Why does the SG-1100 change settings when restarted?

abelcallejo

SG-1100 is the only network device that I know that changes settings when the device gets hard hardware restart (cutting off the power). This has happened to the same device for 5 times already. I redid the settings for 5 times already. It is the worst experience ever.

Why does the device keep on doing it? How can I prevent it? The device can not be relied upon for those scenarios.

bmeeks

The SG-1100, and all other Netgate firewall appliances, are full-fledged computers with active UFS file systems. Simply removing power from the box is the absolute worst thing you can do for it. It is the same as just pulling the power plug from the wall on any Windows PC. File system corruption is highly likely in that scenario.

When you want to shutdown the box, use the option under the DIAGNOSTICS menu in the GUI, or you can open an SSH session with the box and use option #6 on the CLI menu. Either of these methods will gracefully shutdown the box.

stephenw10

What settings are you seeing changed exactly?

mer

@stephenw10 Are the filesystems created with defaults softupdates and journaling, async, etc?
Reason for asking is some experiments people have done in VMs with effectively "cutting power" that indicated UFS could lose the "last 5 secs" of filesystem updates (roughly the timer that runs the softupdates threads). Of course disable softupdates and mounting filesystems "sync" instead of async/noasync made huge difference at the cost of performance.

stephenw10

The default 1100 filesystem is mounted:

/dev/ufsid/613e087813ce4d70 on / (ufs, local, noatime, journaled soft-updates)
devfs on /dev (devfs, local)
tmpfs on /var/run (tmpfs, local)
devfs on /var/dhcpd/dev (devfs, local)

That's in 21.09 but ut;s the same in 21.05.1.

When we are able to move to ZFS by default much of this will become moot anyway.

Anyway OP should not be seeing 'some settings lost'. That seems more like it was not actually saved or it's loading a config file from somewhere at boot each time, which I've seen before.

Steve

mer

@stephenw10 Sounds good. I was just trying to point out that the default UFS softupdate flush is about 5-10secs so if changes were made and then power yanked in that period, it could have the symptom OP talks about.

But ZFS, BEs "very much more better" :)

abelcallejo

@stephenw10 It's the VLAN. It gets reset back to no assignments (WAN/LAN/OPT). I usually got locked out because of it. So I would have to go back to the serial port just to change the VLAN settings.

Assigning the WAN again. Assigning the LAN again. Assigning the OPT again. I did this set for 5 times already.

I also noticed that when the ethernet WAN does not get good internet, the device malfunctions. (I am using 1 WAN via ethernet and 1 WAN via USB mobile broadband).

stephenw10

Ah, does the USB modem appear as a USB Ethernet device?

If it does and you have assigned it as an interface (ue0) and then it gets unplugged or it powers down etc that's a problem. If you reboot in that situation pfSense will wai at the interface assign dialogue because one of it's interfaces is no longer present.
You should use USB modems in ppp mode to prevent that if you're hitting it. Or arrange for the modem never to be disconnected or powered down.

Does that sounds like what's happening?

Steve

abelcallejo

Update

It happened again. The device was unpowered. The settings changed again.

@stephenw10 This time I am certain that it is not about the USB modem because it was powered all the time when it happened. This is because the USB modem is battery powered. I think the only way to secure this is by arranging the appliance to never be disconnected or powered down like you said.

Recommendations

Need to use an Uninterrupted Power Supply (UPS) along with Netgate SG-1100.

I haven't actually tried it though.

stephenw10

The problem here is that you are using a USB modem in Ethernet mode and for whatever reason it doesn't appear as a device at boot (in time) so pfSense asks you to re-assign the interface that no longer has it's NIC.
This is not an issue with the SG-1100, it would be exactly the same with any pfSense install.

Are you using usbmodeswitch to put the modem in Ethernet mode? That is a common problem in that scenario.

If the modem can run in PPP mode that avoids the problem as the interface does need to be present. It will just fail to connect if it's not.

Steve

SteveITS

@abelcallejo I stumbled on this thread that might help you.

stephenw10

That's possible, though that particular thread deals with a real USB Ethernet NIC.

Really it depends what is actually happening here. If the modem requires some manipulation before it appears as an Ethernet device. If it's just timing you can probably add a delay to prevent it. It's possible to just exclude USB Ethernet devices from the interface check at boot but doing so risks unknown behaviour in the event it's actually disconnected.

Steve