, since so much went wrong, this is a good case study for Netgate, since almost anything that could go wrong went wrong.
Issues I faced that can likely be fixed:
- With
usbrestore, I ran into a problem when the device was being deblocked (unblocked? not sure of the term or the exact message. I think it's in a screenshot or comment upthread). The message is not as clear as it could be and says something like, "Device being deblocked." It takes time, so it's hard to tell if it's doing something or if it just got hung up. As a user, this is confusing. Is it hung up or working in the background? Pressing any button apparently (in my experience) terminates the process, leaving the device in an unknown condition. From there it's not possible to proceed without running it again and facing the same issue. Suggested fix: Add a line at the start saying, "(This could take several minutes.)" Since Netgate knows what devices they have and that this will run on, it might even be possible to include a time, like, "This may take up to 5 minutes." Another way to handle it is to include a counter on how many blocks have been zeroed out or some other status information that changes while the program is running. The purpose is to let the user know the program didn't hang, it's just busy. Also, if the user presses a button, rather than quit, the program could prompt with something like, "Still unblocking device. Abort? (y/N):"
I think this issue (including the deblocking aborting on a keypress) added several hours to my restore process.
- Default address space on LAN can conflict with WAN. In my case, with Starlink as an ISP, I have no way to change the address space on the WAN side. It's far less than optimal for Starlink to force the 192.168.1.xxx address space, but they do. It's the same address space pfSense defaults to. @stephenw10 and I have both expressed concerns about this. However, when things finally worked well, it didn't seem to be an issue. (Oddly, it was a nightmare on Thursday, but when I tried doing things again on Friday, it wasn't an issue - and I cannot figure out what was different. On friday, when things worked, at at least two points, pfSense reported the address for both the WAN and LAN they were both in the same address space. How that worked at all is beyond me. Suggested fix: Before connecting to the Netgate servers, check the WAN IP address. If it's in the 192.168.1.xxx address range, give the user a choice of using a different address space on the LAN. It may be better, though, to not give a choice. Since the LAN connection is not used at all until after the reboot, if the WAN is using this address space, either automatically deactivate the LAN NIC or change to another address space. Then, before rebooting, change back to the default address space. This way there is no conflict and the user doesn't have to deal with the issue at all.
I don't know what went on and why it took hours and dozens of tries to connect to the Netgate servers, but this issue probably added 4-5 hours to my restore process. (And I'm not exaggerating on the timing!)
The last time I tried the install, almost everything was perfect - what wasn't has been addressed in the issues I list below. But for some reason, it just would NOT work properly at all for hours and hours when I first tried everything.
-
I had an install of v14.11 and v14.03 both crash at the same point (discussed upthread). Basically it was during expansion of downloaded packages. I suspect it was a driver failure. I don't know where the packages are downloaded to and where they are unpacked. Just in case, I tried a hack and made my own USB restore drive by formatting a 256GB USB stick in FAT32, then copying the files from a net install image on a USB stick onto my stick. That provided a lot of free space. It may have been coincidence, but the failure message (about a background process having to be killed) was no help. My guess was that it was a storage problem and, again, maybe the sign of a failing drive. (How long do the drives in an SG1100 tend to last? Should I just plan on replacing these units every so many years?) During the download and unpacking, it would be nice, if things fail, if the drive space was checked and reported in any abort or error messages to indicate if the problem could be storage.
-
Restoring with my configuration file lead to multiple issues. (Discussed upthread.) There were reports from the post-install configuration (after reboot) about 2 interfaces that, apparently, are not even on the SG1100. I'm not sure what was going on here, but my configuration file was the one I downloaded from the SG1100 before I started my failed upgrade and it was loaded from the web interface and installed without issue. I have every reason to believe it's a good configuration file, but the issues that showed up because of me trying to restore with it cost me 2-3 hours. When I tried the same steps, but without the configuration file, I finally got a good restore. (It just occurred to me that I use Tailscale. I don't know if that creates virtual devices, but maybe that could be part of what caused this.)
