SG-3100 upgrade from 23.09 to 24.03 - 2 issues
-
I found that this upgrade caused 2 issues:
I had Boot Environments before - and now they are all gone...
One firewall rule for default outbound traffic for one interface went bad.
I had to delete the rule, and put it back in again - then the outbound traffic for that interface started working again... -
The 3100 cannot boot ZFS so Boot Environments cannot be used there. I would not expect to have seen that menu in any version running on a 3100.
Steve
-
@stephenw10
Thanks, Steve, I never realized that.
I still don't know what to think about that single rule that got somehow corrupted.
It caused our Security Camera LAN to be down for days.
An angry manager.
And several hours to troubleshoot.I just wished I could have a pfSense upgrade that I didn't have to worry about.
We are considering just leaving these routers alone, and not upgrading them.
They work really well, otherwise... -
If you check the config history can you see what the rule was that didn't apply?
-
So, it appears my SG-3100 got corrupted after the upgrade.
I've decided to just punt and attempt to reinstall pfSense software; however, now it seems my store.netgate account isn't valid anymore. What gives?I'm getting just a little frustrated that after 22 days I still don't have a solution to restore my SG-3100 back to a state where I can manage it. How do I get software to download? Has it come to having to purchase support?
-
Just lock into the docs:
SG-3100 -
The Net Installer does not support the 3100 so just open a support ticket as previously. You do not need to have support to get recovery images.
-
@stephenw10
I've been doing a lot of debugging and learning; however, I've never been able to get my SG-3100 web GUI to work.
I've 'run recovery' from provided pfSense-plus-Netgate-3100-recovery-24.03-RELEASE-armv7.imgI can ssh and have confirmed there are no errors in /var/log/nginx/error.log.
nginx -t reports syntax is okay and test is successful.Confirmed the anti-lockout rule exists.
Web GUI is always blank.
telnet show that the nginx server is responding when given a bad request.Tried switching the interface to port 80 instead of 443; however, that resulted in no http response.
cat /var/log/system.log shows various pids with:
pfSense kernel: pid 38541 (pkg-static), jid 0, uid 0: exited on signal 11 (core dumped)Is the only option left to assume a bad configuration exists?
Is 'Reset to factory defaults' the only solution?Thank you in advance.
-
Can we assume that initially after a clean re-install the gui is accessible as expected?
Do you have any packages in your config? Which ones?
-
Can we assume that initially after a clean re-install the gui is accessible as expected?
No
Do you have any packages in your config? Which ones?
pfBlockerNG-devel, nut, System Patches
-
Ok if the gui is not accessible after a clean install, before your config has been restored, then check for a subnet conflict between the default LAN (192.168.1.1) and whatever the WAN might be connected to.
-
@stephenw10
WAN: DCHP
LAN: 192.168.0.1
OPT: 192.168.1.1 (not used)Router otherwise working.
Should I just comment out the packages one at a time? -
@stephenw10
I've tried upgradeconfig.
I've stopped the 3 (all) services: nut, pfb_dnsbl, pfb_filter; and, then have Restart PHP-FPM and Restart GUI. Still no web-gui. -
@4eanlss
More specifically:
WAN (wan) -> mvneta2 -> v4/DHCP4: 192.168.10.129/24
LAN (lan) -> mvneta1 -> v4: 192.168.0.1/24
OPT1 (opt1) -> mvneta0 -> v4: 192.168.1.1/24 -
@stephenw10
Also, Filter Logs has confirmed that WebGui traffic is not being blocked from the client; it is being passed from client IP address to 192.168.0.1. -
@stephenw10
I tried option Update from console:
pfSense-repoc-static: si_get_packages: failed to run the pkg info command: /usr/local/sbin/pkg-static info -R --raw-format json-compact pfSense-pkg-* 2>&1
pfSense-repoc-static: failed to read the installed pfSense packages
Messages:
Your Netgate device has pfSense+ as part of your device purchase.
Segmentation fault (core dumped)
Segmentation fault (core dumped)
ERROR: It was not possible to identify which pfSense kernel is installed
Netgate 3100 - Serial: xxxxxxxxxx - Netgate Device ID: yyyyyyyyyyyyyyyyyyyy -
@4eanlss
pkg-static info -x pfsense
Segmentation fault (core dumped)pkg-static -d update
Segmentation fault (core dumped) -
@4eanlss said in SG-3100 upgrade from 23.09 to 24.03 - 2 issues:
Router otherwise working.
Should I just comment out the packages one at a time?You shouldn't have any packages installed after a clean install. That would only happen after restoring your config.
So it is accessible after a clean install? Or is it only an issue after restoring your config?
-
@stephenw10
Thanks for you help; however, at this point with the number of hours I have invested in trying to restore this 3100 I could have purchased two appliances. I'm typically not one to give it; however, I've come to the conclusion that the 24.03 software is not compatible with the SG-3100.I've tried strategically removing packages from the config.xml with no success with run recovery.
I've tried with no config.xml on the recovery USB and still no web GUI -- always the same result.
I've tried resetting to factory defaults -- the same result -- there are two processes which always seg fault and a error about not being able to detect pfsense version. Never get a web gui either http or https.If there was an option to get version 23.09 with a TAC ticket maybe I'd have a shot at getting this device working -- it was the last known working version.
I'm planning on purchasing a new device to save time and hassle.
-
You can ask TAC for the 23.09.1 recovery image.
I've been running 24.03 on a 3100 as my edge here since it we started tested it and it's been generally fine.
