Need help for a pfsense updater ip/host "hack"

danioj

hi guys, as the subject suggests i need help hacking into the pfsense updater settings.

essentially this is my issue. i have things locked down so much that i don't specify a global dns server other than 127.0.0.1. this allows all my clients who access the server via 192.168.1.1 local dns to resolve machine names. i set external dns servers in each machines static ip / dns entry. some for clear net and some for vpn. then doubling down on access rules to specific dns servers via alias lists and firewall rules for certain ip's to one gateway or another and prevent dns leaks.

anyway, that was more for context. the setup works great but for one thing. pfsense updater. clearly somewhere in the pfsense settings there is a host name which needs resolving, which clearly it can't, as i have not specified a dns server. much like i do with the openvpn server connection, id like to be able to get into the settings and change the updater host address to an ip address so i can download updates etc.

problem is, i cannot find it. anywhere. can someone help me please?

edit: i am currently running 2.3.2 community edition.

jimp

You can see the servers in /usr/local/share/pfSense/pkg/repos/pfSense-repo.conf

But don't edit that file. Instead, make a host override in your resolver/forwarder (whichever you're using) to resolve pkg.pfsense.org to 162.208.119.39 (or whatever it resolves to for you on a system with connectivity.

Hardcoding addresses like that is dangerous, however, as we could move that to another IP address at any time.

danioj

@jimp:

You can see the servers in /usr/local/share/pfSense/pkg/repos/pfSense-repo.conf

But don't edit that file. Instead, make a host override in your resolver/forwarder (whichever you're using) to resolve pkg.pfsense.org to 162.208.119.39 (or whatever it resolves to for you on a system with connectivity.

Hardcoding addresses like that is dangerous, however, as we could move that to another IP address at any time.

i can't believe i didn't think of that myself. thanks very much. appreciate it.

danioj

@danioj:

@jimp:

You can see the servers in /usr/local/share/pfSense/pkg/repos/pfSense-repo.conf

But don't edit that file. Instead, make a host override in your resolver/forwarder (whichever you're using) to resolve pkg.pfsense.org to 162.208.119.39 (or whatever it resolves to for you on a system with connectivity.

Hardcoding addresses like that is dangerous, however, as we could move that to another IP address at any time.

i can't believe i didn't think of that myself. thanks very much. appreciate it.

worked like a charm.

for anyone else wanting to do the same thing and stumbles on this post, this is how it is done:

assuming host is pkg.pfsense.org and that resolves to 162.208.119.39

services>dns forwarder>host overrides>add

host = pkg
domain = pfsense.org
ip address = 162.208.119.39
description = pfsense updater override

save
apply

:) 8)