"Unable to check for updates" again
-
Ok. You have DNS OK? You can ping from the pfSense box?
Steve
-
Yes I am able to ping from pfsense and it appears to be resolving hosts ok.
Ping output:
PING pfsense.org (192.207.126.26): 56 data bytes
64 bytes from 192.207.126.26: icmp_seq=0 ttl=49 time=81.034 ms
64 bytes from 192.207.126.26: icmp_seq=1 ttl=49 time=81.409 ms
64 bytes from 192.207.126.26: icmp_seq=2 ttl=49 time=80.340 ms–- pfsense.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 80.340/80.928/81.409/0.443 ms -
Is this an upgrade to 2.1 or a fresh install?
If it's an upgrade then make sure you have the correct update server selected. Go to System: Firmware: Updater Settings: and select the appropriate url from the drop down.
This is particularly important if you were running 2.1 snopshots.Steve
-
It is an upgrade. I believe I am using the correct url, http://updates.pfsense.org/_updaters ,this is the same as my other box is using.
I can't view any available addon packages either. The package manager displays "Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity."Here are the services I have running:
apinger
dnsmasq
ntpd
openvpn
openvpn
racoonI am also running 2 WAN interfaces set to failover from 1 to 2.
-
Hmm, OK. We've tried the usual suspects here.
You can see this behaviour in a multiwan setup with gateway groups. The clients on LAN use the gateway group to access the internet, in your case you have a failover setup. If you have firewall rules on LAN that catch all traffic and specify the gateway group then you are never using the system routing table to select a gateway. The pfSense box itself cannot use a gateway group it always uses the system routing table. Thus if it's default gateway is set incorrectly it will not be able to access the internet.
Using the ping test in the diagnostics menu will fail to find this since you have to specify which interface you want to ping from.Go to System: Routing: Gateways: make sure the default gateway is set to something sensible, like your primary WAN connection.
Steve
-
I do have all LAN traffic going through my failover group. I checked and my default gateway is set to my WAN1 interface. I switched my default to WAN2 and still couldn't check updates, switched back to WAN1 as default, rebooted and still couldn't check updates. I've attached a few screenshots but it all looks pretty basic and appears correct.
-
Hmm, well I'm out of suggestions. :-
You could try manually downloading the package lists file and the versions file used to check for updates from the console. If you can do that then I can't see any reason why it wouldn't be working.[2.1-RELEASE][root@pfsense.localdomain]/root(1): fetch -o /dev/null http://www.pfsense.org/packages/pkg_config.8.xml /dev/null 100% of 115 kB 182 kBps [2.1-RELEASE][root@pfsense.localdomain]/root(2): fetch -o /dev/null http://updates.pfsense.org/_updaters/version version 100% of 12 B 71 kBpsSteve
-
Thanks for trying to help.
I was able to manually download those files so I'm at a complete lose. Has to be some odd issue with just the right config combination I am using on this box because this has happened before with an almost identical setup. It was only resolved because I ended up doing a fresh install do to a hardware issue. -
Hmm, well that's very odd then. I just noticed, re-reading this entire thread, that the error indicates the box is trying a proxy. Do you have an upstream proxy set? Have you ever?
Other than that I can only speculate that perhaps something odd happened during the 2.1 update. Did you have the packages installed during the update procedure? I can only suggest a fresh install. :-\Anyone else got any ideas here?
Steve
-
Has to be some odd issue with just the right config combination I am using on this box because this has happened before with an almost identical setup. It was only resolved because I ended up doing a fresh install do to a hardware issue.
I had this issue as well with 2.1. It happened to be resolving a different IP for updates.pfsense.org than my ISP's DNS was for some reason. I was able to resolve it (no pun intended) by going to System -> General Setup and checking "Do not use the DNS Forwarder as a DNS server for the firewall." This ended up with the ability to ping updates.pfsense.org from the pfsense interface and resolving to the real address of 66.111.2.169. I'd imagine its an issue with the DNS Forwarder caching something bogus.
-
That is an interesting and strange issue but I don't think it is the case here because the OP is able to fetch the versions file from updates.pfsense.org with no problem.
Steve
-
He did so from the console though, correct? Does the console skip the dns forwader even if enabled? Just a thought, I'm not very familiar with PF's internal dns routes.
