PfSense restore stuck on "waiting for internet connection to update pkg…"



  • I installed pfSense 2.3.2 on new hardware, went through the initial wizard and then restored a configuration of an existing router.

    On the first boot it got stuck on "Waiting for internet connection to update pkg metadata and finish package reinstallation Updating pfSense-core repository catalogue…"

    Where it has been sitting for a little while.

    This system doesn't currently have an internet connection, and the WAN information on the restored configuration is for a different site, so even if I were to plug it in it would have all the wrong IP info.

    Is there anything that I can do to resolve this?



  • Yep, this is the biggest issue IMHO with the 2.3+ systems. No manual updates and no chance to install/restore things offline is a real pain in the ass.

    The only thing you can do is to "go live" and do it on-site, at the real final place where the box would be, and cross your fingers everything will be fine. Unfortunately this can increase downtime…



  • I'm having the same issue.  Interesting thing is that I have two sites I'm upgrading from 2.2.6 to 2.3.2 and one of the configs restored just fine!

    Ironically it happens to be the config that I needed to change the interface names in the config (from em# to igb#).  That one worked but the one from a sg-400 is the one that's giving me fits.

    Is this what you are getting (eventually)?

    "Waiting for Internet connection to update pkg metadata and finish package reinstallationUpdating pfSense-core repository catalogue…
    Unable to update repository pfSense-core"



  • I've been burned by this twice in the last month.  The second time, I was careful to DELETE the entire InstalledPackages section from the config file before restoring it, and it STILL comes up hung waiting for Internet.  If not deleting InstalledPackages from config.xml, then WHAT?  There must be a way to restore a configuration sans packages.


  • Banned

    Even without packages would NOT help. STILL needs Internet connection.



  • Eventually (~20 minutes), it will give up on Internet access, finish loading, and present the console menu.

    If this is how it must be, it would be nice if it would:
    a) provide this information on the console, including the fact that if patient it will finish loading.
    b) offer us an option to give up immediately and proceed w/o Internet.

    The first time hit this problem I was setting up a system with LTE Modem as WAN, was having trouble with some recent changes and figured I'll just restore config from an hour ago.  Oops, was I ever disappointed.  There was no clue I would get anywhere w/o Internet.  The old system I was replacing depended on a Ethernet to Wireless bridge to the chronically overloaded public WiFi offered by the ski resort. I reconfigured that bridge to use my phone hot-spot in order to let pfSense have it's Internet to finish booting.

    An other option I've used since, is to connect my notebook to Internet by WiFi and use Windows Internet Connection Sharing to share the Ethernet port to pfSense WAN.



  • It's a limitation of the PKG packaging system, it absolutely needs a working internet connection as it is configured now. The alternative would be to offer to use pre-downloaded packages from a USB memory stick for example and this is quite doable but needs quite a bit of work. Someone want to start a bounty to implement this?



  • Just to clarify: by PKG packaging system, we're referring to pkg_mgr_installed.php, the optional packages, yes?

    pkg_mgr may absolutely need Internet to function, but we already know if we wait 20 minutes, we will regain access to the console and GUI to finish configuring our system.

    It just seems unreasonable to have to suffer a 20 minute delay because we restored a configuration that doesn't include a working WAN interface.
    Worse, those experiencing it the first time, won't even know there is a time-out, and will needlessly resort to reinstalling.

    I mean, I'm learning to work around it, but it seems it would be simple to at least update the "waiting for Internet" display to include "time-out after n minutes". If there was also a way to accept user input to effect an immediate timeout that would be great!

    Thank You,
    S:)


  • Banned

    No. We are referring to pkg (the FreeBSD package manager).



  • I suggest doing the following when you want to restore a config file onto a pfsense at your support office.

    1. Plug the WAN port into your LAN switch.
    2. Edit the config xml file in notepad and change the wan interface to the following:

    <wan><if>igb0</if>
    <enable></enable>
    <ipaddr>dhcp</ipaddr>
    <dhcphostname></dhcphostname>
    <alias-address></alias-address>
    <alias-subnet>32</alias-subnet>

    <adv_dhcp_pt_timeout></adv_dhcp_pt_timeout>
    <adv_dhcp_pt_retry></adv_dhcp_pt_retry>
    <adv_dhcp_pt_select_timeout></adv_dhcp_pt_select_timeout>
    <adv_dhcp_pt_reboot></adv_dhcp_pt_reboot>
    <adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_backoff_cutoff>
    <adv_dhcp_pt_initial_interval></adv_dhcp_pt_initial_interval>
    <adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values>
    <adv_dhcp_send_options></adv_dhcp_send_options>
    <adv_dhcp_request_options></adv_dhcp_request_options>
    <adv_dhcp_required_options></adv_dhcp_required_options>
    <adv_dhcp_option_modifiers></adv_dhcp_option_modifiers>
    <adv_dhcp_config_advanced></adv_dhcp_config_advanced>
    <adv_dhcp_config_file_override></adv_dhcp_config_file_override>
    <adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path>
    <spoofmac></spoofmac></wan>

    And delete anything under gateways, including whatever gateway groups you may have had.

    This way when you restore, the pkg process can see there is an internet connection through your own LAN switch and reinstall the packages to fly past it.

    Then when it comes back online, reconfigure the WAN ports, gateways, and gateway groups to whatever you used previously, if static, etc.



  • note that your interface name on that hardware may not be igb0, so make sure it is whatever the correct hardware interface name should be before saving.


Log in to reply