SG-3100, Cannot update from 2.4.2_1 to 2.4.3.a.xxxx



  • I tried end of last week to move from 2.4.2 to the development release. I tried again today with the same result.
    I run the update, the lights on the SG-3100 return to normal as if the system is up, the console shows both WAN ports have addresses but I have no LAN access. I don't know what to check in the console to find my problem.

    Thankfully the restore process is fast. I keep a backup and USB drive handy and return to 2.4.2 in about 20 minutes but I want to be able to update. I have done it prior with no issue until last week and today. Any suggestions?



  • If i understand correctly you do have console access after the upgrade.? Does it show the regular console options like reboot/upgrade/shell and a few other?

    In the shell option please try a few things ?:
    -ifconfig  < does it shows lan has a ip assigned?
    -can you ping to both google 8.8.8.8 and to a machine/server on your lan from pfsense?
    -can a client ping the lan-ip?
    -are the webgui nginx and php-fpm processes running?
    -is ssh enabled? can you connect to that?
    -Unplug the wan connection, and then disable the firewall with 'pfctl -d' (beware this gets done when pfSense reconfigures due to changes/events that occur..) can you then ping the lan-ip /visit webgui/ connect ssh .?

    Also try and check the logfile contents in /var/log/ make sure to use 'clog' to read/tail those files..



  • @PiBa:

    If i understand correctly you do have console access after the upgrade.? Does it show the regular console options like reboot/upgrade/shell and a few other?

    In the shell option please try a few things ?:
    -ifconfig  < does it shows lan has a ip assigned?
    -can you ping to both google 8.8.8.8 and to a machine/server on your lan from pfsense?
    -can a client ping the lan-ip?
    -are the webgui nginx and php-fpm processes running?
    -is ssh enabled? can you connect to that?
    -Unplug the wan connection, and then disable the firewall with 'pfctl -d' (beware this gets done when pfSense reconfigures due to changes/events that occur..) can you then ping the lan-ip /visit webgui/ connect ssh .?

    Also try and check the logfile contents in /var/log/ make sure to use 'clog' to read/tail those files..

    I do have console access after the upgrade. It looks normal, like nothing is an issue. The main indicator it has not returned after the update is no snmp stats on my bandwidth tool and no network connection on the two machines in my office. I will try some of your suggestions tomorrow when I try the upgrade again. Thanks for the ideas.

    The LAN has an IP assigned as well as both of my WAN ports. V4 and v6. It appears like the integrated switch is the part not working after the upgrade but I will test tomorrow and report back.

    I should have noticed but didn’t, the current release is from the 15th so it makes sense it still fails but I’m still going to test.



  • @PiBa:

    If i understand correctly you do have console access after the upgrade.? Does it show the regular console options like reboot/upgrade/shell and a few other?

    In the shell option please try a few things ?:
    -ifconfig  < does it shows lan has a ip assigned?
    -can you ping to both google 8.8.8.8 and to a machine/server on your lan from pfsense?
    -can a client ping the lan-ip?
    -are the webgui nginx and php-fpm processes running?
    -is ssh enabled? can you connect to that?
    -Unplug the wan connection, and then disable the firewall with 'pfctl -d' (beware this gets done when pfSense reconfigures due to changes/events that occur..) can you then ping the lan-ip /visit webgui/ connect ssh .?

    Also try and check the logfile contents in /var/log/ make sure to use 'clog' to read/tail those files..

    Tried again this morning. If I restore 2.4.2 P1 I have access. Without restoring my config, upgrade to 2.4.3.a.20180315.0822 the switch ports disappear. I thought the issue was packages or my config but the issue appears without a config at all so I will wait until the next release and try again. I know the update worked with my config early last week. Messing around I did a restore with the idea to update again on Friday. That is when I first had my issues. My guess is current config has something missing for the switch on the SG-3100.

    I am able to ping Google via console, I can remote in and use OpenVPN without issue. I just do not have access to my LAN even though an IP address has been supplied. Its like the switch has been turned off.



  • From your description it seems indeed basic pfSense is 'functioning' properly for 99%.. The switch of the sg3100 does sound like the culprit here.. Ive got no idea how to debug that thing..

    Perhaps compare dmesg output of when pfSense boots of the working and upgraded installation.?. Perhaps there is some device driver thats failing to load.?. Ive got no experience with these embedded devices. So hopefully someone else can help you further.

    Perhaps also create a redmine ticked with the issue. (It seems 2.4.3 is close to being released, looking at redmine, would be nice to know this isnt going to be an issue for other sg-3100 users..)


  • Netgate Administrator

    That is fixed in 2.4.3RC and 2.4.4a snapshots if you update to those directly from 2.4.2_1.

    If you check Interfaces > Switch > Ports they should be listed as 'Forwarding' and not 'Disabled'.
    That setting did not exist in 2.4.2.

    Steve



  • @stephenw10:

    That is fixed in 2.3.4RC and 2.4.4a snapshots

    That first one is 2.4.3RC i guess? (a typo.?)


  • Netgate Administrator

    Doh! Yup  ::)

    Thanks



  • @stephenw10:

    That is fixed in 2.4.3RC and 2.4.4a snapshots if you update to those directly from 2.4.2_1.

    If you check Interfaces > Switch > Ports they should be listed as 'Forwarding' and not 'Disabled'.
    That setting did not exist in 2.4.2.

    Steve

    Yes, thank you. Wanting 2.4.3RC I went to 2.4.4a but it works all the same. I reloaded about 4 times before I had it narrowed down.



  • @gsmornot:

    Wanting 2.4.3RC I went to 2.4.4a but it works all the same.

    'the same' , being?: Works correctly? or works only on wan side but not on switch side.?


  • Netgate Administrator

    Both 2.4.3r and 2.4.4a have the correct upgrade code to give valid xml for the new switch setting.

    If you were using the 2.4.x development repo and simply upgraded from a 2.4.3a snap you will now get 2.4.4a. You need to select the Current Release Candidate repo in System > Updates to get 2.4.3r.

    Both should work fine on the SG-3100 right now but more testing of the RC is appreciated.  :)

    Steve