-
My understanding is that the DNS handling would be the same however you make a good point. At the console you are, likely, logged in as root. The script that runs XMLRPC runs as admin, I think, hence should have similar rights etc but maybe not the same path. Hmm.
Steve
-
@JasonM.:
I had this issue as well with 2.1. It happened to be resolving a different IP for updates.pfsense.org than my ISP's DNS was for some reason. I was able to resolve it (no pun intended) by going to System -> General Setup and checking "Do not use the DNS Forwarder as a DNS server for the firewall." This ended up with the ability to ping updates.pfsense.org from the pfsense interface and resolving to the real address of 66.111.2.169. I'd imagine its an issue with the DNS Forwarder caching something bogus.
I've always been able to resolve updates.pfsense.org to 66.111.2.169
I tried checking that option to not use the DNS forwarder but it didn't make any difference. I may try temporally disabling the dns forwarder completely but I'm not sure it will change anything that checking the previous option wouldn't have done. -
My understanding is that the DNS handling would be the same however you make a good point. At the console you are, likely, logged in as root. The script that runs XMLRPC runs as admin, I think, hence should have similar rights etc but maybe not the same path. Hmm.
Steve
I was logged in as root but I just logged in as admin and was still able to download the file from updates.pfsense.com
-
Hello.
I had the same error "Unable to check for updates" and I'd like to share my case.
I figured out that for security reasons I set to bind the LAN interface only for the DNS forwarder in the "Services: DNS forwarder" section. But there is also an option "Localhost" which you can mark with "Ctrl" key pressed and the DNS forwarder begins to service pfSense's requests too, so the autoupdate feature resumes working right. -
Hello.
I had the same error "Unable to check for updates" and I'd like to share my case.
I figured out that for security reasons I set to bind the LAN interface only for the DNS forwarder in the "Services: DNS forwarder" section. But there is also an option "Localhost" which you can mark with "Ctrl" key pressed and the DNS forwarder begins to service pfSense's requests too, so the autoupdate feature resumes working right.That solved the problem I was having for 2 weeks. Thank you very much ;D
-
@JasonM.:
Has to be some odd issue with just the right config combination I am using on this box because this has happened before with an almost identical setup. It was only resolved because I ended up doing a fresh install do to a hardware issue.
I had this issue as well with 2.1. It happened to be resolving a different IP for updates.pfsense.org than my ISP's DNS was for some reason. I was able to resolve it (no pun intended) by going to System -> General Setup and checking "Do not use the DNS Forwarder as a DNS server for the firewall." This ended up with the ability to ping updates.pfsense.org from the pfsense interface and resolving to the real address of 66.111.2.169. I'd imagine its an issue with the DNS Forwarder caching something bogus.
I know this topic is old but I had the same issue as OP and this immediately fixed the issue for me. Thanks so much.
-
@JasonM.:
Has to be some odd issue with just the right config combination I am using on this box because this has happened before with an almost identical setup. It was only resolved because I ended up doing a fresh install do to a hardware issue.
I had this issue as well with 2.1. It happened to be resolving a different IP for updates.pfsense.org than my ISP's DNS was for some reason. I was able to resolve it (no pun intended) by going to System -> General Setup and checking "Do not use the DNS Forwarder as a DNS server for the firewall." This ended up with the ability to ping updates.pfsense.org from the pfsense interface and resolving to the real address of 66.111.2.169. I'd imagine its an issue with the DNS Forwarder caching something bogus.
Just would like to say that JasonM.'s post worked for me. I checked the option "Do not use the DNS Forwarder as a DNS server for the firewall" and it worked like a charm.
Under "Auto Update", I am now able to see the message:```A new version is now available
Current version: 2.1.3-RELEASE
Built On: Thu May 01 15:52:13 EDT 2014
New version: 2.1.5-RELEASEUpdate source: https://updates.pfsense.org/_updaters/amd64
Thanks once again for posting. -
Hello.
I had the same error "Unable to check for updates" and I'd like to share my case.
I figured out that for security reasons I set to bind the LAN interface only for the DNS forwarder in the "Services: DNS forwarder" section. But there is also an option "Localhost" which you can mark with "Ctrl" key pressed and the DNS forwarder begins to service pfSense's requests too, so the autoupdate feature resumes working right.Thank You so much - you helped me, to resolve this same issue on my box.
:D
