Unable to check for updates
-
@stephenw10 Yes, it was.
-
@stephenw10 Hi. How are you?
Some news?
-
-
Same behavior here.
In my case the second gateway is WAN_DHCP6.
I have to set the default gateway IPv6 to "none", to reach the update page.
Edit: Forgot to mention after update from 2.6 to 2.7! -
Does it work from the command line using either? Like:
pkg-static -d4 update
or
pkg-static -d6 update
You can set the firewall to prefer IPv4 in Sys > Adv > Networking if your system cannot use IPv6 for some reason.
Steve
-
@stephenw10
When WAN_DHCP6 is set as second default Gateway:
From Diagnostics > command prompt : pkg-static -d6 update ends in "504 Gateway Timeout"
From SSH: Same, I stopped it....[2.7.0-RELEASE][admin@pfsense.localdomain]/root: pkg-static -d6 update DBG(1)[4385]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[4385]> PkgRepo: verifying update for pfSense-core DBG(1)[4385]> PkgRepo: need forced update of pfSense-core DBG(1)[4385]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[4385]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/meta.conf DBG(1)[4385]> opening libfetch fetcher DBG(1)[4385]> Fetch > libfetch: connecting DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.conf with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.conf with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.conf with opts "i6" DBG(1)[4385]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/meta.txz DBG(1)[4385]> opening libfetch fetcher DBG(1)[4385]> Fetch > libfetch: connecting DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.txz with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.txz with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.txz with opts "i6" pkg-static: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.txz: Operation timed out repository pfSense-core has no meta file, using default settings DBG(1)[4385]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.pkg DBG(1)[4385]> opening libfetch fetcher DBG(1)[4385]> Fetch > libfetch: connecting DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.pkg with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.pkg with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.pkg with opts "i6" pkg-static: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.pkg: Operation timed out DBG(1)[4385]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.txz DBG(1)[4385]> opening libfetch fetcher DBG(1)[4385]> Fetch > libfetch: connecting DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.txz with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.txz with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.txz with opts "i6" pkg-static: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.txz: Operation timed out Unable to update repository pfSense-core Updating pfSense repository catalogue... DBG(1)[4385]> PkgRepo: verifying update for pfSense DBG(1)[4385]> PkgRepo: need forced update of pfSense DBG(1)[4385]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[4385]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf DBG(1)[4385]> opening libfetch fetcher DBG(1)[4385]> Fetch > libfetch: connecting DBG(1)[4385]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf with opts "i6" DBG(1)[4385]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.txz DBG(1)[4385]> opening libfetch fetcher DBG(1)[4385]> Fetch > libfetch: connecting DBG(1)[4385]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.txz with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.txz with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.txz with opts "i6" pkg-static: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.txz: Operation timed out repository pfSense has no meta file, using default settings DBG(1)[4385]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg DBG(1)[4385]> opening libfetch fetcher DBG(1)[4385]> Fetch > libfetch: connecting DBG(1)[4385]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg with opts "i6" DBG(1)[4385]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg with opts "i6" ^C
From Diagnostics > command prompt : pkg-static -d4 update works
