My SG1100 is bricked

STEAMENGINE

I received my SG1100 a few days ago and set about getting it going. Connecting a LAN to it gave me the web interface and the usual introductory curtsies etc. This done I tried to load a XML backup file from a working AMD64 pfsense installation to load the PPPoE user and passwords for the WAN and some add-ons. This was a bad move because it immediately bricked and won't talk to me or establish a WAN connection. it flashes its diamond LED continuously.
Is there a way to reset back to the delivered condition and thus be given a chance of a more cautious start. I understand that the reset trick simply reboots it but does not get you back to the factory default state; it has not done me any good.
Any ideas?

chrismacmahon

You should get a console connection like described here https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/connect-to-console.html

That should get you a menu; and do a config roll back, or reset to factory defaults.

STEAMENGINE

When I say it's bricked I mean it wont reply to web interface or console. It has gone AWAL. It won't talk to me. End of.
Thats what I want ideas for.

stephenw10

Was the serial console working before that?

Do you see the virtual com port when you connect to it?

Steve

chrismacmahon

I would re-install at this point; please open a ticket at https://go.netgate.com provide your serial number and Netgate Device ID; we will get you sorted out.

STEAMENGINE

@stephenw10
The only thing the console connection ever said to me was "OK"
No sign of pfsense shell or bsd shell. That was before I tried the LAN port when I got entry to the web interface. I guess I pushed too hard. Now that's gone.
It sits there with one blue LED steady and the other ( black diamond) LED flashing permanently. It never establish a connection to the WAN with PPPoE.

STEAMENGINE

The saga has continued. I got a new SG-1100 from the UK distributor and it does, without fail communicate on it's console port. The one I sent back had a dud console socket.
Progress you might think with the replacement. I set it up as 192.168.1.2 so that I could communicate with it on the LAN web interface. This worked so I set about giving it minimal configuring to have a go in the real seat at 192.168.1.1

This done it has refused to communicate over the LAN which it just did when addressed as 192.168.1.2
It is a problem that when given the real seat at 192.168.1.1 I have to disconnect my working installation of an AMD64 which has worked sweetly for about 6 weeks. I got that going so that I could learn the ropes before the SG1100 turned up.

The SG1100 will not ping from the LAN at 192.168.1.1 It will ping other members of the LAN using its own ping tool. When I run a LAN IP scan it is not there from which I conclude it is staying shtum even though it is on the subnet. Similarly it does not respond with WEBConfig when asked to with a browser.

All the while the console is up. It has never wavered in its duty to be there. Probably someone with more knowledge of the tools it offers could make progress in finding out why it is unwilling to respond to the LAN.

The WAN interface is a separate story. The usual process of starting without WAN or LAN and providing a WAN connection for an auto detect does not work. It says the connection is not up. I can see the WAN link light and various data flashes but the box says no! The WAN connection is PPPoE and I told it that while I had communication via the LAN at address 192.168.1.2 I also provided the username and password for the ISP. (all still working on AMD64 as I type this). I should say that I have a cable WAN modem between the ISP and the SG1100. The AMD64 is using it without problems.

I feel like there is a difference in detail in the way that the AMD64 and the ARM devices handle the WAN connection. There was never a problem with the AMD64 but we are stuck with a number of symptoms that I can't as yet get past. If someone had given me the SG1100 to try out they would have got it back by now or it would be in the dumpster. In case you think I am not a supporter of pfsense my experience with the AMD64 trial installation running on a dual 3.2 Athlon with AES-NI, 4Gb of RAM and a big disk is absolutely solid. It does not turn nasty and provide strange symptoms. I am delighted with it. You might think I should just keep it. At the present rate of ARM progress I will have to. I am just stung by having paid for it and got nothing for my money.

Summary: now on SG1100 box # 2. Box #1 would only occasionally communicate with the console port; mostly not - it went back. Box #2 is solid in communication with console but won't agree that there is a WAN connection up. We can't get past that in the initialization sequence. Box#2 did give access to webconfig and pings while I had it in the LAN at 192.168.1.2 No one on the LAN can see it now at 192.168.1.1 but it can see the members of the LAN to ping them.
What is going on?

