How long should SG-1100 upgrade take? Update: She dead. Update2: She on life support.
-
@scurrier said in How long should SG-1100 upgrade take? Update: She dead.:
I waited two hours and then remotely power cycled it with a 30 second off time. Waited a bit for it to come up and no luck. Netgate SG-1100 bites the dust...
my SG1100 also just indicated that it wants to be updated...
but I think I'll wait until I see some positive feedback here...My experience with netgate has been very good in the past - so don't give up too quickly.
Here's hoping that netgate gets you back up and running soon!
-
@hoopy I usually do that too, but I figured it's Netgate's own hardware with a simple config. Oh well
-
@scurrier my SG-1100 took 12 and a half minutes. With 3 packages installed - Avahi, openvpn-client-export and Status_Traffic_Totals. I uninstalled pfBlockerNG-devel prior to upgrade and then re-installed it.
-
I have a SG-5100 and I had the same issue. Upgrade got to the rebooting part and after several cycles of the website trying to reload I found the unit had as a solid red middle light (which I think indicates a problem.)
I also waited a few hours and then tried power cycling. This didn't work, it always came back red.
I also pressed the recessed button to try to reset the unit. That didn't seem to do anything at the time.
I was without internet and so I had pull all the cables off the unit to reluctantly connect internet directly to my old Netgear WiFi/Router. (After 6 months with pfSense, this didn't feel safe! LOL)
After that, I finally found the console cable and tried connecting with PuTTY while the middle light was still red.
Perhaps coincidence but after getting the menu in the console, the middle light turned green. Again, the middle light had been red and otherwise unresponsive for 2+ hours until I tried the console...
I wasn't able to log back into the web interface initially but I soon found out it was back at the default IP 192.168.1.1. Apparently, the recessed button fully wiped the settings?
So perhaps if the console connect "fixed" it, I didn't need to try the recessed button. In the console, I didn't actually perform any actions. It was my first time using it and I was just happy to have that to explore.
I disconnected the console cable (didn't logout or anything) and went to the totally default-looking 21.02 pfSense. I restored my backed up settings and it seemed like everything was OK except all the packages were gone. This was the first time I ever restored the settings, but I guess this is normal. Also I didn't know if restoring settings across versions (2.24 -> 21.02) would work so I spent a while checking out all the settings I remembered changing to see if it was still there. It seemed fine.
Finally, I re-installed only one package, pfBlocker-ng, and for the most part it's all good again. It's been totally solid for around 24 hours now.
I'm not sure why it froze up like that and it wasn't expected, but at least in my case, I was able to get it back again (perhaps via the console)... ?
-
My SG-1100 took about 20 minutes to do the upgrade after a fresh reboot. The reboot after the upgrade though took about 10 hours before the webGUI was even available, and still required another reboot via SSH before things returned to some normalcy. The upgrade did yank off telegraf with no install candidate, so if you run telegraf don’t upgrade yet. Also expect very long upgrade reboot times that has no traffic passing. And before folks want to go blaming packages and such, the only thing the SG-1100 does is local DHCP and IPSec.
Personally, the SG-1100 has been a disaster for me, woefully underpowered and the lackluster ARM support is rediculous for a consumer supported security product. It seems like the entire ARM based product line is lackluster, which is sad in my opinion for a commercial product. I will be moving off the ARM platform, and go with what has worked for me which is non-NetGate x86 hardware and the CE version of the product. I may try the + version on x86, not sure yet. -
10hours is extreme! Hard to imagine what it was doing for that long.
Telegraf should be there for arm64 but you're right it isn't for some reason. I'm investigating... -
@stephenw10 it’s a remote device so didn’t capture the console output and not sure if dmesg will go back far enough to be useful. While the device is accessible externally I can’t get any traffic to pass and the IPSsec has extreme packet loss so a lot of services are down. Making the two hour drive to get into the console and troubleshoot.
-
There is an upgrade log in /conf you can check. If it was erroring out on something and having to wait for it to fail it should show there.
-
@stephenw10 I do see errors with PHP modules failing to load and some other items, but I think the stuck part was during the reboot itself. Which I woulda thought to dump dmesg somewhere else before rebooting. I feel it may have something to do with the uboot upgrade, just not sure how much of that or any other firmware may have been done too.
-
@jlw52761 this is off topic but..
a disaster for me, woefully underpowered<<
sounds like you under spec'd based on your needs. That's your fault not a product fault. The IMIX Traffic/performance info is on the appliances product page.
lackluster ARM support is ridiculous<<
what does that mean? You want an ARM CE version so you can run it on Raspberry Pi, etc?
entire ARM based product line is lackluster<<
if you want to make a value/price argument on the ARM product line do that
-
@jlw52761 Hmm, you shouldn't have seen a uboot update there unless you were somehow on a very old version. There has not been a uboot update for the SG-1100 in some time.
Steve
-
@jlw52761 Mine lost the GUI too. Hopefully overnight it'll come back, as yours did?
Ugh this sucks.
-
It can take a significantly long time to come back after it reboots, the upgrade to 2.5 is a large change. Most of the upgrade takes place after the reboot. But check the console to know for sure.
Steve
-
Update2 from me, the OP, here. I got remote access to a computer connected to the SG-1100 lan port. Turns out, she's not dead, she's just having some WAN issues. I can't figure it out. I can ping the upstream WAN gateway, but nothing beyond it. An ICMP traceroute to an internet address strangely returns only repetitions of the SG-1100's own LAN gateway IP.
-
@scurrier Got it working again, although I still don't know exactly what went wrong. Turns out the default gateway was set to automatic (as expected), but this was no longer automatically selecting the correct standard WAN_DHCP gateway. I changed the setting pictured and now everything seems to be working. What the heck? This is so basic.
-
If you have an internal gateway like that you should always set the default to be the WAN.
When it's on automatic if the WAN gateway goes down it will choose the next available gateway and you don't ever want it to do that where you have a LAN gateway.
Steve
-
@scurrier Only strange thing left at this point is the NTP server is down and won't start.
-
@scurrier NTP server is magically back up today. Not sure what was going on with that.
So far, so good after fixing the default gateway problem.
-
NTP can take a while to sync upstream and then start serving data. That's not entirely unexpected.
Steve
-
I'm down again. Not responding to pings and the downstream network operator messeged me that my internal traffic from behind the firewall is leaking onto their network.
