Upgrade pfsense through a proxy server

cheesi

Hello Community,

im strugling with the update of t he pfsense through am proxy Server. My pfsense is located in a DMZ and has no direct connection to the internet so the direct update way wont work. So i tried the pfsense proxy support but without any sucsess.

I tried curl --proxy "http://172.21.100.8:3128" "https://www.google.com" and i got the page back.
So from my point of view the proxy works fine.

[2.5.2-RELEASE][admin@cpststzgw01.cpstst.jc.local]/usr/local/etc: curl --proxy "http://172.21.100.8:3128" "https://www.google.at"
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="de-AT"><head><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="Uzmp4FK2k545N6Id6aVhjw==">(function(){window.google={kEI:'w3sgYrWzEPG78gLnjL_IDQ',kEXPI:'0,1302536,56873,6058,207,4804,2316,383,246,5,1354,4013,1238,1122515,1197725,676,22,380067,16109,17450,11240,17572,4858,1362,9290,3024,17585,4020,978,13228,3847,4192,6430,7432,15309,6674,1279,2742,149,1103,840,1983,4314,108,3406,606,2023,1777,520,14670,3227,2845,7,4808,1,12641,16320,4465,13142

[2.5.2-RELEASE][admin@cpststzgw01.cpstst.jc.local]/root: curl --proxy "https://172.21.100.8:3128" "https://packages.netgate.com/pfSense_v2_4_5_amd64-core/packagesite.txz"
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

but when i hit the upgrade button i get this messages

[2.5.2-RELEASE][admin@cpststzgw01.cpstst.jc.local]/usr/local/etc: pfSense-upgrade
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pkg-static: https://pkg.pfsense.org/pfSense_v2_5_1_amd64-core/meta.txz: Service Unavailable
repository pfSense-core has no meta file, using default settings
pkg-static: https://pkg.pfsense.org/pfSense_v2_5_1_amd64-core/packagesite.txz: Service Unavailable
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg-static: https://pkg.pfsense.org/pfSense_v2_5_1_amd64-pfSense_v2_5_1/meta.txz: Service Unavailable
repository pfSense has no meta file, using default settings
pkg-static: https://pkg.pfsense.org/pfSense_v2_5_1_amd64-pfSense_v2_5_1/packagesite.txz: Service Unavailable
Unable to update repository pfSense
Error updating repositories!
ERROR: Unable to compare version of pfSense-repo

for me it looks like that the upgrade process isnt using the proxy configurations
Maybe here as the same expiricne or has a hint for me

Thank you very much

jimp

If you define the proxy settings in the GUI (System > Advanced, Misc tab) it should work, though if you are testing from the CLI you need to log out and back into the console or SSH shell after changing the settings in the GUI.

Updates use pkg which uses libfetch which relies on the proxy being set in environment variables, not like cURL. The variables are set dynamically by the scripts which get run when a shell is started, they don't update after that.

The update check in the GUI should work so long as the proxy is properly defined in the settings as well.

mariamroko

This post is deleted!