-
Include a section in the dos about restoring to a USB stick. I finally decided to do that and things worked perfectly. That may be the one thing that fixed all the other problems. While the only 2 extra steps (setting the env options) are simple, it would be worth it to have a section on that in the docs. This post says a lot of what's needed, but having it in the docs would prove helpful to a lot of people.
Intermittent or Tricky Issues that May Not be Debuggable
-
I've mentioned several times that I think the issue could be that my drive is failing. That would explain several issues, maybe even explain all of them. I think it would be quite useful to add an option to the boot menus to make it easy to run fsck to verify the system storage devices. Maybe even add a prompt when the Marvell shell comes up about what command can be run to verify device integrity. This would be incredibly helpful, since most of us may not be familiar with just what the underlying OS is (yes, it's BSD, but a lto of users are inexperienced with BSD and don't know what tools are available on it). Some kind of prompting or including a menu item to verify drive integrity would be a major help.
-
Flakey serial connections: Connecting with the serial console is easy on Mac and Linux, just
screen <device node> 115200. It's almost foolproof, but at one point, when I brought the device up to my study to make it more comfortable to work on it, I tried booting over and over and often saw gibberish on the serial connection. There were times it was a matter of characters not showing up, so I might get something like "eger" instead of "Netgear." I also had times when the serial connection failed altogether. This could have been because of my cable, but I also noticed that there were a number of times that adjusting the cable connection on the SG1100 fixed things. I think the position of the USB-B microconnector on the motherboard and the thickness of the case may create an issue where the ends of some USB cables aren't long enough to fit into the connector well. Making a case with an indentation around the connector or putting it just a little bit closer to the edge of the PCB might fix this. I have no idea , though, what caused the flakey serial connection most of the time, though. -
Boot issues: I had multiple times when I tried to boot and got a message that it was trying to boot and I saw a "T" (or, if I remember, sometimes an asterisk) on the serial console, then a space, and, after a wait, another T (or asterisk). I don't know what was going on, but this took time and never was followed by a proper boot. At one point I was having serious trouble for a while getting it to boot and provide a non-garbled serial connection. I think the boot issue could be explained by a failing storage device, but I don't know if the serial connection issue could be.
I've spent a lot of time thinking this through and I hope it helps the devs at Netgate.
- With
-
@TangoOversway there is this?
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-configuration-from-media-during-installThere are various threads about eMMC storage. TL, DR:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html#emmc
Packages that require/recommend SSD:
https://www.netgate.com/supported-pfsense-plus-packages -
@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
With usbrestore, I ran into a problem when the device was being deblocked (unblocked? not sure of the term or the exact message. I think it's in a screenshot or comment upthread). The message is not as clear as it could be and says something like, "Device being deblocked." It takes time, so it's hard to tell if it's doing something or if it just got hung up. As a user, this is confusing.
Do you mean where you reported seeing?:
mountroot> random: unblocking device.And did it just repeat
random: unblocking devicefor some time?That shouldn't happen in a normal boot. It may have to wait a second or two for the root drive to become available but that's it. If you see the
mountroot>prompt that means it's tried to mount root and failed leaving you at the prompt. Some other background process is spamming theunblocking devicemessage but effectively it is still waiting for input at the prompt.So if you see that it's usually not possible to continue without manually mounting root which the user is never expected to do.
I would guess that was a USB drive it was having problems with.
-
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
@TangoOversway there is this?
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-configuration-from-media-during-installI was using that. I had moved my config file to my restore USB and imported it during the install process. I made one mistake, since I assumed it would see my backup config file, and didn't realize it had to be specifically named "config.xml". The filename pattern the backup feature uses will not be recognized. But my issue came later, after install and reboot. It had issues with interfaces that, apparently, shouldn't have been there (and weren't in my config file). So for some reason, it had a problem with a legitimate config file that came from a pfSense backup and was later used successfully to restore my new install to my configuration.
