Unable to download Mac / IOS updates

TheSpatulaOfLove

Hello all

I'm having a bear of a time updating Macs and IOS devices behind my pfSense firewall.    The updates will begin downloading, but stall after a short time, then eventually error out.          I'm on the latest stable release (no betas) with the following packages installed:

avahi         Avahi Zeroconf/mDNS Daemon
c-icap         ICAP Inteface for Squid and ClamAV integration
clamd         ClamAV Antivirus
darkstat         Darkstat bandwidth monitoring daemon
dhcpd         DHCP Service
dpinger         Gateway Monitoring Daemon
lightsquid_web Lightsquid Web Server
miniupnpd         UPnP Service
ntpd                 NTP clock sync
snort                 Snort IDS/IPS Daemon
squid         Squid Proxy Server Service
squidGuard Proxy server filter Service
unbound         DNS Resolver

Things I have tried:

Disabling squid/squidguard, disabling snort, disabling clamd.    The result is the same, with a host of icap errors in addition when I try to go to the web with these services disabled.

Can anyone point to me where to begin troubleshooting this?    I cannot find anything obvious in logs, but perhaps I'm not looking in the right place.

Thanks for any help!

W4RH34D

Are you using the default any/any firewall rules on the lan you're using to try these updates?

Your answer will be in the firewall log if not.

TheSpatulaOfLove

I don't have any special firewall rules added, except a a port forward for Plex.

As far as the Firewall logs, I cannot discern anything that points to Apple servers.  I do see some IPv6 entries for the client machine, but the destination doesn't seem to make sense.

Additional notes:

The update I'm trying to perform is through iTunes, not from the IOS device by itself.    It downloads roughly 200MB, then stalls and gives an error 3259 in iTunes.

va176thunderbolt

The 3259 error is a timeout - you're waiting for data, and it waits a certain amount of time then gives up.
The Apple message boards indicate the anti-virus software can/often causes this.

TheSpatulaOfLove

Thanks for responding, va176.

I did research the apple error as a time out, but considering I'm downloading to a Mac with no antivirus, and if i go direct to cable modem and things work fine, it leads me to believe I have something strange going on within pfsense.

When I initiate the download, it's full speed right til about 213MB, then abruptly stops.    I can't explain it any other way.  I've tried a few iPads through iTunes and get the same result every time.

TheSpatulaOfLove

Can anyone else help?    I'm really stuck with this one and am getting nowhere.

KOM

While I have seen cases where squid interferes with updates, I've not seen that same behaviour when going direct.  Your only option might be to do a packet capture on WAN right around the time that the problem happens and then analyze it in Wireshark to see if the handshaking and transfer are happening as expected or not.

TheSpatulaOfLove

KOM -

Do you mind teaching me how to fish, here?  I've not used Wireshark before, and I have downloaded it to the machine I'm trying to update Ipads fro and ran it while trying to download the update.  I see some red lines, but I'm not sure what I'm looking at, and how to determine the cause.

KOM

Teaching you how to use Wireshark is beyond the scope of what I'm willing to do here.  Sorry, but it's a big topic.  I know about enough to be dangerous after having worked my way through this book:

https://www.amazon.ca/Troubleshooting-Wireshark-Performance-Problems-Solution-ebook/dp/B00I2VL1WA/

There should be YouTube videos that can get you started, or feel free to post your .cap file here for the gang to look at and assist with.