Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Updates or Packages

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 8 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      Can you open https://updates.pfsense.org/_updaters/amd64/ in your browser?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Got something upstream of that, like a proxy/web content filter/similar doing SSL MITM? That should be the only reason you'd end up with that specific error. Try going to a command prompt and running:

        fetch https://packages.pfsense.org 
        

        and see what that results in.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          I would think you would want to see -v

          fetch https://packages.pfsense.org -v
          looking up packages.pfsense.org
          connecting to packages.pfsense.org:443
          SSL options: 81004bff
          Peer verification enabled
          Using CA cert file: /usr/local/etc/ssl/cert.pem
          Verify hostname
          SSL connection established using ECDHE-RSA-AES256-GCM-SHA384
          Certificate subject: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org
          Certificate issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
          requesting https://packages.pfsense.org/
          local size / mtime: 23 / 1394690197
          remote size / mtime: 23 / 1394690197
          packages.pfsense.org                          100% of  23  B  80 kBps 00m00s

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            @johnpoz:

            I would think you would want to see -v

            That'd be even better. Just the fetch alone is enough to tell if it's failing the cert check or not there, but adding the -v will tell more as to why if it is.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              I have seen this as well 2-3 times at well… 1000% sure there's no MITM proxy anywhere. Also, at times, it simply breaks with IPv6 intermittently.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                to see if ipv6 issue couldn't you just set pfsense to prefer ipv4 and then it wouldn't try ipv6

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • T
                  theflu
                  last edited by

                  It started working after a while don't know what I actually changed. I was making a  lot of changes to get the box to work in general.

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    You should always document what you change so that 1) you know what you did to fix the issue, 2) you can undo your changes if you break something.  I have had to clean up so many messes because my boss like to fiddle & play but doesn't know what he's doing, doesn't write anything down and doesn't remember what he did.

                    1 Reply Last reply Reply Quote 0
                    • L
                      Logharn
                      last edited by

                      Hi!
                      I'm having the same exact issue as the OP.
                      It's a fresh install that I'm building up.

                      2.2.2-RELEASE (amd64)
                      built on Mon Apr 13 20:10:22 CDT 2015
                      FreeBSD 10.1-RELEASE-p9

                      Results for "fetch https://packages.pfsense.org -v"

                      looking up packages.pfsense.org
                      connecting to packages.pfsense.org:443
                      SSL options: 81004bff
                      Peer verification enabled
                      Using CA cert file: /usr/local/etc/ssl/cert.pem
                      Verify hostname
                      SSL connection established using ECDHE-RSA-AES256-GCM-SHA384
                      Certificate subject: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.pfsense.org
                      Certificate issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
                      requesting https://packages.pfsense.org/
                      34381030760:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:/usr/pfSensesrc/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:1026:
                      fetch: transfer timed out

                      The error message is almost clear, I suppose.
                      Anyway:
                      Clock is working fine.
                      DNS resolution working.
                      Browsing to https://updates.pfsense.org/_updaters/amd64/ works.
                      I've disabled WAN IPv6.

                      Thanks.

                      1 Reply Last reply Reply Quote 0
                      • F
                        francisvgarcia
                        last edited by

                        Good night everyone,

                        I was having the same issue after implementing the Hurricane Electric's IPv6 tunnel service. I ended up checking "Prefer to use IPv4 even if IPv6 is available" in System: Advanced: Networking. This solved my problem and I didn't have to deactivate IPv6.

                        Good luck

                        Francis V Garcia

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.