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
There are various threads about eMMC storage. TL, DR:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html#emmc
Packages that require/recommend SSD:
https://www.netgate.com/supported-pfsense-plus-packagesCome to think of it, it didn't occur to me that some packages won't work without the SSD. I do see that my device is notably slower in booting and in the web UI with it running from the USB stick, but I expected that, since a USB is always slower. (What didn't occur to me, and that I've never tested, is to use a microSD card on a USB adaptor and see if that's any faster than a USB stick. I don't know if it's a USB bottleneck or if the issue is a different type of memory in the device.)
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Do you mean where you reported seeing?: mountroot> random: unblocking device.
Yes. For the user, there's no indication that it can take time to do the unblocking, so it looks like it might have just frozen. And, as I mentioned, in my experience, a single keypress stopped the command. If the keypress didn't stop the command, then the command encountered an error and did not report it until my keypress. Either way, I, as the user, was not well informed on what was happening in that situation.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
And did it just repeat random: unblocking device for some time?
It didn't do it one time after another during the same attempt, but in repeated reboots. I was thinking there were other issues, but your next comment I quote, below, responds to some of that.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
That shouldn't happen in a normal boot. It may have to wait a second or two for the root drive to become available but that's it. If you see the mountroot> prompt that means it's tried to mount root and failed leaving you at the prompt. Some other background process is spamming the unblocking device message but effectively it is still waiting for input at the prompt.
So
mount root>is a prompt - but therandom: unblocking deviceis not. Okay, that was confusing, but it explains why a keypress seemed to interrupt what I thought was an unblocking process. I had worked out, in my head, when I kept seeing that over and over, what I thought was going on. so now I'm trying to remember what happened with this new information in mind. It sounds like there already was an error or just hitting <return> (which I often did at that point) generated an error at that prompt. I forgot what I'd get, but it might be in one of my screenshots.@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I would guess that was a USB drive it was having problems with.
That was, if I remember correctly, after I would type
run usbrecovery. That seems to mean that it was either having trouble using the files on the USB stick or had already started using them. And if it saysmount root>, does that mean it did some kind ofpivot_rootto change the root to the USB stick? -
Separate from my responses already posted:
-
Now that I got it to restore properly, and another SG1100 is due to arrive Monday, I'd like to set this one up to use as a backup if the other fails.
-
Since I finally got it working properly, I would think I could power down, pull the USB stick it's running from now, and see if I can get it to restore to the internal SSD. As I mentioned many times, I am wondering if that drive may have gone bad. Is there anything in this thread that indicates that it's likely the internal storage is bad? (Also, if I can restore pfSense on the internal storage, it simplifies storage. I don't have to worry about the USB stick becoming separated from the SG1100 or being broken if something on the shelf falls on it and pushes on the USB stick and messes up the connector or the stick itself.)
-
Home Assistant has a nifty add-on that will back up the configuration to a Samba share on the local network. That's a nice safety feature, since it means if the HA system is borked, all that's needed is to just setup a new system and reload the config from the Samba share. Is there anything like that with pfSense, where it will automatically save a config file to an NAS or other external storage regularly?
-
-
@TangoOversway sg1100 doesn't have a ssd, it is a emmc is not?
https://shop.netgate.com/products/1100-pfsense
Storage: 8GB eMMC storage. -
One other MAJOR issue:
I can see this as a major security issue and I was so focused on just getting things working, I kept forgetting to bring it up.
When I was trying to get my firewall back online, there were times when it was connected to my LAN and the WAN, as normal. This was while I was trying to connect to the Netgate servers. The Starlink router was aware of devices on my LAN! So during setup, there was a direct network pass-through on my SG1100! On the Starlink mobile app, it's possible to connect with my router, even remotely (not through wifi, but through my router's communication with Starlink ISP). When I did this, it listed all my smart TVs, my desktop computers, my Home Assistant systems, my Sonos speakers, and a number of other devices on my LAN.
