SG-1100 no internet, no web UI, SSH OK

brightwolf

Thanks for the tips but I cannot enter the console menu anymore: it won't let me in, each password I enter is denied. The default password is denied, and all passwords I used with it are denied. How can I factory reset without entering console?

Grimson

https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/

brightwolf

That looks promising, thanks! Will try tonight and report back here on my progress.

brightwolf

Finally I am getting time to re-install (read: unbrick) my SG-1100. However, as it turns out, I need to request support for an install image. Since I did not buy support as I did not expect that I would need it, I am in trouble again. Is there some other way to obtain this image? Can I use a generic image? Can somebody share the SG-1100 image with me?

All hints/tips/tricks welcome.

Gertjan

I do no own a netgate device, but I'm pretty sure that when you buy a Netgate device, you have access to some netgate's support portal like https://go.netgate.com/support/login where you can download the latest pfSense firmware. For life.

Note : you have to create your access yourself.

JeGr

@brightwolf said in SG-1100 no internet, no web UI, SSH OK:

Finally I am getting time to re-install (read: unbrick) my SG-1100. However, as it turns out, I need to request support for an install image. Since I did not buy support as I did not expect that I would need it, I am in trouble again. Is there some other way to obtain this image? Can I use a generic image? Can somebody share the SG-1100 image with me?

All hints/tips/tricks welcome.

Contact the official support as it is stated in: https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/reinstall-pfsense.html

stephenw10

Yes, just open a ticket if you have not already and we will get that to you ASAP.

Steve

jahonix

@brightwolf said in SG-1100 no internet, no web UI, SSH OK:

Can I use a generic image?

No!
Available generic/CE images are x64 only.
The SG-1100 is based on ARM architecture and needs a totally different image.

brightwolf

Thanks everyone for the feedback. I created an account and asked for the SG-1100 image on 15:42 yesterday. At 15:43 the helpdesk provided me with the image. Nothing to complain about.

brightwolf

So finally I came around to reinstalling my SG-1100. I had no time earlier. Here's what I did so far.

I flashed the supplied image file to a USB flash drive with Etcher, connected to console and started the SG-1100. Following the reinstallation guide, I had it up and running in a vanilla state again 10 minutes later. Then I connected and restored my previous backup file without the 'packages' parts (because those were likely to be the root cause of the issue causing all this) and that worked too. Finally, I hooked it into my network again but.. this is causing some headaches. It just refuses me to connect. I do not even see the login screen. It may be due to some network interference, IP conflict, I do not know, but after spending some time I decided to do one other reinstallation and then reconfigure the whole thing from scratch. It will take some time (openVPN, firewall rules and all) but I will also learn from it. However, that will have to wait till the weekend, for now I had enough pfSense for one evening...

brightwolf

Confirmed, my wireless router which I hooked up to the SG-1100 indirectly through my switch, had the same IP address. Changed that one and after that, it worked flawlessly.

padreloco

@brightwolf
Hello,
I've recently bought SG-1100 too. And I find myself in kinda similar situation.
I've been trying to read the whole thread over and over trying to see if I get where I go wrong in setting up, with no success.

Would you kindly share with me what you did in set up?

I have a computer connected to LAN port of SG-1100 and the WAN port of SG-1100 connected to the LAN port of my router.

The router IP is 192.168.0.1/24. (With a plic IP a.b.c.d and DNS servers e.f.g.h).
When I connect the SG-1100 (as mentioned above) this gets a DHCP address of 192.168.0.23/24. My client computer connected to it is assigned 192.168.1.2/24.

Please share/advice how you did your set up and made it work so that I can do the same. I can't manage to have Internet.

Thank you in advance.

brightwolf

@padreloco
I am not an expert myself but I think the only thing you need to do is to add an "allow" firewall rule on your LAN network. pfSense will block everything by default, is what I understood.

So in Firewall > Rules > LAN add something like:
Action: Pass
Interface: LAN
Protocol: any
Source: any
Destination: any

Once you have that rule you can start adding "deny" rules above it, to block everything you wish to block.

padreloco

@brightwolf
I have tried that too with no success.
I guess the error is in WAN and/or LAN settings of pfsense...
This is why I was curious to know how you did in settings...

Rico

Show screenshots of your WAN + LAN Settings, Firewall Rules and output of ipconfig /all from your Client machine.

-Rico

brightwolf

@padreloco
Did you restore a backup? In my case, I suspect the initial problem occurred due to some package settings. When I restored the backup I introduced the same problem again. That's why I did a complete reinstall of pfSense, then a complete reconfiguration of it. Now it's working without problems.

Gertjan

@brightwolf said in SG-1100 no internet, no web UI, SSH OK:

you need to do is to add an "allow" firewall rule on your LAN network.

That rule, on the LAN interface - is present by default.
So, any device, hooked up to the LAN interface will have full access as soon as the WAN interface works.
Typically, the WAN interface is setup to DHCP (client), thus when hooked up to an up stream (ISP) router, everything works.

Except : the conflicting network range issue : when the upstream router uses for itself at it's LAN - this is the LAN of the upsteam router ! - also 192.168.1.0/24 then you should :
Change that network address on your upstream (ISP) router, like 192.168.2.0/24
or
Change the default 192.168.1.0/24 on the LAN on pfSense to, for example, 192.168.2.0/24
Like this :

Check also the DHCP server on the DHCP server page, interface LAN : the pool must be in the 192.168.2.x/24 range. Normally, it is.

Now, you'll be fine.

Note : pfSense behaves as any other router on planet earth : with all settings on default, it's works.
If it doesn't, check already existing material in your environment that isn't setup by default.

brightwolf

@Gertjan said in SG-1100 no internet, no web UI, SSH OK:

If it doesn't, check already existing material in your environment that isn't setup by default.

Yes, like, for example, an IP conflict because of which I could not connect to my pfSense on SG-1100 anymore. Both my wireless router (downstream of the SG-1100 and in bridge mode) and my SG-1100 appeared to have the same IP on the LAN. Once I changed the wireless router's IP I could connect to the SG-1100 again.

padreloco

@brightwolf
Well, I did the "4. Reset to factory defaults", again, followed with the standard configuration with no success.

Giving up, I changed the computer from macOs to windows OS. I could then have access to internet. I hate the fact that I don't understand why!

Another thing is that from my computer I don't see other devices (NAS...) connected to the switch where my computer (client) is connected...

stephenw10

The client OS should make no difference there assuming both are configured for DHCP.

What is actually not working though. Are you able to ping 8.8.8.8? Are you able to ping google.com?

Windows firewall may have set that new network as pub;ic as the dhcp server MAC address will be unknown to it.

Steve