Gertjan

@STEAMENGINE said in My SG1100 is bricked:

What is going on?

Dono.
Re read your message several times, still can't tell what the problem is.

Ok when you change your LAN IP - but do check / setup also the DHCP settings.
Don't "think" that DHCP server works, check it ! (right pool - right mask, right DNS)

Normally, I do not change the LAN IP (192.168.1.1/24).
I would activate the power to the SG-1100. Hook up a RJ45 cable between your PC and the SG-1100 LAN port and voila : bingo : connected (edit : to the SG-1100 - the WAN isn't up yet, but you can talk with pfSense now).
By connected I mean : drop to the "cmd" line (Windows !) and type the ever lasting

ipconfig /all

(a Mouse click version exists also - should give the same results)

Example :

C:\>ipconfig /all

Configuration IP de Windows

        Nom de l'hôte . . . . . . . . . . : bureau2
        Suffixe DNS principal . . . . . . :
        Type de noud . . . . . . . . . . : Inconnu
        Routage IP activé . . . . . . . . : Non
        Proxy WINS activé . . . . . . . . : Non
        Liste de recherche du suffixe DNS : brit-hotel-fumel.net

Carte Ethernet Connexion au reseau local:

        Suffixe DNS propre à la connexion : brit-hotel-fumel.net
        Description . . . . . . . . . . . : Intel(R) 82562V 10/100 Network Connection
        Adresse physique . . . . . . . . .: 00-19-D1-42-D6-56
        DHCP activé. . . . . . . . . . . : Oui
        Configuration automatique activée . . . . : Oui
        Adresse IP. . . . . . . . . . . . : 192.168.1.2
        Masque de sous-réseau . . . . . . : 255.255.255.0
        Adresse IP. . . . . . . . . . . . : 2001:470:1f13:5c0:2::ca
        Adresse IP. . . . . . . . . . . . : fe80::219:d1ff:fe42:d656%4
        Passerelle par défaut . . . . . . : 192.168.1.1
                                            fe80::212:3fff:feb3:5875%4
        Serveur DHCP. . . . . . . . . . . : 192.168.1.1
        Serveurs DNS . . . . . . . . . .  : 192.168.1.1
                                            2001:470:1f13:5c0:2::1
        Bail obtenu . . . . . . . . . . . : jeudi 9 mai 2019 11:34:20
        Bail expirant . . . . . . . . . . : vendredi 10 mai 2019 11:34:20

[ Please, don't yell : this is a XP device .... I know .... I'll be ditching it soon ]

As you can see, it lists the most less important details like IPv4 address - but also the mask, gateway and DNS ...

Did your PC got the right gateway ? DNS ? (both should be 192.168..1.2)

Check also the pfSense DHCP server log : everything ok ? You see the MAC of your device asking for an IP ?

@STEAMENGINE said in My SG1100 is bricked:

The usual process of starting without WAN or LAN and providing a WAN connection for an auto detect does not work

LAN is auto setup to some default values. Nealy every router on planet earth uses the same values : 192.168.1.1/24 - DHCP server activated will a pool like 192.168.1.2 -> 192.168.1.254 (something like that).
pfSense is not any different.

A WAN connection has never been auto-detect. It probably set to default to "DHCP-client", so, yes, it would grab an IPv4 from an upstream router and thus it connects right away without any changes from you.
Your case : WAN PPPOE : so select that, enter user and password, and Save + Apply : it should connect.

I'm not aware of any bugs that exists because the processor is ARM instead of AMD64.

@STEAMENGINE said in My SG1100 is bricked:

The SG1100 will not ping from the LAN at 192.168.1.1 It will ping other members of the LAN using its own ping tool. When I run a LAN IP scan it is not there from which I conclude it is staying shtum even though it is on the subnet. Similarly it does not respond with WEBConfig when asked to with a browser.