I don't think this is as much a threat in my situation, since I still had that router between my LAN and the internet and most Starlink users will use that router as their only firewall. Also Starlink uses CGNAT, so unless something on my LAN is phoning home for malware (which it might be able to do with pfSense anyway), it's not like someone could penetrate through the CGNAT. But if my firewall was the only safety device between my LAN and the internet, it would have been a security nightmare.
-
@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
aware of devices on my LAN! So during setup, there was a direct network pass-through on my SG1100!
Not normally going to be possible unless you had a bridge setup or connected your starlink to a lan port and the rest of the network to another lan port..
But not sure all the things you did during your setup of pfsense. But those ports are all part of the same switch in the 1100 I do believe, not discrete interfaces.. So its possible you had to ports in the same L2 and then yeah devices on one port would be able to "see" devices connected to the other port.
So sure during your setup is possible all those ports were the same L2.
-
automatically save a config file
There is this: https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html
Re it being a switch if unconfigured, that’s specific to the 1100. Didn’t look but perhaps Netgate could add a note to the reinstall directions to say to consider disconnecting from LAN and OPT during reinstall if it’s not there.
-
If the uboot envs have been updated during an upgrade, which it should have, then the switch LAN and OPT ports are disabled when uboot runs and remain so until pfSense boots.
If you see the
mountroot>prompt that means the system has been unable to mount the root automatically. Usually that's because it's trying to mount the wrong thing but sometimes it can be because the usb subsystem takes too long to initialise.The
random: unblocking devicemessage is unrelated to mounting root, you are just seeing it written to the console at that time. It's output from the random device showing that is has sufficient entropy to start responding with random data. Before that it is blocked. -
@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
When I was trying to get my firewall back online, there were times when it was connected to my LAN and the WAN, as normal. This was while I was trying to connect to the Netgate servers. The Starlink router was aware of devices on my LAN! So during setup, there was a direct network pass-through on my SG1100! On the Starlink mobile app, it's possible to connect with my router, even remotely (not through wifi, but through my router's communication with Starlink ISP). When I did this, it listed all my smart TVs, my desktop computers, my Home Assistant systems, my Sonos speakers, and a number of other devices on my LAN.
All the SG1100 NICs are, after power down, reset to a switched state.
I don't own or have any hands on experience with a SG1100, but I guess before OS (pfSense) initialization, the nics don't as any traffic at all, but there could be a very short moment where the NIC/switch is activated, and firewall rules and routing isn't load yet, the SG1100 3 port switch becomes what it is : a native switch. Several ms later, pfSense adds the VLAN config, adds firewall rules and adds routing rules.
Its during this short time that you saw the behavior : your pfSense LAN devices were in the same network as the WAN pfSense starlink upstream router.
If you have a switch connected to the pfSense LAN, and this switch was also power reset, all wired devices would received a LAN wire down up event, and that would have triggered their DHCP client. the DHCP request, as soon as the pfSense became a switch for a very brief moment, would "relay" the DHCP requests to the upstream router, the starlink router.
That's why you you see the pfSense LAN devices on the Starlink.
This would last during a very brief situation.
Right after pfSense started up, the lease the device have just obtained is "wrong" as the pfSense LAN has now started up, and its network is of course different (not 192.168.1.1/24) anymore. Devices aren't aware of this of course and this could introduce a somewhat broken network, as they have to restart their DHCP client to get a new lease, from pfSense this time.
If the pfSense LAN switch wasn't reset (rebooted) during the pfSense reboot, the pfSense LAN devices wouldn't be aware of the LAN event (pfSense restart) and they would initiated a DHCP request = all is well.At best, this could be is annoying for you. Not a real security issue as you are after all behind a router, and behind a CGNAT, so no real risk.
Again : this is what I think that can happen.
