2.3 Killed my SG-2440



  • My SG-2440 has not recoverred from the update from 2.2.6 to 2.3.

    I have no internet access and the web gui cannot be accessed after about 20 minutes of the unit being online.  It can be restarted by SSH-ing in and restarting the webconfigurator.

    According to the gui, the WAN interface has "N/A" for an IP address…

    I did a factory reset using the button and the same problems occurred, no internet access and the gui quits after 20 minutes.

    Any suggestions would be much appreciated.



  • I'm guessing the GUI's probably getting hung up because it's trying to check for updates and can't. Option 16 at the console via SSH will get that back for some period of time. I need to look into that further, seems to be an issue there with no Internet.

    What type of WAN? Static/DHCP/PPPoE/?



  • DHCP

    Any help would be much appreciated.

    I found a usb mini cable so I should be able to console in as well



  • I'm getting this same issue after my upgrade as well. Can't connect to the web gui after a few minutes. Restarting php-fpm through ssh fixes this but same thing will happen again a few minutes later.

    I've found that if I navigate to a different page than the home page (firewall rules for example) it doesn't drop off at all. I've also found if I go to System -> Update, it will immediately time out on me.

    Should note this is on a custom box I've built up, not a SG-2440.



  • I decided to do a fresh install
    I downloaded the full image and it seems to hang during the loading of the drive.
    Once it powers on it shows the 6 options and then does its the little line dance (- \ | / -) and says "booting…" and it just hangs.

    I'm fairly confident the drive is formatted properly using the following method:
    diskutil unmountDisk /dev/diskN
    sudo dd if=/path/to/downloaded.img of=/dev/diskN bs=4m
    diskutil eject /dev/diskN

    this took forever to write.

    I also tried win32 disk imager from a windows machine and it hung as well



  • Perhaps the disk is bad or faulty?



  • So it looks like I downloaded the wrong image, so that was why the firewall wouldn't properly boot.

    I got the firewall to install 2.3 fresh, there was an error "factory-logger.pfmechanics.com 80>/tmp/postresult"
    I skipped the error and it booted and connected to the WAN!!!!

    I got another device online and decided I was ready to restore to my previous backup…
    This was the wrong decision.  I had the same problem of getting N/A on my connected WAN.  I started seeing errors in the top corner from some lines in my pfBlockerNG config; I block the top 100,000 ads.  I believe my pfblockerNG config is what is destroying the WAN connection.

    I also think that pfsense needs to disable the searching for newer versions of the OS by default.  I think that was causing some problems.

    I am now online with my whole house again, but having I am not happy about reconfiguring my vpn and all my packages.
    I have 1 or 2 other saved configs, but I'm fairly certain they have pfblockerNG on them as well.

    I have not tried to open up the xml file to see what is inside, does anyone know if I can remove all the data associated with one package so that I can keep all the stuff associated with my other packages, most notably my vpn?


  • Moderator

    See this post:
    https://forum.pfsense.org/index.php?topic=86212.msg611930#msg611930

    You can edit your config.xml backup file and remove the "Server:Include: … " line... Its in a base64 encoded string... Find and delete the Custom_options line before restoring your config.

    
     <unbound><custom_options>c2VydmVyOmluY2x1ZGU6IC92YXIvdW5ib3VuZC9wZmJfZG5zYmwuY29uZg==</custom_options></unbound> 
    

    EDIT:

    I should note that if you have other Unbound: Advanced Options, deleting that line, will remove all of the advanced unbound options… If the base64 encoded string matches the one that I posted above, then the only line in the Adv. options is for DNSBL...

    To convert that base64 line into human-readable format, you can goto pfSense Diagnostics / Command Prompt and execute the following command (Using your base_64_encoded string):

    print_r(base64_decode("c2VydmVyOmluY2x1ZGU6IC92YXIvdW5ib3VuZC9wZmJfZG5zYmwuY29uZg=="));
    

    which outputs to:

    server:include: /var/unbound/pfb_dnsbl.conf
    


  • so I removed that line and it did not fix anything…

    I ended up going through xml file deleting TONS of lines and there seems to be a different way that they new OS keeps the config for the WAN interface.  I tried copying the code from an old one with the new one and it didn't work, but it led me to an epiphany.

    After I restore the config I entered into the setup wizard which gathers big picture settings about the interfaces.  If I simply click through that it will reconfigure the WAN interface and it worked!!!!!

    I was so afraid that I lost my months of configuration, but I am back up and running!!!!!

    Thank you everyone



  • @cmb:

    I'm guessing the GUI's probably getting hung up because it's trying to check for updates and can't. Option 16 at the console via SSH will get that back for some period of time. I need to look into that further, seems to be an issue there with no Internet.

    What type of WAN? Static/DHCP/PPPoE/?

    @cmb - agreed.  The GUI can get hung when WAN is not connected.  I'm posting here only because I saw your train of thought.

    Steps to reproduce:

    • VMware
    • Create a new VM with the same setup (NICs, RAM etc) as a production system
    • Attach all NICs to a test vSwitch with no outside access
    • Install a blank 2.3 - All OK, web GUI OK
    • Restore a config with packages in it
      => Boots OK but endless loop wrt trying to download the package list.  No web GUI becomes available, ssh is OK

    Change: Remove packages from the config before restore
    => Boots OK, web GUI works OK

    The above has only been demonstrated once by me but seems appropriate to describe here.

    Cheers
    Jon



  • have a look at my thread I had a similar issue and I fixed it on my box

    https://forum.pfsense.org/index.php?topic=110033.0