SG-1100 Won’t Reboot on Upgrade - no internet access!

SteveITS

@TangoOversway You could try opening a TAC ticket. They may be able to help under the free "zero to ping" support since this is a reinstall.

At a high level, the install on ARM devices erases the storage and copies in the new image.

patient0

@TangoOversway the 1100 doesn't see the USB stick, I guess you tried the first USB port too with the 3rd USB stick?

TangoOversway

I don't know how much this will help, since what I'm seeing could be part of a problem with the file or installer on the USB stick.

Just for reference, I have sticks A, B, and C. Tried etching to A and when it wouldn't boot or do the recovery thing, I tried B, which is a better quality stick. Did most of this with B. Then thought to try C, which is a cheaper USB stick. I tried C in the "Normal" USB connection, on the left of the panel. Got the error message about a bad device, so I stuck it in the other one and I could run usbboot from it, but got the menu again. (And I may have run recovery and had another bad device error.)

So I'm back to B, the good USB stick in terms of quality. Again, used Balena Etcher on all 3 and they verified. So I tried B in the 2nd port (on the right, with the SS on the USB symbol). Bad device, so I tried it back in the left side slot. It did the blocking thing, then started doing more - but things scrolled by so quickly I couldn't see them or see any error messages. (Also, at one point, it cleared the screen.) And, again, I get the main boot menu.

Okay, so I have bad media or something. What to do? Keep etching on other USB sticks and retrying?

Is there any way to verify what's on the stick on a Mac? It comes up as DTBAT0 as a volume. When I list it (with ll -la to get hidden files too), I get:

total 163
drwx------@ 1 hal   staff      0 Feb 20 13:47 ./
drwxr-xr-x  8 root  wheel    256 Feb 20 14:37 ../
drwx------  1 hal   staff    512 Feb 20 14:37 .fseventsd/
-rwx------  1 hal   staff  17302 Sep 19 16:49 armada-3720-gti-doorkeeper.dtb*
-rwx------  1 hal   staff  18022 Sep 19 16:49 armada-3720-netgate-1100.dtb*
-rwx------  1 hal   staff  13733 Sep 19 16:49 armada-3720-netgate-2100.dtb*
-rwx------  1 hal   staff  18022 Sep 19 16:49 armada-3720-sg1100.dtb*
-rwx------  1 hal   staff  13733 Sep 19 16:49 armada-3720-sg2100.dtb*

/Volumes/DTBFAT0/.fseventsd:
total 4
drwx------  1 hal  staff  512 Feb 20 14:37 ./
drwx------@ 1 hal  staff    0 Feb 20 13:47 ../
-rwx------  1 hal  staff   36 Feb 20 14:37 fseventsd-uuid*```

TangoOversway

@patient0 Yes. Tried B & C in both ports. Now trying A in the 2nd port.

TangoOversway

Got the license screen this time!

Tried usbrecovery, got the main boot menu, but was filling out the form for TAC support and couldn't stop it. So I decided to wait and watch.

Got the license screen. Just wish I knew what kind of magic juju I did to get it!

TangoOversway

And lost it....

I must have specified the wrong kind of terminal. I could not respond to accept the license agreement.

So I reboot and get the Marvell prompt and run usbrecovery. It apparently wipes the drive and then I get:

TangoOversway

I'm at a sticking point now.

It's complaining that it can't reach the Netgate servers. I have it hooked up, via USB, to my workstation. The connection to my ISP is downstairs from there, so is there some way to get it up and running to the point where I can reach it via wifi before it needs the servers?

patient0

@TangoOversway unfortunately you gotta have some way to connect to the internet. I don't see how connected by USB to your workstation helps for that.

https://docs.netgate.com/pfsense/en/latest/install/install-pfsense.html

"This installer is an online installer and requires Internet connectivity to download installation data from Netgate servers. Currently the installer supports DHCP, static IP address, and PPPoE configurations. Connect the WAN port of the device into a live network connection supporting one of those connectivity types."

That is the new installer, maybe TAC can send you an (older) offline installer (not sure that still exists).

TangoOversway

@patient0 I need the USB connection so I can run the installer on the serial connection. I have the installer coming up, but it wants to talk to the internet. So I found a USB-B cable long enough for me to use with a server near where my SG1100 needs to go to connect to the WAN and hooked it up.

At this point it gets confusing, since the installer asks me about my LAN connection and I just hit <return> and accept it. It's connected to my LAN through the normal LAN interface and to my ISP through the WAN connector - just like normal. So I let it go on, but it can't connect to the internet. It provides the option to reconfigure my connections, but from what's given on the text menu from the installer, I don't know which device is LAN or WAN and I don't want to mix them up.

patient0

@TangoOversway https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/switch-overview.html

should be according to the docs:
WAN : mvneta0.4090
LAN :mvneta0.4091

Do you know how you get onto the internet with your ISP? Did you get an modem from you ISP? And/or PPPoE?

TangoOversway

@patient0 I use Starlink. It uses its own router which uses the 192.168.1.xxx address space and has DHCP, so when I plug the WAN connector in to it, it gives it an IP address and specifies its DNS server (which I ignore and use Google's), and it works without issue. So even though I normally specify my own preferred DNS server, for setup purposes, it shouldn't have a problem with the one it gets from the Starlink DHCP server.