-
@johnpoz said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Not normally going to be possible unless you had a bridge setup or connected your starlink to a lan port and the rest of the network to another lan port..
and:
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Re it being a switch if unconfigured, that’s specific to the 1100. Didn’t look but perhaps Netgate could add a note to the reinstall directions to say to consider disconnecting from LAN and OPT during reinstall if it’s not there.
and:
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
If the uboot envs have been updated during an upgrade, which it should have, then the switch LAN and OPT ports are disabled when uboot runs and remain so until pfSense boots.
and:
@Gertjan said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
All the SG1100 NICs are, after power down, reset to a switched state.
I don't own or have any hands on experience with a SG1100, but I guess before OS (pfSense) initialization, the nics don't as any traffic at all, but there could be a very short moment where the NIC/switch is activated, and firewall rules and routing isn't load yet, the SG1100 3 port switch becomes what it is : a native switch. Several ms later, pfSense adds the VLAN config, adds firewall rules and adds routing rules.
Its during this short time that you saw the behavior : your pfSense LAN devices were in the same network as the WAN pfSense starlink upstream router.
If you have a switch connected to the pfSense LAN, and this switch was also power reset, all wired devices would received a LAN wire down up event, and that would have triggered their DHCP client. the DHCP request, as soon as the pfSense became a switch for a very brief moment, would "relay" the DHCP requests to the upstream router, the starlink router.
That's why you you see the pfSense LAN devices on the Starlink.
This would last during a very brief situation.I don't know if usbboot is the installer, or if it runs it. I'm going to refer to them as one program, since that's what it looks like.
For clarity (which means I'm using a fair amount of detail):
I did
run usbbootand it came up with the NIC configuration prompts. Then it tried to reach the Netgate servers. At this point, it was NOT reaching the servers. That's when I checked the status of my Stargate router with the mobile app. This app can connect to the Starlink router directly through wifi, if it's in wifi range of the router. In my case, as mentioned, my Starlink router has 1,000' of fiber optic cable between my SG1100 and the router. It's out in our field, way out of wifi range from the house. That means I use a remote connection to my router, which goes from my phone, through cellular internet, to Starlink's servers, then to my router. So when I was in my house and reading the status info from the Starlink router, it had to go through the internet and not through wifi. When I got a report of Starlink seeing all my LAN devices, there was no way it could see them, other than by the hardwired connection through the SG1100.This happened while the installer was trying to contact the Netgate servers. I'm not sure how long before that part of the program that the connection was made, or if it would have worked after that point. Just for clarification on what I did, as I said, this was in the afternoon. I could NOT get it to connect to the Netgate servers at all, and finally gave in and reluctantly, several hours later, connected the LAN connection from the Starlink router to one of my LAN switches. (This is very unusual for me and one of the few times I've had an ISP router connect to my LAN without going through a firewall.) Later at night, with the Starlink router connected directly to my LAN, I moved the SG1100 upstairs, to my study, where I'd be more comfortable working with it and it'd be near my preferred workstation and it was after that when the SG1100 finally connected to the servers.
So there was a time, after I told the installer to leave both NICs up and use the default configuration, when the Starlink router was aware of what was on my LAN. Oddly, not every single device, not some IoT devices, but many devices that could ID themselves. (Such as Apple computers and Apple TV, some OctoPrint systems, some Linux systems, Sonos devices, and Home Assistant systems. (That's what I can recall at this point.)
So this was not a temporary condition while the NICs or software were initializing, or while one was up and the other was not. It was a stable condition for as long as the installer was in that state from the program. (And, oddly while Starlink could see the entire LAN, that was when the SG1100 was not able to reach a server. I'm wondering if the two could be connected - like the conflicting address space @stephenw10 have both been concerned about - or that allowing the passthrough with other devices on the LAN side might have created other issues.)
This is something I triple checked everything, including the connections, my information from Starlink's mobile app, and all the wiring connections and routing. I have some perception and reading issues, so I am used to verifying my work. Yes, it can take me a bit longer than many to put together or figure out how some systems or things fit together, but that means I'm used to that and used to what's going on in my head more than most. I can state, with 100% certainty, that my LAN devices WERE visible, through the SG1100, to the Starlink router, during the time the SG1100 was trying to reach the servers.