Can't make anything out of this.
Please post details (the Ctrl-C Ctrl-V trick) like

pfSense - Netgate Device ID: 20bb5ffe385c74e087

*** Welcome to pfSense 2.4.4-RELEASE-p2 (amd64) on pfsense ***

 WAN (wan)       -> rl0        -> v4/DHCP4: 192.168.10.11/24
 LAN (lan)       -> fxp0       -> v4: 192.168.1.1/24
                                  v6: 2001:470:1fe3:5c0:2::1/64
 PORTAL (opt1)   -> sis0       -> v4: 192.168.2.1/24
 HENETV6 (opt2)  -> gif0       -> v6: 2001:470:1f19:bc0::2/128
 VPN (opt3)      -> ovpns1     -> v4: 192.168.3.1/24
                                  v6: 2001:470:deea:2::1/64

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Disable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option:

It still happens to often that people put in place masks like /32 (just an example) without really understanding what that might imply. The same people were not thought how to use the (now ancient) tools to check and verify.

STEAMENGINE

Herewith what you asked to see. I note that the V4IP of the WAN has a mask of /32 but I did not set that.

What the SG1100n Console shows on bootup¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬

FreeBSD/arm64 (MFpfSense.localdomain) (ttyu0)

Netgate SG-1100 Netgate Device ID: c223f5be5c22c482ffee
Serial: NTG1910000020 Netgate Crypto ID: 012329d7c54e334fee

*** Welcome to pfSense 2.4.4-RELEASE-p2 (arm64) on MFpfSense ***

WAN (wan) -> pppoe0 -> v4/PPPoE: 81.131.219.171/32
LAN (lan) -> mvneta0.4091 -> v4: 192.168.1.1/24
OPT (opt1) -> mvneta0.4092 ->

0. Logout (SSH only) 9) pfTop
1. Assign Interfaces 10) Filter Logs
2. Set interface(s) IP address 11) Restart webConfigurator
3. Reset webConfigurator password 12) PHP shell + pfSense tools
4. Reset to factory defaults 13) Update from console
5. Reboot system 14) Enable Secure Shell (sshd)
6. Halt system 15) Restore recent configuration
7. Ping host 16) Restart PHP-FPM
8. Shell

Enter an option:

what a PC on the LAN sees¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬

C:\Users\steph>ipconfig -all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Calculus
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : localdomain

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (2) I219-V
Physical Address. . . . . . . . . : 2C-56-DC-38-CA-4D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . : localdomain

a LAN scan cannot see the SG1100 on the subnet.

PC tries to ping SG1100 ¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬

Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\steph>

However if the SG1100 tries to ping a device on the subnet it succeeds!

SG-1100 pings the PC ¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬

Enter an option: 7

Enter a host name or IP address: 192.168.1.108

PING 192.168.1.108 (192.168.1.108): 56 data bytes
64 bytes from 192.168.1.108: icmp_seq=0 ttl=128 time=0.406 ms
64 bytes from 192.168.1.108: icmp_seq=1 ttl=128 time=0.331 ms
64 bytes from 192.168.1.108: icmp_seq=2 ttl=128 time=0.289 ms

--- 192.168.1.108 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.289/0.342/0.406/0.048 ms

Gertjan

This command :
@STEAMENGINE said in My SG1100 is bricked:

C:\Users\steph>ipconfig -all

states clearly that your Ethernet connection is not connected :

@STEAMENGINE said in My SG1100 is bricked:

Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected

Solution : as said : connect a cable to the pfSense LAN and your NIC on your PC.
Use a good cable - one that isn't broken (test it somewhere else first)
Do the NIC light come up on both sides ?

edit : or are you using a connection on "Ethernet adapter Ethernet 2:" ? (a Wifi connection ?- another NIC ? where are the details ?)

STEAMENGINE

Tt is the same cable that is working as I type this. I just swing it between the AMD64 which is working beautifully to the SG1100. I also swap the WAN. Both of those cables are working with the AMD64. The AMG 64 just idles disconnected while I do experiments with the SG100. After the experiments I just move the WAN and LAN cables over and within min it is all up again.