Avaliable Packages missing cant seem to find



  • hi
    I had issues with my squid proxy I guess wasn't deleting the cache or anything I posted error in the proxy/cache section but guess no one has ever gotten that error and couldn't help me

    so I uninstalled it.. and upgraded to the latest pfsense… and when I went to reinstall the squid proxy.. the available packages are gone.. there is no listing... I tried googling the issue but only found stuff from 7 years ago and that didn't work....

    has anyone had this issue with the 2.4.4-RELEASE(amd64)

    is there a command to retrieve it.. did the squidproxy issue break the package. or just by bad luck I lost the available packages..


  • Netgate Administrator

    Much more likely some other general connectivity issue.
    Try running at the console: pkg update.
    What error do you see? (if any)

    Steve



  • ah so the packages aren't installed in pfsense? but connect to the internet
    as my squid server was working for a month or 2 and then was giving me cache error dns error disable squid and she worked fine.. and then I uninstalled the proxy and wanted to reinstall and then all the packages were gone..

    but here I took screen shot of your pkg update
    0_1540162830575_pfsense1.JPG

    im still very new at this pfsense.. I use it for home as I like it has more options then my asus router... but seems asus routers don't conflict but I guess its like a tricycle and pfsense is more like a motor cycle.. so I keep learning


  • Rebel Alliance Developer Netgate

    "no address record" means it cannot resolve the server hostname in DNS. Either because you don't have working WAN connectivity from the firewall itself, or because your DNS configuration is not correct.

    Check your WAN settings, make sure you have a default gateway selected under System > Routing, make sure that default gateway shows as default under Diagnostics > Routes, and check your DNS settings under Services > DNS Resolver and System > General.



  • i notice if i reboot the pfsense the available packages show up... but if i go back to it say 5 min later... she is blank again
    as for the dns resolver this is what i have setup under general
    1_1540314797971_dnsres2.JPG 0_1540314797971_dnsres1.JPG


  • Netgate Administrator

    That's the Resolver settings. The settings in System > General also apply there.

    Since I see you have a VPN interface you might be policy routing all you traffic across it. In that situation it's possible for clients behind the firewall to have internet access which the firewall itself does not.
    Check for a default route in Diagnostics > Routes

    Steve



  • im not sure.. i just set it up via the installed for nordvpn and pfsense
    but here the other pics you mentions
    5_1540336158975_dns6.JPG 4_1540336158975_dns5.JPG 3_1540336158975_dns4.JPG 2_1540336158975_dns3.JPG 1_1540336158975_dns2.JPG 0_1540336158975_dns1.JPG


  • Netgate Administrator

    Ok, so are those DNS server at 103.86.9X.X at your ISP?

    If so they are probably not reachable via the VPN. But you have one set explicitly via the VPN and the other does not have a gatreway set so it uses the default route. But that's also the VPN.
    Normally the system would use the resolver when can use the VPN but you have set "do not use the resolver for the firewall" so it can only use what's set in System > General.

    Undoing any of those things will probably fix this but the least change is to set the pppoe gateway against those DNS servers in System > General. At least as a test.

    Steve



  • no those are the vpn dns server ones
    i followed the instructions here
    https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/


  • Netgate Administrator

    Hmm, should be good then. If you do to Diag > DNSlookup does it show success for all entries against pfsense.org?

    Steve



  • 0_1540343587884_dns7.JPG



  • i tried several google.com nordvpn.com still same error
    and cant even ping

    yet i have internet so im confused



  • frustrating i reboot the pfsense and it works the packages show... and the dns lookups work.. but 5 -10 min after the damn thing is gone and the dnslookup fails... would this be a dns server from the nordvpn being problem or a setting in pfsense


  • Netgate

    Probably the way you have your DNS configured. Hard to say if it's "nordvpn" or not.

    Personally, I would not accept a default route from a VPN provider. I would enable Don't pull routes and policy route over the VPN instead.



  • oh ok and why is that what does that mean

    and ok where i set that...

    thank you for all your inputs so far..


  • Netgate Administrator

    It's a setting in the OpenVPN client setup.

    Currently when you connect the server pushes a new default route to pfSense which you can see in your routing table.
    If you disable that you then have to route traffic you want to use the VPN manually with policy rules. That can still be everything if you need it to be.

    You have the option set to 'not use the resolver for the firewall itself' in System > General whcih is why the DNSLookup results only show those two DNS servers. If you unchecked that it would also try the local resolver at 127.0.0.1 which will likely always work and is why you other clients still work.
    It's interesting that those servers don;t work though with the default route being over the VPN. Was the VPN connected when you ran those tests?

    You could add another DNS server and set the pppoe gateway, say 8.8.8.8, and that will always work.

    Steve



  • ok hope i did this right... as ill see if it fails lol..seems after 5 10 min yesterday i don't remember as i dosed off and woke up today and couldn't do the packages or the dns lookup all fails.. i reboot and it works..
    so here is image.... and i already had the Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall already checked off
    0_1540387738179_pf1.JPG



  • the above didn't work i back to blank package manager... and the dns lookup doesn't work again
    works right after a reboot but after 2 hours i just re tried and she don't work.. but i have internet etc



  • i do notice some websites wont work.. like canadacomputers.com when searching.. doesn't always works times out... even if i turn off and on the OpenVPN client no go.. but when i reboot the pfsense.. the dnslookup works... the package manger works.. and the website for searching computer parts works again.. so i frustrated... i didn't have issues till i installed the squid but i have that uninstalled now... but i cant find why i keep loosing out... if part of the program glitched or its a toggle check box … works for a while after a reboot then stops


  • Netgate Administrator

    So after some time you just see 'no response' from 8.8.8.8 if you run a lookup?