From SSH:[2.7.0-RELEASE][admin@pfsense.localdomain]/root: pkg-static -d4 update DBG(1)[31958]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[31958]> PkgRepo: verifying update for pfSense-core DBG(1)[31958]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[31958]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/meta.conf DBG(1)[31958]> opening libfetch fetcher DBG(1)[31958]> Fetch > libfetch: connecting DBG(1)[31958]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.conf with opts "i4" DBG(1)[31958]> Fetch: fetcher chosen: https DBG(1)[31958]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.pkg DBG(1)[31958]> opening libfetch fetcher DBG(1)[31958]> Fetch > libfetch: connecting DBG(1)[31958]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.pkg with opts "i4" DBG(1)[31958]> Fetch: fetcher chosen: https DBG(1)[31958]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.txz DBG(1)[31958]> opening libfetch fetcher DBG(1)[31958]> Fetch > libfetch: connecting DBG(1)[31958]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.txz with opts "i4" DBG(1)[31958]> Fetch: fetcher chosen: https pfSense-core repository is up to date. Updating pfSense repository catalogue... DBG(1)[31958]> PkgRepo: verifying update for pfSense DBG(1)[31958]> PkgRepo: need forced update of pfSense DBG(1)[31958]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[31958]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf DBG(1)[31958]> opening libfetch fetcher DBG(1)[31958]> Fetch > libfetch: connecting DBG(1)[31958]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf with opts "i4" DBG(1)[31958]> Fetch: fetcher chosen: https Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 DBG(1)[31958]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg DBG(1)[31958]> opening libfetch fetcher DBG(1)[31958]> Fetch > libfetch: connecting DBG(1)[31958]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg with opts "i4" DBG(1)[31958]> Fetch: fetcher chosen: https Fetching packagesite.pkg: 100% 155 KiB 159.1kB/s 00:01 DBG(1)[31958]> PkgRepo: extracting packagesite.yaml of repo pfSense DBG(1)[46734]> PkgRepo: extracting signature of repo in a sandbox DBG(1)[31958]> Pkgrepo, reading new packagesite.yaml for '/var/db/pkg/repo-pfSense.sqlite' Processing entries: 100% pfSense repository update completed. 531 packages processed. All repositories are up to date.
If I turn off the second gateway, everything is running (except IPv6)
"You can set the firewall to prefer IPv4 in Sys > Adv > Networking if your system cannot use IPv6 for some reason." >>>> I know that, Thank you.
-
There is IPv6 connectivity to the pkg servers:
[2.7.0-RELEASE][admin@pfsense.fire.box]/root: pkg -d6 update DBG(1)[65446]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[65446]> PkgRepo: verifying update for pfSense-core DBG(1)[65446]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[65446]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/meta.conf DBG(1)[65446]> opening libfetch fetcher DBG(1)[65446]> Fetch > libfetch: connecting DBG(1)[65446]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/meta.conf with opts "i6" DBG(1)[65446]> Fetch: fetcher chosen: https DBG(1)[65446]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.pkg DBG(1)[65446]> opening libfetch fetcher DBG(1)[65446]> Fetch > libfetch: connecting DBG(1)[65446]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.pkg with opts "i6" DBG(1)[65446]> Fetch: fetcher chosen: https DBG(1)[65446]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-core/packagesite.txz DBG(1)[65446]> opening libfetch fetcher DBG(1)[65446]> Fetch > libfetch: connecting DBG(1)[65446]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_7_0_amd64-core/packagesite.txz with opts "i6" DBG(1)[65446]> Fetch: fetcher chosen: https pfSense-core repository is up to date. Updating pfSense repository catalogue... DBG(1)[65446]> PkgRepo: verifying update for pfSense DBG(1)[65446]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[65446]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf DBG(1)[65446]> opening libfetch fetcher DBG(1)[65446]> Fetch > libfetch: connecting DBG(1)[65446]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/meta.conf with opts "i6" DBG(1)[65446]> Fetch: fetcher chosen: https DBG(1)[65446]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg DBG(1)[65446]> opening libfetch fetcher DBG(1)[65446]> Fetch > libfetch: connecting DBG(1)[65446]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.pkg with opts "i6" DBG(1)[65446]> Fetch: fetcher chosen: https DBG(1)[65446]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz DBG(1)[65446]> opening libfetch fetcher DBG(1)[65446]> Fetch > libfetch: connecting DBG(1)[65446]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz with opts "i6" DBG(1)[65446]> Fetch: fetcher chosen: https pfSense repository is up to date. All repositories are up to date.
So you have some IPv6 connectivity issue at your firewall.
Steve
-
@stephenw10 But I get an IPv6 Adress and I can ping websites with IPv6.
