"Unable to check for updates" after upgrade from from 23.05.1 to 23.09
-
Ok what is it using for DNS? Can it resolve against anything configured? Try Diag > DNS Lookup
-
OK, it looks like the update cleared the DNS Server Settings. After reentering the DNS servers IPs and host names I'm informed that "The system is on the latest version." The "Retrieving support information" gear is still spinning, I'm assuming it will eventually stop.
Thank you for your help.
-
@stephenw10 Looks like we celebrated too early. My package list is empty and the "Retrieving support information" gear is still spinning. I tried "pkg update; pkg upgrade" and got:
Updating pfSense-core repository catalogue... repository pfSense-core has no meta file, using default settings Unable to update repository pfSense-core Updating pfSense repository catalogue... repository pfSense has no meta file, using default settings Unable to update repository pfSense Error updating repositories! Updating pfSense-core repository catalogue... pkg: An error occured while fetching package pkg: An error occured while fetching package repository pfSense-core has no meta file, using default settings pkg: An error occured while fetching package pkg: An error occured while fetching package Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg: An error occured while fetching package pkg: An error occured while fetching package repository pfSense has no meta file, using default settings pkg: An error occured while fetching package pkg: An error occured while fetching package Unable to update repository pfSense Error updating repositories! -
Ok, same as before, try running
pkg-static -d updateto get full error details.Also try
pfSense-repoc. See if that throws errors. -
DBG(1)[42008]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[42008]> PkgRepo: verifying update for pfSense-core DBG(1)[42008]> PkgRepo: need forced update of pfSense-core DBG(1)[42008]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[42008]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core/meta.conf DBG(1)[42008]> curl_open DBG(1)[42008]> Fetch: fetcher used: pkg+https DBG(1)[42008]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core/meta.conf DBG(1)[42008]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Trying [2610:160:11:18::207]:443... * Immediate connect fail for 2610:160:11:18::207: No route to host * Trying 208.123.73.207:443... * Immediate connect fail for 208.123.73.207: Network is unreachable * Failed to connect to pfsense-plus-pkg00.atx.netgate.com port 443 after 4 ms: Couldn't connect to server * Closing connection DBG(1)[42008]> CURL> attempting to fetch from , left retry 2pfSense-repoc: failed to fetch the repo data failed to read the repo data.I tried DNS lookup of google.com and got: 142.251.32.78 but when I try to ping said IP address I get 100% packet loss:
PING 142.251.32.78 (142.251.32.78): 56 data bytes --- 142.251.32.78 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet lossI can ping google.com from the other non-upgraded firewall just fine:
PING google.com (172.217.13.110): 56 data bytes 64 bytes from 172.217.13.110: icmp_seq=0 ttl=117 time=3.697 ms 64 bytes from 172.217.13.110: icmp_seq=1 ttl=117 time=3.789 ms 64 bytes from 172.217.13.110: icmp_seq=2 ttl=117 time=3.737 ms --- google.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 3.697/3.741/3.789/0.038 ms -
@Kajetan321 said in "Unable to check for updates" after upgrade from from 23.05.1 to 23.09:
- Immediate connect fail for 208.123.73.207: Network is unreachable
That implies you have something blocking access to it or some bogus route added.
Can you ping the pkg server?[23.09-RELEASE][admin@2100-2.stevew.lan]/root: ping -c 3 pfsense-plus-pkg00.atx.netgate.com PING pfsense-plus-pkg00.atx.netgate.com (208.123.73.207): 56 data bytes 64 bytes from 208.123.73.207: icmp_seq=0 ttl=51 time=112.563 ms 64 bytes from 208.123.73.207: icmp_seq=1 ttl=51 time=112.511 ms 64 bytes from 208.123.73.207: icmp_seq=2 ttl=51 time=112.216 ms --- pfsense-plus-pkg00.atx.netgate.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 112.216/112.430/112.563/0.153 ms -
@stephenw10 Sure, "ping -c 3 pfsense-plus-pkg00.atx.netgate.com" returns "ping: UDP connect: No route to host"
-
Check you have a valid default IPv4 route. Look in Diag > Routes or run
netstat -rn4.If there's no default or it's somehow invalid make sure the default IPv4 gateway is set as WAN (not automatic) in System > Routing > Gateways.