The Starlink router is in a safe weather controlled box, with about 1,000 feet of fiber optic cable between the SG1100 and it (but it's transparent to the network - looks like it's just an ethernet connection). So I may have to put on a jacket and sludge out to the field to get a wifi connection with the Starlink router to verify it sees the SG1100. (I can connect to the Starlink router remotely, but I don't get all the info I need from it.)

patient0

@TangoOversway if you get 192.168.1.x on WAN it will clash with the default LAN the pfSense will setup. You will have to give your LAN a different IP range.

On pfSense Configuration page further down is the interesting part for you:

"If the default LAN subnet conflicts with the WAN subnet, the LAN subnet must be changed before connecting it to the rest of the network. Attempting to access the GUI in this situation is unpredictable and unlikely to work until the conflict is resolved."

"The LAN IP address may be changed and DHCP may be disabled using the console:

• Open the console (VGA, serial, or using SSH from another interface)
• Choose option 2 from the console menu
• Enter the new LAN IP address, subnet mask, and specify whether or not to enable DHCP.
• Enter the starting and ending address of the DHCP pool if DHCP is enabled. This can be any range inside the given subnet."

TangoOversway

@patient0 I'm not even getting to the point where I can enter any configuration info at all.

I was hoping I could load my configuration file and have it just set up the new replacement system using those settings. One of the docs pages indicates one option is to load a config for that, but I don't see that option.

I'm wondering if I should try connecting the LAN interface to the internet and see if I get a connection that way.

At this point, there is no wifi access at all. I've got a brick with a serial connection and no option to edit ANY settings.

SteveITS

@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

load my configuration file

https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html#configuration-restore

Try putting it on a different/second USB stick if it doesn't find it on the one with the installer...?

patient0

@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

I was hoping I could load my configuration file and have it just set up the new replacement system using those settings. One of the docs pages indicates one option is to load a config for that, but I don't see that option.

But you are now seeing a menu like in picture 2 of the two I posted before?

I'm wondering if I should try connecting the LAN interface to the internet and see if I get a connection that way.

That won't work, no need to try.

At this point, there is no wifi access at all. I've got a brick with a serial connection and no option to edit ANY settings.

Restore: what SteveITS wrote.

How is Wifi playing into it? The 1100 doesn't have Wifi, no?

TangoOversway

Current situation:

I am using my tablet as a hotspot so my workstation has internet access. Slow and a pain, but it works.

I've found a way to get the installer up every time. My SG1100 has CAT5 going from the WAN interface to the WAN connection (to the Starlink router) and CAT5 going from the LAN interface to a switch on my LAN. I have a USB-B cable connected to a Linux server and I'm using the GNU screen command to communicate with the SG1100 via serial. I've found out how to get to the installer every time now.

I plug in the power to the SG1100, wait for the first prompt to disable autoboot and hit a key. Get the Marvell prompt and type run usbboot and wait. The "normal" boot menu comes up (the one in the 1st picture from @patient0). Let it autoboot. Then I get a long wait while it runs commands and generates keys (new keys each time, I presume). Then I get the license screen and know I'm in the installer. Get past the license screen to this:

If I pick Advanced Options, I get this:

Note there are NO options to load any configuration. I did put the config on one of my USB sticks and put that in the other USB jack. No change.

Then I have to confirm my network connections:

I did try, due to the info about the address space conflict, to disable the LAN. No change. Next is to get to that point and sludge out to my "Outpost" (on the far end of 1,000 feet of fiber optic cable and 1/0 power cable that I buried in 2' (or deeper) trench and connect to the Starlink wifi to verify it "sees" the SG100. There shouldn't be an issue. In the past I always just connect the SG1100 to the ethernet cable that goes to the fiber optic converters (those are invisible to the network, so just drop that as an issue right now!) and it gets an IP address from Starlink's DHCP and it connects without anything else for me to do.

So now I'm stuck with the SG1100 not being able to connect to Netgate servers.

I've also copied my config xml file to the USB stick I've been booting the SG1100 off of and I'm going to see if the installer sees that config and offers to load it.

BE CLEAR: I am nowhere near any point on the install where I can configure anything. I can't specify a LAN address space or anything like that. I'm not anywhere near being able to do that.

Relevant info, but not as critical as above:
My ISP is, last I checked, online. (With snow, it could have changed, but Starlink is good about that.) The issue is I don't trust the Starlink router to act as firewall and it uses one address space and I use a different address space. I don't want to plug the CAT5 from Starlink into my switch for several reasons. (Oh - but that gives me an idea!)

I had to scrounge around for a USB-B cable long enough to go from a Linux based media server in my tech closet to the SG1100 when it's connected to the LAN switch and to the WAN connection. Found it and I'm using the Linux system to work with the SG1100 over the serial connection. That's a solid connection. It's also on the first floor, so every time I need to do any research or check for posts here, I have to come upstairs to my workstation. It's a thrill a minute, I'm telling you! :(

patient0

@TangoOversway

... disable the LAN ...
You need LAN, you can't disable it

I've also copied my config xml file to the USB stick I've been booting the SG1100 off of and I'm going to see if the installer sees that config and offers to load it.