I have pointed this out to TAC support, in my discussion with them and pointed out it's a critical issue. They have thanked me for my feedback. (Whether that means they're now watching this thread for more info or, at the other end of possibilities, have thanked me and filed my comments in (what we used to call "File 13" or "The Circular File") the bit bucket. I think this is a critical issue, since the primary purpose of pfSense and an SG1100 is to protect what is on the LAN side from the WAN side and during this time, that is not happening.
I strongly agree with @SteveITS: Netgate could (I say should) add a note to disconnect WAN and OPT during the install.
@Gertjan said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
At best, this could be is annoying for you. Not a real security issue as you are after all behind a router, and behind a CGNAT, so no real risk.
Yes, in my case, I'm dealing with much less of a threat than most people. Still, I haven't trusted ISPs since I found out that Verizon had been messing around with the settings on my Verizon router - proving they could connect to that router and, therefore, my entire LAN, even with secure firewall rules. As I said, I don't trust Starlink, since tying their service into a political agreement (about recognizing Martian colonies as independent) tells me they are okay mixing their agenda with their service when the two have nothing to do with teach other. (Again, this is NOT about current politics or about Musk - leaving him OUT of the conversation.)
But I see the system being an open pathway for more than a couple seconds at a time as a serious issue.
-
I consider the issue of my SG1100 being just a "pass through" device for one phase of the install so important I did not want to include other topics in that reply. So handling other stuff here.
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
If you see the mountroot> prompt that means the system has been unable to mount the root automatically. Usually that's because it's trying to mount the wrong thing but sometimes it can be because the usb subsystem takes too long to initialise.
The random: unblocking device message is unrelated to mounting root, you are just seeing it written to the console at that time. It's output from the random device showing that is has sufficient entropy to start responding with random data. Before that it is blocked.
Okay, you've been thorough and made a few points about this, but this really helped me put the pieces together with what you've already said (that's for me - you've been clear and helpful - just took me a bit to put it together).
So the two items are not at all connected. I get that.
I would think a fix for that would be to include an error message like, "Route file system could not be mounted," before the mountroot prompt appears. Also, it might be that error messages that could appear after a prompt like that might need a linefeed or something before them os they don't show up after a prompt, on the same line. I don't know the system, though, so I don't know if that's practical. It would be easier to read if it did not look like it was part of the mountroot prompt. (To me that looked like both were part of the same message.)
-
@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
I did run usbboot
The installer is also activating the NICs - so all the NICs become activate in their default state : a switch, without any further firewall rules etc. As long as you stay in the installer, which is a stripped down FreeBSD OS, this situation is valid. That explains what you saw.
Very IHMO of course. I actually hope to be wrong. -
If you interrupt the boot again to each the
Marvell>>prompt where you previously ran usbrecovery and instead runprintenvyou will see all the current uboot envs.They should include:
switch_disable=switch phy_write 1 0 0 0xffff; switch phy_write 2 0 0 0xffff; echo "Switch Ports Disabled";
and
preboot=run switch_disable;That is run very early during the boot to isolate the switch ports. If you really try hard, like running a ping flood, you might get some packets through but it should not be connected long enough for dhcp.
-
@stephenw10
Thanks for that info -
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
They should include:
switch_disable=switch phy_write 1 0 0 0xffff; switch phy_write 2 0 0 0xffff; echo "Switch Ports Disabled";
and
preboot=run switch_disable;That is run very early during the boot to isolate the switch ports. If you really try hard, like running a ping flood, you might get some packets through but it should not be connected long enough for dhcp.
The way I read that, if you run
preboot=run switch_disableit will block the connection, but I did have and could see a connection. So shouldn't that be run by default or maybe the installer should do it automatically?