-
@stephenw10 I set the gateway to be WAN (not automatic), after that I was able to ping google.ca. As well:
PING pfsense-plus-pkg00.atx.netgate.com (208.123.73.207): 56 data bytes 64 bytes from 208.123.73.207: icmp_seq=0 ttl=51 time=58.867 ms 64 bytes from 208.123.73.207: icmp_seq=1 ttl=51 time=58.679 ms 64 bytes from 208.123.73.207: icmp_seq=2 ttl=51 time=58.667 ms --- pfsense-plus-pkg00.atx.netgate.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 58.667/58.738/58.867/0.091 msHowever, SystemPackage>ManagerAvailable>Packages still shows no packages.
Thank you for your continued support.
-
OK so re-run
pkg-static -d updateandpfSense-repocand see what errors that's showing now it's able to try to connect. -
@stephenw10 OK, it looks like the packages populated over night. Hopefully this is it and everything else is working as expected, more testing to to be done. Thank you.
-
@stephenw10 So after more testing the secondary node appears to be functioning normally. I then switch CARP to maintenance mode on primary node and proceeded with the upgrade of the primary node. The upgrade seemed to have gone well, I was even informed that my system is on the latest version. Next I preceded to check available packages. Unfortunately the list was empty. Trying to execute pkg-static -d update resulted in the page not refreshing, it seemed like the command hung.
I checked that DNS was setup correctly and it is, I'm able to resolve names to IP addresses. Surprisingly, I can't ping google.ca. I checked that System > Routing > Default gateway
is set to "WAMGW" and it was. I also tried rebooting the firewall, nothing changed. -
Does it have a default route present and correct in Diag > Routing?
It's better to run
pkg-static -d updateat the actual command line if you can. That way you can see the partial output and any errors while it's running. -
The gateway IP is our ISP provided gateway. The same as on the secondary firewall.
[23.09-RELEASE][admin@pfsense1.lan.optiwave.com]/root: pkg-static -d update DBG(1)[43703]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[43703]> PkgRepo: verifying update for pfSense-core DBG(1)[43703]> PkgRepo: need forced update of pfSense-core DBG(1)[43703]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[43703]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense _plus-v23_09_amd64-core/meta.conf DBG(1)[43703]> curl_open DBG(1)[43703]> Fetch: fetcher used: pkg+https DBG(1)[43703]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus- v23_09_amd64-core/meta.conf DBG(1)[43703]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; usin g defaults * Trying 208.123.73.207:443... * Trying [2610:160:11:18::207]:443... * Immediate connect fail for 2610:160:11:18::207: No route to host * ipv4 connect timeout after 21175ms, move on! * Failed to connect to pfsense-plus-pkg00.atx.netgate.com port 443 after 30025 m s: Timeout was reached * Closing connection DBG(1)[43703]> CURL> attempting to fetch from , left retry 2 -
Can it ping
pfsense-plus-pkg00.atx.netgate.com? Or208.123.73.207? -
@stephenw10 I can not ping, both commands just hang there until ctr-c is pressed.
[23.09-RELEASE][admin@pfsense1.lan.optiwave.com]/root: ping pfsense-plus-pkg00.atx.netgate.com PING pfsense-plus-pkg00.atx.netgate.com (208.123.73.207): 56 data bytes ^C --- pfsense-plus-pkg00.atx.netgate.com ping statistics --- 52 packets transmitted, 0 packets received, 100.0% packet loss [23.09-RELEASE][admin@pfsense1.lan.optiwave.com]/root: ping 208.123.73.207 PING 208.123.73.207 (208.123.73.207): 56 data bytes ^C --- 208.123.73.207 ping statistics --- 79 packets transmitted, 0 packets received, 100.0% packet loss [23.09-RELEASE][admin@pfsense1.lan.optiwave.com]/root: -
Hmm, so is this with it still in maintenance mode? Running as backup?
Can it connect to anything? I assume it can ping internal hosts?
-
@stephenw10 Correct, it's running in maintenance m ode as backup. I can ping internal hosts but I'm unable to ping anything external.
-
Check the outbound NAT settings. Is it NATing it's own traffic to the CARP VIP? That will break WAN connectivity.
-
@stephenw10 For the CARP stuff, I followed a tutorial.
