pfsense available packages empty

aldemari

Version pfsense: 2.4.5-p1

The menu System --> Package Manager --> Available Packages is empty. It's a bug?

How resolver?

Gertjan

Read some, and pick one : pfsense no packages .

Basically, you need to have a working Internet connection.
Right after you installed pfSense, and you've set up a LAN and WAN (just these two, leaving every possible setting to default !), pfSense can use the (this) internet access to populate the list.
So, do nothing and it works.
What did you do ?

aldemari

But the internet is working properly.
The package listing was working normally.
It stopped working unexpectedly.
There is no error status.

aldemari

I inform you that the list of available packages has reappeared without any changes to the platform.

Then, I installed a package.
The package has been successfully installed.
After that, the list was empty again.

A few minutes passed and the list returned to its normal display again.
Maybe it could be a bug.

Gertjan

@aldemari said in pfsense available packages empty:

Maybe it could be a bug.

Or work in progress on the server maintained by Netgate ?
(or bad dns - bad connection .... see the list / link with many possible issues )

aldemari

then probably there was some dns error.
Thanks.

ddave

Having same issue today. Trying to install openvpn client but nothing is showing up in available packages.

Trace Route from pfsense
1 * * *
2 acr01gnvlsc-gbe-7-14.gnvl.sc.charter.com (96.34.65.44) 9.835 ms 8.686 ms 8.943 ms
3 crr01spbgsc-bue-201.spbg.sc.charter.com (96.34.67.195) 12.008 ms 11.740 ms 10.987 ms
4 bbr01spbgsc-bue-4.spbg.sc.charter.com (96.34.2.50) 11.985 ms 10.755 ms 16.039 ms
5 bbr02slidla-tge-0-1-0-4.slid.la.charter.com (96.34.0.133) 15.936 ms 19.763 ms 20.014 ms
6 bbr02atlnga-tge-0-2-0-1.atln.ga.charter.com (96.34.3.113) 23.984 ms
prr01snjsca-tge-0-0-0-5.snjs.ca.charter.com (96.34.3.37) 22.698 ms 21.804 ms
7 64.125.15.38 (64.125.15.38) 17.976 ms 21.804 ms 25.939 ms
8 ae8.cs2.atl10.us.zip.zayo.com (64.125.26.236) 37.993 ms 29.738 ms 29.997 ms
9 * * ae21.cs4.iad93.us.zip.zayo.com (64.125.24.240) 34.927 ms
10 ae24.cs2.lga5.us.eth.zayo.com (64.125.28.190) 34.853 ms 32.812 ms 39.937 ms
11 ae14.mpr2.ewr1.us.zip.zayo.com (64.125.26.135) 30.972 ms 30.806 ms 30.987 ms
12 ae3.mpr2.ewr1.us.zip.zayo.com (64.125.31.238) 34.041 ms 31.807 ms 31.989 ms
13 208.184.34.238.IPYX-076763-900-ZYO.zip.zayo.com (208.184.34.238) 34.982 ms 31.829 ms 30.963 ms
14 cs90.cs99new.v.ewr.nyinternet.net (96.47.77.218) 31.960 ms 34.839 ms 32.019 ms
15 * * *
16 * * *

fireodo

Hi,

same here:
[2.4.5-RELEASE][root@pfsense]/root: /usr/local/sbin/pkg-static update -f
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
12835124:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:/usr/local/poudriere/jails/pfSense_v2_4_5_amd64/usr/src/crypto/openssl/ssl/s3_clnt.c:1269:

Unable to update repository pfSense
Error updating repositories!
ERROR: Unable to compare version of pfSense-repo

Regards,
fireodo

planetinse

Same here, no repo, I can do DNS lookups to files00.netgate.com etc.. so don't seem like a local issue ...

JRubenC

--> https://forum.netgate.com/topic/160362/certificate-error-while-running-pkg-update/

stephenw10

Yup there was a cert error for a short time. It's fixed now, you should be able to reach the pkg repo.

Steve

DaveWh

@stephenw10 Seems to be back again:
Updating pfSense-core repository catalogue...
Certificate verification failed for /C=US/ST=Texas/L=Austin/O=Rubicon Communications, LLC (Netgate)/OU=pfSense Plus/CN=pfsense-plus-pkg00.atx.netgate.com
2202644480:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-Plus-snapshots-23_05-main/sources/FreeBSD-src-plus-RELENG_23_05/crypto/openssl/ssl/statem/statem_clnt.c:1921:

many, many more, all snipped out

pkg-static: https://pfsense-plus-pkg00.atx.netgate.com/pfSense_plus-v23_05_1_aarch64-pfSense_plus_v23_05_1/packagesite.txz: Authentication error
Unable to update repository pfSense
Error updating repositories!

stephenw10

Much has changed since Jan 2021! And that error is different.

Authentication error like that implies it's trying to use the wrong server CA cert.