Ping from WAN to ipv6.google.com:
PING6(56=40+8+8 bytes) 2axx:xxxx:xxxx::xxxx --> 2a00:1450:4016:80c::200e
16 bytes from 2a00:1450:4016:80c::200e, icmp_seq=0 hlim=119 time=19.106 ms
16 bytes from 2a00:1450:4016:80c::200e, icmp_seq=1 hlim=119 time=22.565 ms
16 bytes from 2a00:1450:4016:80c::200e, icmp_seq=2 hlim=119 time=20.170 ms--- ipv6.l.google.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 19.106/20.614/22.565/1.446 ms -
Can you ping the pkg servers though?:
[2.7.0-RELEASE][admin@pfsense.fire.box]/root: ping6 pkg01-atx.netgate.com PING6(56=40+8+8 bytes) 2a00:23c8:xxxx:xxxx --> 2610:160:11:18::209 16 bytes from 2610:160:11:18::209, icmp_seq=0 hlim=47 time=115.979 ms 16 bytes from 2610:160:11:18::209, icmp_seq=1 hlim=47 time=115.111 ms 16 bytes from 2610:160:11:18::209, icmp_seq=2 hlim=47 time=116.118 ms ^C --- pkg01-atx.netgate.com ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 115.111/115.736/116.118/0.446 ms
-
@stephenw10 Yes, no problem
PING6(56=40+8+8 bytes) 2axx:xxxx:xxxx::xxxx --> 2610:160:11:18::209
16 bytes from 2610:160:11:18::209, icmp_seq=0 hlim=48 time=136.690 ms
16 bytes from 2610:160:11:18::209, icmp_seq=1 hlim=48 time=137.275 ms
16 bytes from 2610:160:11:18::209, icmp_seq=2 hlim=48 time=135.759 ms--- pkg01-atx.netgate.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 135.759/136.575/137.275/0.624 ms -
Hmm, curious. You are seeing this consistently? It's not a temporary loading issue at the server end for example? Though I'd expect to see a lot more reports if that was the case.
Maybe an MTU issue in the route?
Can you fetch the file directly?:
fetch -6 https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz
-
@stephenw10
I noticed this 3 days ago. Also did a fresh installation to be sure, but nothing changed.Whats the best way to check MTU?
Fetch doesn´t work:
[2.7.0-RELEASE][admin@pfsense.localdomain]/root: fetch -6 https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz
fetch: https://pkg01-atx.netgate.com/pfSense_v2_7_0_amd64-pfSense_v2_7_0/packagesite.txz: Operation timed out -
I ran a pcap for IPv6 traffic on WAN whilst running that fetch and could see the full sized packets.
You can test using ping6 though. 1444B is the largest I can send here:
ping6 -s 1444 pkg01-atx.netgate.com
-
@stephenw10
I just realised that when I ping6 from SSH it uses a diferent IPv6 when I ping6 from GUI.The point is I always used the Ping tool from GUI, which used the WAN IP. 2a02:8070: .....
But with the option -s I have to use SSH, and there the system uses a diferent IP 2a02:3102: ....
The 2a02:3102: .... doesn´t work with Ping6.
Why?For MTU test used WAN IP and got 1452 max
-
Ok, so where is that second IP coming from? Which of those is valid?
I imagine that fetch test would also work if you specify the bind address to the other one.
-
@stephenw10
ifconfig igb0 inet6:igb0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: WAN
options=4e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
inet6 fe80::4262:xxxx:xxxx:xxxx%igb0 prefixlen 64 scopeid 0x1
inet6 2a02:3102:xxxx:xx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf
inet6 2a02:3102:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx prefixlen 64 autoconf
inet6 2a02:8070:xxxx::xxxx prefixlen 128
inet6 2a02:8070:xxxx:xx:xxxx:xxxx:xxxx:xxxx prefixlen 64
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>Found it, but I don´t know what to do
-
Those are VIPs on the WAN? How is that interface configured for IPv6?
-
-
Hmm, you have a /59 prefix delegation? That's a very unusual prefix size.
Do you see all those IPs being passed via dhcpv6? That would also be very odd.
-
@stephenw10
After some tests and research it looks like that this is possibly a misconfiguration from my ISP.
I´m obviously not the only one with the problem to have different IPs on WAN.
But thanks for the help stephen!@hugoeyng
Sorry for hijacking your thread -