Unable to retrieve package info from https://packages.pfsense.org.

NetWiz

No access to packages. I can see only list of them, but when I try to install it don't. May be it from ISP on pfSense server.

P.S. I am from Russia. Seems to me, it  comes from sanctions against us.

bennyc

So I'm back in the office, and guess what? Packages are available on the pfSense instance here, no issue at all?
Tunnel'ed -> home, but still no go on the home FW?
Even opening the package page, gives again following errors:

Aug 11 09:08:12 php: /pkg_mgr_installed.php: XMLRPC communication error:
Aug 11 09:08:12 php: /pkg_mgr_installed.php: XML_RPC_Client: Connection to RPC server packages.pfsense.org:443 failed. 103

Same ISP.
Could someone point me to a direction on how to tackle this, as it's driving me nuts!

bennyc

I've started packet capture on both systems (office = working, home != working)
What I've noticed right away, is that the exchange at home is quite different. Reassambly is working @home, and several times a window size update during this exchange (??)
And I don't have that in the exchange captured in the office.
Could it be this is what the server (proxy?) is tripping over?

What is different in setup, is that at home I present my wan connection tagged to the APU, and lan untagged… So the MTU is off by 4 bytes. Could it be there it's going wrong?
Strange enough I see no other symptoms, and only recently this is giving problems.

Going to try some things later, but not to keen on changing WAN connection stuff on a remote box  ::)

BBcan177

Bennyc,

What browser are you using? Have you tried on a different browser as a test?

bennyc

Hi,

tnx for the suggestion. I work with Chrome normally, and tried with Firefox. No difference.

Changed the MTU size of the WAN if to 1496. (so I have now 1500 for re0, and 1496 for the vlan if on re0)
No difference in behaviour unfortunately, still still see retransmissions & lost segments warnings when I do another capture  >:(
It does this however only when I go to "available packages". When going to "installed packages", it also connects to the server "packages.pfsense.org" on 443 but this seems to go fine (maybe less data to exchange?)

I'm pretty sure though I'm on the right track… will try to switch to non-tagged environment for the APU this evening to at least get this working again. (it already asked too much of my time... all this just to get a package (there's no such thing as a free lunch? ::)))

bennyc

interesting read (for someone new to freebsd): http://etutorials.org/Networking/Integrated+cisco+and+unix+network+architectures/Chapter+5.+Ethernet+and+VLANs/VLAN+Configurations/ , scroll down to § FreeBSD/OpenBSD VLAN Capabilities
This guy says freebsd should auto-correct the MTU when creating the vlan if (decrease by 4B)

I checked that one my system, it did not. (phys.int MTU and vlan on that int remains both 1500). No idea if that's a bug or normal behavior 8)

bennyc

Another update… Moved from vlan approach for WAN, to regular setup, default MTU.

1 good thing, some bad.

The good:

• I saw available packages again on my home FW.

The bad:

• I cannot prove it is no coincidence. Could be just luck, or someone fixing the packages server.

• Note the "past" in the good news. Saw. It worked once. Gone again….

• I still have some errors in log, though also different onces. And many of them are arprequest errors

The new errors:
Aug 11 23:28:45 kernel: arprequest: cannot find matching address
Aug 11 23:28:35 php: /pkg_mgr.php: XMLRPC communication error:
Aug 11 23:28:35 php: /pkg_mgr.php: XML_RPC_Client: Connection to RPC server packages.pfsense.org:443 failed. 103

NetWiz

I have monitored by Wireshark VmWare's Workstation with installed pfsense 2.1.4, with changed "xmlrpcbaseurl" => "http://packages.pfsense.org"

Result: pfSense make successful request for available packages. But when I selected some packages to install, it has switched to the https-traffic. And failed to receive anything.

I can provide logs from Wireshark by demand.

Next time I will try to use VPN, with US-based IP.

bennyc

Issue seems to be solved?
Didn't touch anything here, but have https access again + was able to install packages.

You got to love it  ;D

iorx

Hi!

Can confirm. Two of my 2.1.4 installations now show Available Packages with out any problems.

It would be fun to know if the pf-team did something to the packet-server. Did you?  ;)

maverick_slo

Hey guys!

I have still problems with IPv6 access to packages…
Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.

Also see this:

IPv6 validation for http://www.pfsense.com

AAAA DNS record 2610:160:11:11::69
IPv6 web server web server is unreachable : No route to host
IPv6 DNS server

And:

IPv6 validation for https://packages.pfsense.org

AAAA DNS record 2610:160:11:11::88
IPv6 web server web server is unreachable : Connection timed out
IPv6 DNS server

What is going on here?
On IPv4 works just fine.

I have no snort blocks and all other IPv6 services and sites are working just fine for me.
This is happening on 2 different pfSense boxes, one 2.1.4 and other 2.1

Regards,
Greg

shell

Any further information? I have the same Problem.

robsonfelix

Guys,

I am having the same issue and pfSense won't allow me to install any new packages.

php: /pkg_mgr.php: XMLRPC request failed with error 5: Didn't receive 200 OK from remote server. (HTTP/1.0 403 Forbidden)

I also receive "faultCode 105 faultString XML error: Invalid document end at line 1" when trying to access https://packages.pfsense.org/xmlrpc.php.

If I open https://packages.pfsense.org/ the only thing I see is "packages.pfsense.org".

Anybody shares the same issues?

Heelp :)

MrMoo

It appears that packages.pfsense.org now has an IPv6 address and pfSense package manager does not implement Happy Eyeballs and thus is failing to fallback to IPv4 if you have IPv6 enabled but no successful connection through the Internet.

I removed my default IPv6 route and the package manager sprung back to life.  I was testing routing IPv6 over OpenVPN with a ULA prefix.

Guest

Given that Happy Eyeballs only exists in (quoting from your link): Google's Chrome web browser, Opera 12.10, Firefox version 13, and Mac OS X Lion, I'm going to hand this back to you with a, "patches accepted".

shell

IPv6 isn't active on my boxes. So i don't think it's a problem with ipv6

brainloss

I had the same issue, but found that I had disabled 'WAN_DHCP6' in Gateways.  I enabled this again and could then install packages.

vinhtrinh02dn

I was in this trouble yesterday, the problem was fixed when I choose to UPDATE (pfsense) FROM CONSOLE.
Cheers,