The first thing to try here is to resave the update repo branch in System > Updates > Settings and retest.

Steve

DaveWh

@stephenw10 Excellent! That fixed it.

bippus

if you stumbled into this old thread, there is a new bug and a resolution in v2.70:

@SteveITS said in Package Manager wont load Available Packages:

https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#troubleshooting

The update from 2.7.0 to 2.7.1 solved for me the "no Available Packages shown / empty list of Available Packages" Problem.

(the command: certctl rehash at 2.7.0 did not helped)

TommyMoo

Hello,
this avaible Package Problem, now appeared suddenly on my pfSense CE aswell :( Very disappointing!!!

I did:
sudo certctl rehash
Password:
Scanning /usr/share/certs/untrusted for certificates...
Scanning /usr/share/certs/trusted for certificates...
Scanning /usr/local/share/certs for certificates...

..... and helped nothing, Internet Connection is OK, using pfSense 2.7.2

What else can I do?? I have already searched here in the Forum, and did all, what people recommended to fix that! HELP please

stephenw10

If you're running 2.7.2 then rehashing the certs is done by the system anyway.

Try running: pkg-static -d update

What error is shown?

TommyMoo

@stephenw10 said in pfsense available packages empty:

pkg-static -d update

Hello Stephen, Thanks for your reply, I executet your command, result is very long ->

sudo pkg-static -d update
Password:
DBG(1)[78285]> pkg initialized
Updating Unofficial repository catalogue...
DBG(1)[78285]> PkgRepo: verifying update for Unofficial
pkg-static: repository meta has wrong version or wrong format
pkg-static: Repository Unofficial load error: meta file cannot be loaded
DBG(1)[78285]> PkgRepo: need forced update of Unofficial
DBG(1)[78285]> Pkgrepo, begin update of '/var/db/pkg/repo-Unofficial.sqlite'
DBG(1)[78285]> Request to fetch pkg+http://pkg.goxdrive.com.br/repo/FreeBSD:14:amd64/meta.conf
DBG(1)[78285]> curl_open
DBG(1)[78285]> Fetch: fetcher used: pkg+http
DBG(1)[78285]> curl> fetching http://pkg.goxdrive.com.br/repo/FreeBSD:14:amd64/meta.conf

DBG(1)[78285]> CURL> attempting to fetch from , left retry 3

• Couldn't find host e-sac.siteseguro.ws in the .netrc file; using defaults
• Trying 10.10.10.1:80...
• Connected to e-sac.siteseguro.ws (10.10.10.1) port 80

GET /repo/FreeBSD:14:amd64/meta.conf HTTP/1.1
Host: e-sac.siteseguro.ws
User-Agent: pkg/1.20.8
Accept: /
If-Modified-Since: Thu, 01 Jan 1970 00:00:00 GMT

< HTTP/1.1 200 OK
Fetching meta.conf: 0%< Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0
< Cache-Control: post-check=0, pre-check=0
< Pragma: no-cache
< Expires: Sat, 26 Jul 2014 05:00:00 GMT
< Content-Type: image/gif
< Accept-Ranges: bytes
< Content-Length: 43
< Date: Wed, 09 Oct 2024 17:24:32 GMT
< Server: pfBlockerNG DNSBL
<
Fetching meta.conf: 100% 43 B 0.0kB/s 00:01

• Connection #0 to host e-sac.siteseguro.ws left intact
  pkg-static: Impossible to get the value from Last-Modified HTTP header
  pkg-static: cannot parse repository meta: error while parsing <unknown>: line: 1, column: 6 - 'invalid character in a key', character: '0x01'
  repository Unofficial has no meta file, using default settings
  DBG(1)[78285]> Request to fetch pkg+http://pkg.goxdrive.com.br/repo/FreeBSD:14:amd64/packagesite.pkg
  DBG(1)[78285]> curl_open
  DBG(1)[78285]> Fetch: fetcher used: pkg+http
  DBG(1)[78285]> curl> fetching http://pkg.goxdrive.com.br/repo/FreeBSD:14:amd64/packagesite.pkg

DBG(1)[78285]> CURL> attempting to fetch from , left retry 3

• Couldn't find host e-sac.siteseguro.ws in the .netrc file; using defaults
• Found bundle for host: 0x1cf00663c420 [serially]
• Re-using existing connection with host e-sac.siteseguro.ws

GET /repo/FreeBSD:14:amd64/packagesite.pkg HTTP/1.1
Host: e-sac.siteseguro.ws
User-Agent: pkg/1.20.8
Accept: /
If-Modified-Since: Thu, 01 Jan 1970 00:00:00 GMT

< HTTP/1.1 200 OK
Fetching packagesite.pkg: 0%< Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0
< Cache-Control: post-check=0, pre-check=0
< Pragma: no-cache
< Expires: Sat, 26 Jul 2014 05:00:00 GMT
< Content-Type: image/gif
< Accept-Ranges: bytes
< