Unable to update pfSense or load Package List
-
Hi, for some reason, today I am unable to load the package list, either installed or available.
In GUI, Package Manager states “Please wait while the list of packages is retrieved and formatted.”, quickly followed by “Unable to retrieve package information.”
In Shell, I run "pkg update –f", but this gives multiple errors stating “No address record” against the pkg.pfsense.org repo addresses. DNS has been confirmed, I can curl google.com for example from shell, and it resolves fine, so the initial thought of there being no DNS resolution to the pkg repo addresses is false.
Any ideas? Is there an issue with pfSense pkg repos right now?
Thanks.
-
Are you using IPv6?
-
Hi,
No not on IPv6. IPv4 from one of our new allocated ranges. We gave the firewall a different/additional public IP and updated/installed packages via that. But if we go back to our actual public IP, we cant communicate with pfsense package mirrors.
-
Is there a way to contact pfSense or its apt sources administrators?
I have rolled out another deployment using another /24 form our new /22 that the original fault lay within, and these two firewalls are also seemingly blocked from accessing the update/package servers.
For reference, the /22 is 185.184.156.0/22.
The 2 /24's that I can confirm are having trouble accessing the updates/packages are 185.184.156.0/24 and 185.184.157.0/24
Any ideas? If I bind an IP from another subnet to the firewall on WAN, and try to isntall packages, it works fine. But clearly I cannot do this once they are in production. the affected subnets/ranges work fine in all other respects, there are no blocks at this end.
Thanks.
-
There is no apt in pfSense, in the first place. Otherwise, try coreteam (at) pfsense (dot) org perhaps, if noone responds here.
-
Sorry, my mistake, was mixing up two different projects. I meant pkg sources. I've emailed core team but no response yet. My submissions to the pfsense list also never seem to get approved either, none of my entries appear in the list.
-
You emailed us 27 Jan. Obviously(?) we received it. Today is 30 Jan, and there has been a weekend in-between. Your "I've emailed core team but no response yet." from early this morning doesn't seem to be, to use a British idiom, "fair play".
We don't block specific prefixes.
Things seem to (nominally) work from here:
[jim@nfs4 ~]$ traceroute 185.184.156.1
traceroute to 185.184.156.1 (185.184.156.1), 64 hops max, 40 byte packets
1 fw1-office (172.27.32.2) 0.227 ms 0.200 ms 0.124 ms
2 gw1 (208.123.73.2) 0.290 ms 0.409 ms 0.354 ms
3 rrcs-67-78-98-145.sw.biz.rr.com (67.78.98.145) 0.717 ms 2.274 ms 0.724 ms
4 ae15.AUSUTXLA02H.sw.twcbiz.com (24.73.240.204) 8.199 ms 3.823 ms 7.968 ms
5 agg50.ausxtxir02r.texas.rr.com (24.175.43.183) 7.420 ms 7.531 ms 7.598 ms
6 agg22.hstqtxl301r.texas.rr.com (24.175.41.48) 13.863 ms 14.521 ms 10.416 ms
7 ge-2-1-0.a0.sea90.tbone.rr.com (66.109.1.218) 10.919 ms 13.587 ms 7.981 ms
8 * * *
9 ae-129-3515.edge6.London1.Level3.net (4.69.166.73) 106.627 ms 105.456 ms 105.546 ms
10 rtr-152-3356.cdc.custdc.net (109.74.255.84) 107.226 ms 107.149 ms 107.148 ms
11 rtr-151.cdc.custdc.net (109.74.255.241) 108.249 ms 107.081 ms 106.825 ms
12 mai-core-rou1.vooservers.com (109.74.246.106) 106.870 ms 106.711 ms 107.065 ms
[jim@nfs4 ~]$ ping 185.184.156.1
PING 185.184.156.1 (185.184.156.1): 56 data bytes
64 bytes from 185.184.156.1: icmp_seq=0 ttl=239 time=107.213 ms
64 bytes from 185.184.156.1: icmp_seq=1 ttl=239 time=107.341 ms
64 bytes from 185.184.156.1: icmp_seq=2 ttl=239 time=106.871 ms
^C
–- 185.184.156.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 106.871/107.142/107.341/0.198 ms
[jim@nfs4 ~]$ ping 185.184.157.1
PING 185.184.157.1 (185.184.157.1): 56 data bytes
64 bytes from 185.184.157.1: icmp_seq=0 ttl=241 time=37.913 ms
64 bytes from 185.184.157.1: icmp_seq=1 ttl=241 time=37.818 ms
64 bytes from 185.184.157.1: icmp_seq=2 ttl=241 time=37.710 ms
^CI'm having staff contact you for more details.
Jim