No packages available on multiple CE 2.6 devices
-
Hello,
I did notice that the package manager does not return available packages at the moment. I did notice this behaviour on 3 devices.
I was able to install ACME with some trouble some hours ago but it looks like the catalogue isn't being updated.
I did also see some error message about not being able to verify a netgate certificate?
[2.6.0-RELEASE][admin@fw-nws1.xyz.inet]/var/log: pkg update Updating pfSense-core repository catalogue... Certificate verification failed for /CN=*.netgate.com 34375880704:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=*.netgate.com 34375880704:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916: Certificate verification failed for /CN=*.netgate.com 34375880704:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-img-build/BUILD_NODE/amd64-ce/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/sources/FreeBSD-src-RELENG_2_6_0/crypto/openssl/ssl/statem/statem_clnt.c:1916:
-
Came here with the same issue. No available packages showing. Will check back later/tomorrow.
-
@java007md same problem here. I never had this problem before.
-
-
-
-
@steveits it is fixed. Packages are now available for installation.
-
@SteveITS The problem still seems to persist. At least when pfSense tries to connect the update / package server via IPv6. The connection dies because there's no answer to the TCP-SYN.
-
@cs1 ipv4 is working
-
@patrick0525 It's working but VERY slow to update repository or install packages. Thought something was wrong with my internet for a second there ;)
Was installing pfBlockerNG; updating repository took over 2 minutes, and each package took upwards of 2-3 minutes. Once downloaded, packages installed quickly.
My internet was unaffected during this time.
-
@axsdenied said in No packages available on multiple CE 2.6 devices:
@patrick0525 It's working but VERY slow to update repository or install packages. Thought something was wrong with my internet for a second there ;)
Was installing pfBlockerNG; updating repository took over 2 minutes, and each package took upwards of 2-3 minutes. Once downloaded, packages installed quickly.
My internet was unaffected during this time.
Yes. It's slow
-
@bouke If you think it's just IPv6 you can go to System/Advanced/Networking and check "Prefer IPv4 over IPv6." That setting is just for the router (https://docs.netgate.com/pfsense/en/latest/config/advanced-networking.html#prefer-ipv4-over-ipv6). I want to say slow updates over IPv6 came up earlier this year...
I know from speed tests our HE IPv6 connection can be significantly slower than the wire speed. I don't know if they throttle it or what...it's hard to complain as it's free so I haven't looked into it much.
-
@steveits said in No packages available on multiple CE 2.6 devices:
@bouke If you think it's just IPv6 you can go to System/Advanced/Networking and check "Prefer IPv4 over IPv6." That setting is just for the router (https://docs.netgate.com/pfsense/en/latest/config/advanced-networking.html#prefer-ipv4-over-ipv6). I want to say slow updates over IPv6 came up earlier this year...
I know from speed tests our HE IPv6 connection can be significantly slower than the wire speed. I don't know if they throttle it or what...it's hard to complain as it's free so I haven't looked into it much.
The internet connection on WAN is IPv4 and IPv6. I did disable the gateway WAN_DHCP6. Only WAN_DHCP is the default (for IPv4). There's "None" specified at "Default gateway IPv6".
The option "Prefer to use IPv4 even if IPv6 is availabe" did the trick for me. It's odd as I did disable the IPv6 gateway. Installing packages is going well now. Thanks.
I did also untick the checkbox "All IPv6 traffic will be blocked by the firewall unless this box is checked" after testing - and did a new test. Packages are being found and installed well.
Thanks.
-
@bouke Somewhere/sometime I think I saw Stephen W post that if IPv6 is enabled but has a problem that can cause issues with updates. I have not played around with that to know if disabling the gateway or whatnot caused a problem. It might be that removing IPv6 completely would be better for you. Or that "prefer" checkbox. :)
-
-
Instead of manipulating IPv6 settings and impacting all local networks, what about informing the 'package update' scripts from pfSense to prefer IPv4 ?
Have a look at /usr/local/libexec/pfSense-upgrade - line 24
That's just what we need.To implement :
Goto line 1415 and changeunset force_ipv4
to
force_ipv4=1
So, instead of "let the system decide if IPv4 or IPv6 is used" the calls to the pkg commands are now instructed to use IPv4.
Later on, undo the change or just forget about it as an update will take care of undoing it anyway.
Btw : I had a console open, implement the change and used option 13 : Update from console.
It took seconds to sync up and finish.