Routing all traffic through ipsec, pfsense can't update
-
Hi i have a pfsense box a place where we route all trafic trough ipsec to another pfsense box, the inteternet connection does not allow any other traffic than ipsec.
everything works great for clients but not for the pfsense box itself when i want to update the box or check for packages it does not work.
i think i have to make a new lan gateway and maybe route netgate update ip to that (not sure what ip is used) but i am not really sure, anyone can help me? -
anyone know the ip where pfsense gets its updates and packages from?
-
bump
-
It looks like you cannot manually update 2.3 and newer. Internet only. With that said it doesn't answer your question, but this shows you where the option used to be in the system.
From: Firmware Updates - Version 2.3 and newer
https://doc.pfsense.org/index.php/Firmware_Updates#Version_2.3_and_newer
In 2.3 and newer versions, the update system is pkg-based, changing the available update methods. Upgrades are performed either under System > Update in the webGUI, or option 13 at the console. Manual updates are no longer available, and systems must be Internet-connected to update. -
- Do a config backup
- Download the lastest version 2.4.1 64Bit
- Do a fresh and full install on your pfSense box
Be sure that the entire hardware is 64Bit only and that your installation is not a NanoBSD.
-
thanks for replying but is does not solve the problem with no internet
-
I think youl need a workaround similar to this one: https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN
Make your lan-ip the default gateway perhaps. The ipsec will probably still work going out the wan as it makes a static route of its own..
-
Thanks, it worked, had to make 2 static routes bacause i can only select 0.0.0.0/1 in static routes so i made a anoter entry with 128.0.0.0/1 and updates began working.