SG-1100 Won’t Reboot on Upgrade - no internet access!
-
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Why is it trying to assign these interefaces em0 em1, they are not from a SG1100
Missed that, that would of course explain the interface reassignment.
-
General question first: Would any of these problems be solved if I installed pfSense to an external USB stick? Or reinstalled without my config and waited until I got everything working to upload my old config?
And if I install it to a USB stick, I take it there is some way to make sure when it reboots, it uses the stick instead of the internal drive?
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The 1100 uses VLANs, otherwise it is a switch:
https://docs.netgate.com/pfsense/en/latest/solutions/sg-1100/io-ports.htmlI also see this from the installer, when it asks to set up VLANS:
If VLANs will not be used, or only for optional interfaces, it is typical to say no here and use the webConfigurator to configure VLANs later, if required.So I would think I shouldn't set them up - I'm not sure, if I picked Yes, just what I'd do to set them up. (I don't use any - other than Tailscale, which is a rare usage and needed because Starlink doesn't support port forwarding.)
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The default install for an 1100 should set that up though. It's unclear why you're being prompted to assign interfaces. Presumably, a missing configuration?
Do you mean a configuration item or the whole configuration?
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The installer normally is able to use DHCP on WAN and connect out. Unclear why your experience is so much off-normal.
I wonder if it's related to the issue of not reaching the servers yesterday.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Is that a restore of a config backup?
I told it to use my old config when installing the new system and saw a reference at some points to the config being restored or loaded. I'm wondering if this could be a sign of something else - but since my firewall was working fine until I upgraded it (and is it any wonder I'm shy about doing upgrades?!?), so, other than the drive possibly wearing out, I would think everything else should be in good shape.
@patient0 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
The default config is (needs VLAN on ports of the switch):
WAN : mvneta0.4090
LAN : mvneta0.4091It didn't like that;
Enter the WAN interface name or 'a' for auto-detection (mvneta0 or a): mvneta0.4090 Invalid interface name 'mvneta0.4090' -
Oh, one other question about the current situation:
Is there any reason to believe that if the WAN had an address space in, say, the 10.0.0.xxx range, instead of the 192.168.1.xxx range, that the WAN interface might behave better?
(Sorry for so many multi-posts, but I figure it's better to add a post than to edit one someone might have just read.)
-
Since I'm seeing lights flashing on the WAN connection, but the system sees no link-up, I unplugged the CAT5 and plugged it in. I get this:
2025-02-21T09:50:00.279393+00:00 - php-fpm 565 - - /rc.linkup: Ignoring link event during boot sequence. e6000sw0port3: link state changed to UP 2025-02-21T09:50:09.472790+00:00 - php-fpm 565 - - /rc.linkup: Ignoring link event during boot sequence.This is while it's waiting for me to enter the WAN interface name or 'a', so I don't see how it's during the boot sequence.
-
@TangoOversway As noted you seem to have restored a config file that isn't from an 1100?
At a high level, you will need to create the VLANs because they don't exist in a default non-1100 install.
Or just reinstall, but...yeah.
I would not expect the WAN subnet to have any impact until you define LAN to conflict with it. If unconfigured then LAN is irrelevant.
It's hard to follow/help because none of this seems normal.
I would think if you can get far enough to use the pfSense menu to reset to default settings then you'll have VLANs. Then you can change the LAN subnet. Then should be functional and can restore from the web GUI? Just...don't restore a non-1100 config file.
-
So maybe a fresh install without using my config.
I would agree. There is no way this is normal and the flakiness of things like the serial connection, that it boots sometimes and not others - all this is confusing.
When you talk about the pfSense menu, you mean the web menu, right?
The only config file I'm using is the backup I made just before I upgraded.
Is installing to the USB stick an option in the normal install process? (I'm about to look that up. I know USB drives are slower than internal, but a failing internal drive seems to be a real possibility.)
-
@TangoOversway said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
When you talk about the pfSense menu, you mean the web menu, right?
no the console menu, option 4:
https://docs.netgate.com/pfsense/en/latest/config/console-menu.htmlDouble check your USB stick for other config.xml files? em0/em1 should not be interfaces in an 1100 config file. It should use mvneta0.4090 etc.
Yes it's possible to install to a USB stick as @stephenw10 said. There are a few threads like
https://forum.netgate.com/topic/196372/migrating-netgate-1100-from-emmc-to-usb-flash-storage-to-keep-it-fit -
@TangoOversway Try assigning just WAN to mvneta0 and see if it lets you not assign LAN at all, at least to get to the menu.
-
Akismet is flagging this as spam. Bet it's due to the XML data.
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
Double check your USB stick for other config.xml files? em0/em1 should not be interfaces in an 1100 config file. It should use mvneta0.4090 etc.
