pkg-static update still using 100% cpu! Unacceptable!

RedDelPaPa

@bmeeks Absolutely positive. I'm working from a desktop and the only route to the internet is through the pfsense box. Hostnames and DNS are all handled through the pfsense box via DHCP.

UPDATE: I have discovered that if I keep trying to install a package, it will eventually succeed after about 25 to 50 tries. So it seems to me, the only reason this has become such a huge problem is because the package updater utility sucks terribly. It must not have any stop/retry/resume capability.

RedDelPaPa

@bmeeks The path to and from my desktop to the internet is as follows:

Actiontec C3000A DSL modem (public IP) > (Public IP) Pfsense Box (Private IP) Netgear 16 port switch > Desktop (Private IP).

Wifi AP (Private IP) connected to Netgear switch for wifi connectivity.

This has been my setup for the last year and it has worked flawlessly. And still does, except for the pfsense box's ability to download and install packages.

bmeeks

@RedDelPaPa said in pkg-static update still using 100% cpu! Unacceptable!:

@bmeeks Absolutely positive. I'm working from a desktop and the only route to the internet is through the pfsense box. Hostnames and DNS are all handled through the pfsense box via DHCP.

UPDATE: I have discovered that if I keep trying to install a package, it will eventually succeed after about 25 to 50 tries. So it seems to me, the only reason this has become such a huge problem is because the package updater utility sucks terribly. It must not have any stop/retry/resume capability.

No, there is something unique wrong with your setup. The pkg utility works fine for the vast majority of pfSense and FreeBSD users. I don't know what your issue is, but I can assure you that it is not a widespread problem with pkg. If it was, everyone all over the world would be screaming. There would never be a valid reason for the utility to expect to attempt a file download 20 to 50 times before it succeeded. True someone could add a "resume" feature one day, but for most folks that would be pointless. The downloaded package files are usually just a few megabytes in size at most, and come down very quickly on most connections these days.

So we need to just focus on what is wrong with your setup. One hunch would be a hardware issue with your NIC, but since you say the rest of your network works fine, that would sort of take that out of the equation. That theory was why I was asking for your network configuration.

Did you ever run the disk test I posted the command for? It is possible you have a disk issue, however I would expect to see some hardware errors logged in that case. The pkg utility will write the files to disk as it downloads them. A failing disk (actually a type of SSD for the SG-3100) would cause issues.

Are you still seeing any "no route to host" error messages like the one you posted previously? That really indicates a connectivity issue at some level in the box.

RedDelPaPa

@bmeeks Yes I can run speed test after speed test, or consistent pings to specific hosts with no drops and consistent high speeds. One fellow did mention he thinks my box might have failing storage as well. I ran that test you asked. Where do I find the results?

I'm still getting routine no route to host fails when trying to install packages.

bmeeks

@RedDelPaPa said in pkg-static update still using 100% cpu! Unacceptable!:

@bmeeks Yes I can run speed test after speed test, or consistent pings to specific hosts with no drops and consistent high speeds. One fellow did mention he thinks my box might have failing storage as well. I ran that test you asked. Where do I find the results?

I'm still getting routine no route to host fails when trying to install packages.

Is any other package actually successfully installed on the box yet? If so, disable everything and simply concentrate on installing just the OpenVPN Client Export package (I think that was one you were installing). Other packages, if they are installed, can certainly interfere and cause issues.

Also, does anything suggested in this Reddit thread apply or help you?

https://www.reddit.com/r/PFSENSE/comments/9au4hj/no_route_to_host_install_packages_locally/

RedDelPaPa

@bmeeks I will say that occasionally my personal and work mobile phones will have a little trouble opening data in certain apps through wifi. But I have never noticed any connectivity issues at all from my hard wired desktop machines that all go through the pfsense router.

bmeeks

@RedDelPaPa said in pkg-static update still using 100% cpu! Unacceptable!:

@bmeeks I will say that occasionally my personal and work mobile phones will have a little trouble opening data in certain apps through wifi. But I have never noticed any connectivity issues at all from my hard wired desktop machines that all go through the pfsense router.

I am fairly certain you have something going on with your network configuration. "No route to host" means just what it says -- the firewall itself can't get out to the Internet, or it gets out only sporadically. Check the things listed in that Reddit thread like default route, make sure you have no gateway defined on the LAN, etc.

RedDelPaPa

@bmeeks I've managed to get pfBlocker back on, and mail report. Still can't get suricata back on.

Heading out to lunch. I will check on this when I get back. Thanks for all your help, Bill.

bmeeks

Here is one other set of pkg troubleshooting steps/commands you can try --

https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#force-pkg-metadata-update

Running that "update" sub-command will maybe help identify what the issue is.

Also, with pfBlocker, if you have large IP lists that it is downloading/updating and if you are using DNSBL, that can cause issues. For instance, with DNSBL, each time it downloads an updated list (or an initial list), it will restart the unbound DNS resolver service. While unbound is restarting, it can't service DNS requests from something like pkg. So lots of potential moving parts to consider while troubleshooting. That's why I suggested disabling every installed package while you are trying to install another one. This is especially true for pfBlocker.

RedDelPaPa

@bmeeks Checked that reddit post and everything looks to be as it should IPv4 is my default gateway and the address is correct. No LAN gateway configured.