If you copied it as in the doc the installer should see it (https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-configuration-from-media-during-install)

"The pfSense software memstick installation image contains a FAT partition which the installer can use for this purpose. If the partition is not visible on the workstation which wrote the memstick image, remove and reinsert the USB drive.

This feature works with any FAT or FAT32 partition the installer can mount during the install process. This can be a USB thumb drive/memory stick or an optical disk/virtual drive."

I can't specify a LAN address space or anything like that. I'm not anywhere near being able to do that.

The config of the LAN comes later, after the screenshots you made: https://docs.netgate.com/pfsense/en/latest/install/install-walkthrough.html#select-lan-interface

TangoOversway

Update:
I was able to connect to my Starlink router remotely, so while pfSense was trying to connect to the servers, I checked and Starlink had it listed and gave it an IP address. It listed the MAC address, but, as of now, I know of no way to verify it's the correct MAC address for the SG1100. It did list the device as "pfSense-Install", so I think it's safe to assume it saw that device. Still, no connection to the servers.

I can think of 2 solutions, both involve frustration:

1. Take the SG1100 out to the "Outpost" (it's a post out in the field for the Starlink dish - so it's an outpost out there) and connect the WAN directly to the Starlink dish. It might work. The dish counts on POE to move and keep warm, but it shouldn't have to move for the time it takes to setup pfSense. (But I don't know if the dish will move to a storage position if it loses power.) If I do this, it won't have the LAN connection while doing the setup. But does it need that until it gets to the point where I would use the web interface?

2. Setup a Raspberry Pi to act as a wireless AP. I've done this before. Have it connect to the hotspot on my tablet and have the CAT5 coming out of it connect to the WAN on the SG1100. I know it's possible because when I got my Starlink dish, I had to wait for an adaptor for it and had to use the Pi as a bridge between my LAN and the Starlink router's wifi. (I just don't think I still have the notes on it, so I'd have to find them.)

Otherwise, since I know the SG1100 is connecting to the Starlink router and getting an IP address from it, it should connect to the servers. My only guess, at this point, is that it may have an issue with the WAN connection being in a known LAN address space.

@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

If you copied it as in the doc the installer should see it (https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-configuration-from-media-during-install)

Oops. I saw that and mentally filled in a wildcard thinking, "Okay, so it takes config files," and figured it'd read one that was produced by the Backup function. Nope. Specifically config.xml. So I changed the name of the file on the USB stick. It read that and let me load it.

@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

You need LAN, you can't disable it

It offers the choice to disable the LAN. Since there could be an address space conflict (Starlink uses the 192.168.1.xxx space and pfSense defaults to using that for the LAN), I figured it was worth a try.

@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:

The config of the LAN comes later, after the screenshots you made

Exactly! So when you were quoting about disabling or changing the LAN address space, I was pointing out that I'm nowhere near being able to do anything like that.

TangoOversway

Been dealing with this for about 12 hours now - haven't had time for anything else because we need the internet to work for remote work.

I am having a miserable time trying to set up a Pi to act as a bridge. The instructions I've found are outdated. So I have questions:

1. Does the SG1100 act as a "pass through" while it's on, but not actively being set up? I am pretty sure it does, because I can check my status with the Starlink router remotely and when I have the install app working, but not trying to connect to the servers, Starlink shows a lot of the systems on my LAN as connected to the Starlink router. (Which is odd, since it sees them, and sees the SG1100, but the SG1100 seems incapable of using it to reach the servers.)

2. How likely is the address space, as mentioned earlier, an issue? The Starlink router gives the SG1100 an address in the 192.168.1.xxx address space. (And it cannot be changed - Starlink routers use ONLY that address space!) Could the install program have an issue because the default LAN address space and its WAN address are in the same space?

3. Any ideas or suggestions on this? Right now I'm trying to use a Raspberry Pi as a bridge. The Pi connects to my phone hotspot by wifi, and connects to the SG1100 WAN connector by cable. That way I can put the WAN in the 10.0.0.xxx address space, so it doesn't conflict with the 192.168.1.xxx space - but it's still a reserved space, so would that be a problem? (I don't think so. I set up my SG1100 under a cellular internet connection, so it was on the LAN side of the cellular modem and in a private address space range. But I'm the ignorant guy in this situation!)

I have thought about taking the SG1100 out, as I mentioned, and connecting it to the Starlink dish directly, but there are multiple problems with that: I don't know if the dish will be oriented properly when I disconnect it from its own router. If that works, I still need to connect with the SG1100 by USB for serial communications and I don't have a decent laptop. (Plus it's about 20°F outside now and I really don't want to have to work out in a snowy field in the cold!)

SteveITS

@TangoOversway unconfigured, the 1100 is a 3 port switch.

I’d think you could disconnect the LAN port during the install and just use WAN, and the console, at least to get going. You can change the LAN subnet at the console. Or have it use your config file.

As alluded to above, you could try asking Netgate for the traditional/old image because you’re having trouble.