Unable to retrieve package info from https://packages.pfsense.org.

dmitripr

@bennyc:

I had no longer access to the forum (??)

I also couldn't access pfsense sites (form, packages … nothing). Looks like they were down for some time today. Don't think it has anything to do with the pfsense box, I couldn't access the sites from work either.

Now, they seem to be back up.

dmitripr

Well, I just tried to access packages page again, and what do you know … doesn't work. Same error as before (in the original post of this thread).

I don't think it's the router. Something's gotta be wrong with the packages server. It seems to be a hit or a miss.

maartens

Definitely seems to be something wrong with the package server. pfSense attempts to do a POST to https://packages.pfsense.org/xmlrpc.php but this results in a 502 Bad Gateway error. Probably something is up with either nginx or PHP on the package server.

Supermule

No go on 42 firewalls…. deffo something with the server...

eduardogoncalves

I have a fresh install and isn't working…
I can ping packages.pfsense.org from pfsense box.@dmitripr:

Well, I just tried to access packages page again, and what do you know … doesn't work. Same error as before (in the original post of this thread).

I don't think it's the router. Something's gotta be wrong with the packages server. It seems to be a hit or a miss.

Jambro1964

So any ETA on a fix for the 502 error? SSL cert expire? ISP gateway change and filtering HTTPS?

Supermule

Stale ARP cache?

Jambro1964

Working now. Thanks for getting it running again. I am right in the middle of doing my last install (hopefully) of PFSense/Squid/QLProxy.
This will work great for my kids' school.

Jim

bennyc

Still not working here in https !

Those in need of a package, see this topic for a workaround:
https://forum.pfsense.org/index.php?topic=75265.msg437914#msg437914

–edit: I see the packages, but package installation is not coöperating yet  :( --
--seems I have a partially installed package now.                                            --
--new error bottom of packages page during removal:                                    --
-- Warning: Unterminated comment starting line 904 in /usr/local/pkg/snort/snort.inc on line 904 Parse error: syntax error, unexpected $end in /usr/local/pkg/snort/snort.inc on line 904      --

BBcan177

– Warning: Unterminated comment starting line 904 in /usr/local/pkg/snort/snort.inc on line 904 Parse error: syntax error, unexpected $end in /usr/local/pkg/snort/snort.inc on line 904       --

Did you try to uninstall Snort and then try a fresh install.

bennyc

@BBcan177:

Did you try to uninstall Snort and then try a fresh install.

Yes, a couple of times, but each time with a different result. Removing required me to remove the files (the hard way)
It starts fine, but never makes it completely. Noticed it also makes an https connection to the package server, so assuming now the problem is also there.

I reverted back to https for xmlrpcbaseurl now, and still can't see the available packages. I saw on the related thread someone posted it is working again (for him), here it isn't yet so I'm going to remain a bit patient before continuing…  ;)

NetWiz

No access to packages. I can see only list of them, but when I try to install it don't. May be it from ISP on pfSense server.

P.S. I am from Russia. Seems to me, it  comes from sanctions against us.

bennyc

So I'm back in the office, and guess what? Packages are available on the pfSense instance here, no issue at all?
Tunnel'ed -> home, but still no go on the home FW?
Even opening the package page, gives again following errors:

Aug 11 09:08:12 php: /pkg_mgr_installed.php: XMLRPC communication error:
Aug 11 09:08:12 php: /pkg_mgr_installed.php: XML_RPC_Client: Connection to RPC server packages.pfsense.org:443 failed. 103

Same ISP.
Could someone point me to a direction on how to tackle this, as it's driving me nuts!

bennyc

I've started packet capture on both systems (office = working, home != working)
What I've noticed right away, is that the exchange at home is quite different. Reassambly is working @home, and several times a window size update during this exchange (??)
And I don't have that in the exchange captured in the office.
Could it be this is what the server (proxy?) is tripping over?

What is different in setup, is that at home I present my wan connection tagged to the APU, and lan untagged… So the MTU is off by 4 bytes. Could it be there it's going wrong?
Strange enough I see no other symptoms, and only recently this is giving problems.

Going to try some things later, but not to keen on changing WAN connection stuff on a remote box  ::)

BBcan177

Bennyc,

What browser are you using? Have you tried on a different browser as a test?

bennyc

Hi,

tnx for the suggestion. I work with Chrome normally, and tried with Firefox. No difference.

Changed the MTU size of the WAN if to 1496. (so I have now 1500 for re0, and 1496 for the vlan if on re0)
No difference in behaviour unfortunately, still still see retransmissions & lost segments warnings when I do another capture  >:(
It does this however only when I go to "available packages". When going to "installed packages", it also connects to the server "packages.pfsense.org" on 443 but this seems to go fine (maybe less data to exchange?)

I'm pretty sure though I'm on the right track… will try to switch to non-tagged environment for the APU this evening to at least get this working again. (it already asked too much of my time... all this just to get a package (there's no such thing as a free lunch? ::)))

bennyc

interesting read (for someone new to freebsd): http://etutorials.org/Networking/Integrated+cisco+and+unix+network+architectures/Chapter+5.+Ethernet+and+VLANs/VLAN+Configurations/ , scroll down to § FreeBSD/OpenBSD VLAN Capabilities
This guy says freebsd should auto-correct the MTU when creating the vlan if (decrease by 4B)

I checked that one my system, it did not. (phys.int MTU and vlan on that int remains both 1500). No idea if that's a bug or normal behavior 8)

bennyc

Another update… Moved from vlan approach for WAN, to regular setup, default MTU.

1 good thing, some bad.

The good:

• I saw available packages again on my home FW.

The bad:

• I cannot prove it is no coincidence. Could be just luck, or someone fixing the packages server.

• Note the "past" in the good news. Saw. It worked once. Gone again….

• I still have some errors in log, though also different onces. And many of them are arprequest errors

The new errors:
Aug 11 23:28:45 kernel: arprequest: cannot find matching address
Aug 11 23:28:35 php: /pkg_mgr.php: XMLRPC communication error:
Aug 11 23:28:35 php: /pkg_mgr.php: XML_RPC_Client: Connection to RPC server packages.pfsense.org:443 failed. 103

NetWiz

I have monitored by Wireshark VmWare's Workstation with installed pfsense 2.1.4, with changed "xmlrpcbaseurl" => "http://packages.pfsense.org"

Result: pfSense make successful request for available packages. But when I selected some packages to install, it has switched to the https-traffic. And failed to receive anything.

I can provide logs from Wireshark by demand.

Next time I will try to use VPN, with US-based IP.

bennyc

Issue seems to be solved?
Didn't touch anything here, but have https access again + was able to install packages.

You got to love it  ;D