    But initially after a reboot all three servers respond?

    Odd. Do you see anything blocked in the firewall log on port 53?

    Steve



  • ill have to take a new pic i lost it but when i do a reboot.. only 2 servers respond on that dnslookup.

    right now i cant do a package manger i get no packages again.. i ran dnslook up the 8 8 8 8 responds
    0_1540407031272_pf3.JPG

    i looked at logs no port 53 blocked just other ports it shows



  • here is image after i do a reboot i checked package manger and it shows up.. and i took a dnslookup… i find that people say use the filter reload so you don't have to reboot the pfsense computer but i find that does nothing.. a real reboot makes it work for a bit
    0_1540407431309_pf4.JPG


  • Netgate

    It would help to use name servers that actually respond if you are having DNS issues. Those 103.86.96/99 servers look like they are garbage. Why use them?


  • Rebel Alliance Global Moderator

    @derelict said in Avaliable Packages missing cant seem to find:

    Those 103.86.96/99 servers look like they are garbage. Why use them?

    Have to HIDE my p0rn surfing from my ISP don't ya know ;) Those are nordvpn dns servers..



  • Just switch to the resolver, it's much more reliable than those NordVPN DNS servers.



  • lol haha ya gotta hide the porn.. lol it also for geo location websites i cant access when im in Canada and i want other content
    and ya those servers are the nordvpn.. it just started not to long ago this issue

    as for the resolver is that the dns resolver ..
    this is my setup for that
    0_1540410298064_dnsre1.JPG 0_1540410308975_dnsre2.JPG 0_1540410328685_dnsre3.JPG


  • Rebel Alliance Global Moderator

    Well your clients might be using pfsense, which pfsense resolves. But from your dns diag output you don't have pfsense pointing to itself (resolver)

    So it has to use whatever shitty dns you tell it to use, like those nordvpn servers that don't answer or answer in 200+ ms

    Just let pfsense point to itself - loopback 127.0.0.1, and NOTHING else and yes have the resolver enabled and NOT in forwarder mode and you should be good and pfsense can find anything it needs to find to update itself.

    If you want some clients to use your vpn dns - then point to them on the client side, etc.



  • @comet424 said in Avaliable Packages missing cant seem to find:

    it just started not to long ago this issue

    Then contact their support if their DNS servers are flaky, maybe they forgot to update the DNSSEC root key.


  • Rebel Alliance Global Moderator

    Good luck them even knowing what that is ;)



  • john not sure how to set it to look at itself at 127.0.0.1 i know that's one of the rules or nat settings
    and not sure what a dnssec root key is anyways

    and i forget someone else was helping me before with nordvpn setup was that you john... here i thought nordvpn was a good company but i having issues …

    go figure lol

    and i unchecked the dns query forwarding



  • so hopefully that fixes it the unchecked query

    if this all doesn't work does that mean there is a problem with the nordvpn servers?



  • @comet424 said in Avaliable Packages missing cant seem to find:

    here i thought nordvpn was a good company but i having issues

    The business model of all those VPN providers is based on FUD, so you can't call any of them "good". Some may even be worse than your actual ISP when it comes to collecting data.



  • ah ok.. ya i did it cuz of data collecting but mostly i sick and tired im in Canada and cant see Olympics time and i wanna see the usa footage and boom you cant geo location shit.. hate that crap lol and if i get Netflix apparently usa Netflix better then Canada content.. or anything really just frustrating.. i need to immigrant to usa lol
    but what does FUD mean
    so grimson you don't believe in vpns then i take it.. i just learning as i go teach myself and read etc try to make best educated guesses


  • Netgate Administrator

    You need to uncheck Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall in System > General to have it use the resolver.
    However you have the resolver in forwarding mode anyway so it too will be using those DNS servers defined there rather than the root servers.

    Steve


  • Netgate

    Which looks like it will be fine if you set the firewall itself to use 8.8.8.8 and 8.8.4.4.

    If you want the CLIENTS to resolve using those crappy NordVPN DNS servers then tell the CLIENTS to use those as their DNS servers. Either using DHCP or static config on the CLIENTS themselves.

    No reason to hobble the firewall itself just because you want some clients to do this VPN geo-shifting thing.



  • oh ok ill look i had unchecked do not do dns query forwarding under the OpenVPN client..
    and what does FUD stand for..

    and ok thanks for inpuit


  • Netgate Administrator

    https://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt

    Basically VPN providers telling people that if you don't use a VPN your identity will be stolen in seconds etc. 😉

    There are many legitimate reasons to use a VPN of course...

    Steve



  • so I changed it so those crapy vpn dns are under dhcp server
    and I left the 8 8 8 8
    but still package manger looses the packages
    0_1540479774023_pf5.JPG 0_1540479888785_pf6.JPG 0_1540479986390_pf7.JPG
    0_1540480127909_pf8.JPG

    now the 3 last pics I did after I unchecked the disable dns forwarder with it checked and without it checked.. didn't work.. but it always works after a reboot of the pfsense… then time goes by yesterday it was still working after couple hours... but this morning boom gone..

    so where else do I look for this happening to resolve



  • 0_1540480297727_pf9.JPG


  • Rebel Alliance Global Moderator

    what is the point of pointing pfsense to 8.8.8.8? All that is need for pfsense is loopback..