From my config (only one on the USB stick):
<interfaces> <wan> <enable></enable> <if>mvneta0.4090</if> <switchif>switch0.port3</switchif> <descr><![CDATA[WAN]]></descr> <alias-address></alias-address> <alias-subnet>32</alias-subnet> <spoofmac></spoofmac> <ipaddr>dhcp</ipaddr> <dhcphostname></dhcphostname> <dhcprejectfrom></dhcprejectfrom> <adv_dhcp_pt_timeout></adv_dhcp_pt_timeout> <adv_dhcp_pt_retry></adv_dhcp_pt_retry> <adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout> <adv_dhcp_pt_reboot></adv_dhcp_pt_reboot> <adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff> <adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval> <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options></adv_dhcp_send_options> <adv_dhcp_request_options></adv_dhcp_request_options> <adv_dhcp_required_options></adv_dhcp_required_options> <adv_dhcp_option_modifiers></adv_dhcp_option_modifiers> <adv_dhcp_config_advanced></adv_dhcp_config_advanced> <adv_dhcp_config_file_override></adv_dhcp_config_file_override> <adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path> <dhcpcvpt>bk</dhcpcvpt> <ipaddrv6>dhcp6</ipaddrv6> <dhcp6-duid></dhcp6-duid> <dhcp6-ia-pd-len>0</dhcp6-ia-pd-len> <dhcp6cvpt>bk</dhcp6cvpt> <adv_dhcp6_prefix_selected_interface>wan</adv_dhcp6_prefix_selected_interface> </wan> <lan> <enable></enable> <if>mvneta0.4091</if> <switchif>switch0.port2</switchif> <descr><![CDATA[LAN]]></descr> <spoofmac></spoofmac> <ipaddr>172.16.7.1</ipaddr> <subnet>22</subnet> <ipaddrv6>track6</ipaddrv6> <track6-interface>wan</track6-interface> <track6-prefix-id>0</track6-prefix-id> </lan> <opt1> <if>mvneta0.4092</if> <descr><![CDATA[OPT]]></descr> <enable></enable> <spoofmac></spoofmac> </opt1> </interfaces>Can't find EM0 or EM1 in there at all (other than in a string that looks like a crypto key or something like that - so it's part of a long string of random numbers and letters.)
@SteveITS said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
ry assigning just WAN to mvneta0 and see if it lets you not assign LAN at all, at least to get to the menu.
If you mean do that now, after boot (post install), I've tried that and it didn't accept it.
I'll try a new install and disable the LAN when I do it. I'm reading up on installing it to a USB stick first.
-
Is the net installer the one I downloaded and have been using? I tried searching for "pfsense net installer" and didn't get anything useful.
-
Yes, the Net Installer is what you downloaded from the store.
I assume the config you are restoring was from the 1100?
The em NICs it's complaining about there are probably from the default config. pfSense builds a config based on a default file with additions for specific hardware. So for an 1100 it should see that and add the default VLANs and switch config. You should not see em0,em1.
So somehow it's losing the config that would have been generated at install.
I suggest installing clean and keeping the default config until you're able to access the webgui. Then restore your config there.
-
Re-installing. Got to this screen:
I notice both are
mvneta0. Later when I have to name the interface (in the post install part where I was caught in a loop), I'm wondering if I should have connected to the LAN. There was no name other than mvneta0 as an option. (I tried mvneta0.4090, as suggested, and got an error.) -
Yes, those are the correct default interfaces for the 1100. It only has one NI (mvneta0) so the interfaces are VLANs on that NIC.
After install it should boot completely without asking you reassign the NICs. It's unclear why it somehow pulled in the pfSense default config with em0 and em1 whoch don't exist in the 1100.
-
To re-assign WAN as that after install you have to answer Yes when it asks if you want to create VLANs Then create 4090 and 4091 on mvneta0. Then it will allow you set mvneta0.4090 as WAN
-
Do you have the TAC ticket ID you opened? They usually respond to those in minutes.
-
I thought I opened a TAC ticket late last night, but had left the form up so I could get the SN and other info from my box. So I filled that in and sent it in today - maybe an hour ago, maybe longer.
I'm back to trying to reach the servers. I've deactivated the LAN and trying it over and over.
I'm wondering if there might be a reason why it only took a few retries in the early morning (US Eastern time) and during the day it's just not connecting.
Again, I see the LEDs flashing on the RJ45 and it doesn't complain about the NIC being inactive or anything.
This is the part where I wonder if a different IP address would help.
-
I had disabled the LAN and it couldn't reach the servers. Enabled it and it did, first try. Then I realized I forgot to put in the blank USB stick in the USB3.0 socket, so I had to go back and restart. Again left the LAN on and it went through first time. So it's formatting and preparing to install to the USB stick.
A thought on that: While I have a new SG1100 coming in next week, I'm wondering if, once I get it working on the USB stick, it would be easy to copy or clone that system to the main drive and see if it works on there.
Ah - it's fetching and stuff now. So I guess I can take a break and get one or two things done while it spends time doing that.
-
You had to assign it? Or it detected it?
You will have to set LAN as none or chnage it's subnet in the installer to avoid a conflict there.
-
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
You had to assign it? Or it detected it?
First I went through and specifically picked "None" or whatever the option was to not detect or use it. And it wouldn't connect to the servers.
Then I canceled and let the install restart. When it got there, I just hit <return> and let it keep the values. Then it connected to the server without a problem - two times. (I had to do it a 2nd time so I could plug in the USB stick I wanted to install it on.)
@stephenw10 said in SG-1100 Won’t Reboot on Upgrade - no internet access!:
You will have to set LAN as none or chnage it's subnet in the installer to avoid a conflict there.
It seems to be working without that. It's got the LAN set up (as I said, I just hit <return>). But this is with the initial install at this point, where I can't touch the subnets.
Is this something Netgate should look into, since at least one ISP now is forcing a 192.168.1.xxx address space? Starlink is often a "last choice" when it's the only choice and they're all over the US and Canada now and I think in many other countries worldwide, so I would think this could become an issue.
-
Yes in retrospect pfSense should probably have used a different default subnet. The problem now is that it's been that for so long changing it would cause confusion at best.
But we are aware of the issue and you should be able to set it in any install situation you find.
