SG-1100 Won’t Reboot on Upgrade - no internet access!

stephenw10

Having two interfaces in the same subnet is a conflict but the result of doing so can be unpredictable. When pfSense is trying to connect to something in that subnet, like it's gateway, there is no unique path to it. Both WAN and LAN NICs are in that subnet so which one it uses can be determined simply by which was last brought up. So having LAN connected or not connected could certainly make a difference.
But the correct way to do this is to set the LAN to a different subnet or set it to 'none' during the install because that removes any routing confusion.

TangoOversway

@stephenw10

@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

But the correct way to do this is to set the LAN to a different subnet or set it to 'none' during the install because that removes any routing confusion.

Since the user has no control of the LAN subnet at that point, that can be ruled out - unless there's a way, from the Marvell prompt, to do that. Is there?

@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

Both WAN and LAN NICs are in that subnet so which one it uses can be determined simply by which was last brought up.

At this point, is pfSense using multithreading? It's possible that the times it worked were when there was nothing on the LAN side AND the WAN side came up first. If that's the case, then having the LAN disconnected might not be the important factor. I'm thinking if the LAN comes up first, it'll take 192.168.1.1 for itself, which forces a conflict with a router doing the same. So I think it would only work if the WAN comes up first and gets an address from the DHCP before the LAN comes up and pfSense gives it an address.

If this is the case, I can think of several ways to fix it - some simpler than others. (And I do think this needs attention, since Starlink is growing and isn't just a regional ISP, it's worldwide. It's even used in Antarctica now.)

Since there is the problem with pass-through anyway, I think the docs could be modified to suggest disconnecting the LAN and WAN during setup, and there could also be a prompt for that before the Marvell prompt comes up.

I don't remember if I saw devices from Starlink before I ran usbboot or not, so I don't remember if the NICs are brought up when the Marvell prompt is active or after run usbboot. When they come up changes what would be easy to add to prevent the subnet conflict:

• Add a delay so whenever the Marvell prompt is used, the LAN interface is not brought up until after the WAN receives an IP address. This could also be done with a command at the prompt, or with an option the user responds to before the Marvell prompt. (I think that would be the simplest way to handle it.)
• Add a command at the Marvell prompt to change the subnet on the LAN (and that could include an option to change it only during setup or long term).
• During install, check the WAN interface. If it's in that subnet, then change the LAN subnet and let it revert on reboot (or change it back before rebooting).

stephenw10

The subnet conflict is only an issue once you've booted into the installer where a cut-down pfSense is running. There a conflict might prevent the installer being able to contact the servers to check the available versions and pull in the required pkgs.

At the Marvell>> prompt (uboot) the LAN and OPT ports should be disabled. Whilst uboot can try to connect out it doesn't so any conflict that existed there wouldn't matter. Even if the ports are not disabled.
One you run anything to boot from USB or eMMC pfSense loads and reconfigured the NIC.

TangoOversway

@stephenw10

@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

The subnet conflict is only an issue once you've booted into the installer where a cut-down pfSense is running. There a conflict might prevent the installer being able to contact the servers to check the available versions and pull in the required pkgs.

Am I missing something, or doesn't that still indicate the installer needs a way to resolve possible conflicting address space?

@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

One you run anything to boot from USB or eMMC pfSense loads and reconfigured the NIC.

Wouldn't that be a good point where the LAN interface is either delayed so the WAN can get its address and address space first or to allow for the user to specify a different address space?

stephenw10

You can set the LAN subnet in the installer or set it as none:
https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html#configure-lan-interface

There's no way setup the LAN from uboot. Potentially a user could enter something there and the imstaller could inherit it but the uboot CLI interface is not intended for that. And it's not necessary because you can just set it n the installer.

TangoOversway

@stephenw10

@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

There's no way setup the LAN from uboot. Potentially a user could enter something there and the imstaller could inherit it but the uboot CLI interface is not intended for that. And it's not necessary because you can just set it n the installer.

I never saw the option to configure the LAN interface and, from the text in the page above your link, I tried to see how I'd get to that point. It's from the same selection box I ran into multiple times and tried the different choices, but never had the chance to configure the LAN.

stephenw10

If you are using the 1.0-RC version of the net installer it is there. I can only think we need to improve the usability of the installer menu.

TangoOversway

@stephenw10

@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

If you are using the 1.0-RC version of the net installer it is there. I can only think we need to improve the usability of the installer menu.

My thought is that the wording (which I realize they are trying to make fit into one line) talks about configuring the interface. Since the first, and default choice, is no interface, and the other choice is the interface itself, it looks like the configuration is only, "No interface or this one." There is no mention in there that configuring the subnet. Also, when reading that, as seen on that page, just above the link you provide, you see vnet1 vnet1 <MAC address> (active). Making that line longer, so it's clear it's the current LAN interface (maybe add (current LAN interface) or something similar). As it is now, it's using terms that aren't clear to the user.

stephenw10

Yeah I could see that. Thanks for the feedback, I'll pass that up the chain.

TangoOversway

@stephenw10

@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

Yeah I could see that. Thanks for the feedback, I'll pass that up the chain.

Much appreciated!

My new 1100 came in and is hooked up - no problem with that! I still have the troublesome one here, with pf+ on the USB stick. If there's anything I've encountered that it would help if I tested it, this is a good time to do that. I don't think there was anything outstanding, just the issue of pass-through and the subnet range. All the other issues that are unresolved could be explained if the internal storage is wonky.