SG-1100 always that flaky or I got a dud?

yannb

I'm a total noob when it comes to network stuff and pfsense so it took me 3 days to get everything setup how I wanted it. The last part was to hook up IVPN, so I followed the directions from the IVPN website to the letter.

I couldn't get the last step working ("Restart openvpn Service" - when I clicked on "start" it would spin the little cog for a few seconds but nothing would happen after that) but in their instructions it said: "might need to additionally reboot pfSense to apply the new configuration" so I went into the pfsense GUI and clicked on "reboot"

That was the end of my SG-1100… The black diamond light never stops blinking fast now, which means it's booting up according to the docs. But after several hours, I'm pretty sure it's not really booting.

I tried the reset button. I also tried unplugging the power cord for a few hours… Still stuck on the blinking.

Now, I'm assuming I'm going to have to go through this whole USB + shell access thing I know nothing about and waste hours without knowing if I'll be able to actually fix my router… It's very frustrating.

How can you brick the device by simply rebooting it from the GUI? My trust in this piece of hardware is gone… Even if I figure out how to reset it to its factory setting via USB (which I think is what I need to do at this point?) It feels like my SG-1100 might crash and burn at any point for no reason…

Of course, it's a bran new device so I hadn't learned how to backup my config yet so I need to redo all that too after I've reset the device, assuming I'm successful…

Am I just really unlucky or are these devices always so buggy?

Thanks,

DaddyGo

@yannb said in SG-1100 always that flaky or I got a dud?:

I'm a total noob when it comes to network stuff and pfsense so it took me 3 days to get everything setup

Hi,

There’s nothing wrong with that first highlight, everyone starts like...noob.
the second highlight, well I haven't seen anyone who has learned to use pfSense in 3 days...

The SG-1100 is a very good piece of hardware, especially for learning, for which the first lessons are:

https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-book.pdf
or (on account of @Raffi_ ) https://docs.netgate.com/pfsense/en/latest/
https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos

The described phenomenon after a reboot (I would not think it is a hardware failure) suggests a serious misconfiguration...

When there is no GUI, for beginners the science stops, because now there would be a debugging through the console

I would rather recommend a fresh installation ... learning and a new configuration

BTW:
@yannb "My trust in this piece of hardware is gone…"
it is unnecessary and never give up.......
the SG-1100 is good, only what has happened means you still have to get acquainted with it

yannb

@DaddyGo Thanks… Is there anything in the IVPN setup I linked above that could brick the router? Because I didn't do anything else whatsoever.

I said I had everything setup in 3 days, not mastered pfsense in 3 days!

I'm a noob when it comes to networking, but I'm comfortable with shell etc. (front-end web engineer…), my best bet is to do that, correct?

Thanks again…

Gertjan

@yannb said in SG-1100 always that flaky or I got a dud?:

my best bet is to do that, correct?

Exact.
That access is actually as ( / even more ) important as the GUI access.

For daily use, when interfaces are up and running, you could also use the SSH access - all you need to do is activating it.

DaddyGo

@yannb said in SG-1100 always that flaky or I got a dud?:

Is there anything in the IVPN setup I linked above that could brick the router?

I've configured a lot of VPN types already and haven't broken the stuff so far ...so my answer is if the config is good then it works

@yannb "I'm comfortable with shell etc. (front-end web engineer…)"
you didn't say that at the beginning, just that you are a noob...

let's go and then press the console...

BTW:
but you know that NGFW is not a web...
philosophy needs to be learned, so feel free to read the curriculum as well

stephenw10

If it's not booting for some reason you need to connect to the console to see why.

Even if you choose to default the config or to reinstall you need to connect to the console.

The only thing you can do without the console is to have it pull in a config file from a USB stick if you have a backup of a working config.

The fact the OpenVPN client service did not restart and that it seems to be failing to boot but not bootl-looping makes me think it may be configured with a client setup that needs a password but one was not added. In that situation when the client starts at boot it will be waiting for a password at the console.

This instruction on their site is incorrect:

Only your account ID is used for authentication. The password field can be left empty or set to anything if your client software requires a non-blank password. 

That's clearly copy/pasted from generic instructions. You need to enter a password there even if the server end ignores it.

You should never need to reboot to get an OpenVPN connection up. You might need to clear the state table to get your client routed over the new connection.

They have you remove the outbound NAT rule on the WAN for the LAN subnet which is a bad design IMO. They don't talk about changing or setting the default gateway or adding policy routing. I would choose to leave the default as WAN and policy route clients that need it ovcer the VPN.
Much of that is discussed in our hangout on this here:
https://www.youtube.com/watch?v=lp3mtR4j3Lw

Steve

yannb

@stephenw10 THANKS!!

I'm following the Connecting to the Console Port instructions. I'm on OS X Catalina, using sudo screen /dev/cu.usbserial 115200 in iTerm but I don't see anything about what the default password is in the docs.

Also… on the next page, it says I need to open a ticket to reinstall pfsense. There's no way I can just reset it to factory settings?

Thanks!

Rico

You need to open a ticket to get the Image...it‘s free and fast.

-Rico

akuma1x

@yannb The password for the console access is your account password from the OSX account. That threw me too, the first few times I tried.

And, if you get in thru the console successfully, yes, you can factory reset in there.

yannb

@akuma1x oh… I'm too used to log in stuff over the net The process is on my Mac I guess. That makes sense. Thanks!!!

yannb

@stephenw10 You're a mad genius!!

After getting the console via USB thing sorted out and restarting my SG-1100, could see it get stuck on:

t upnee iroode...e.Cfiuring opbac ia.dn.n
nuiniacs.ofurinVLA ntrfcsd.
igrinQ ierfaces.doofcintrfac.ne
CfinA etio.teae..de.
Cr ial.d.n..nuh Passwrd:

Entered my IVPN password and it kept on starting up and I can log back in the GUI.

Side note: the console output is supposed to be in English? Is that how it's supposed to look like?

Also, can I just unplug the USB thing straight up or do I have to quit the screen process first somehow?

Thankfully I could understand the Passwrd part

I guess I'll go watch that YouTube video you hooked me up with… Thanks again!!

I didn't have to reinstall anything…

stephenw10

No it's not supposed to look like that.

When you see that in OSX it's almost always because there is more that one thing trying to access the com port at the same time. It's easy to create to terminal connections to it when you first try this. You can kill the processes or just reboot the Mac and re-connect and will probably be fine.

However you can just about see that it's asking for a password after configuring the interfaces which is exactly where I would expect it to stop when it tries to bring up the OpenVPN client with no password set. Since there is no valid password required you should just be able to enter anything there and it will continue to boot. Then you can set something bogus in the client setup via the gui. Edit: Which I see you did.

Steve

pi

@DaddyGo

Hi,

There’s nothing wrong with that first highlight, everyone starts like...noob.
the second highlight, well I haven't seen anyone who has learned to use pfSense in 3 days...

That’s funny. I’m a couple of months into pfSense and I’m still breaking it, probably weekly. Still a rookie but have become a pro at console, usb-restore :)

DaddyGo

@pi said in SG-1100 always that flaky or I got a dud?:

That’s funny. I’m a couple of months into pfSense and I’m still breaking it, probably weekly.

Unfortunately, I can't do that anymore because there are a lot of production environments in which we use pfSense.

All success can be gained through a lot of experience

Go for it...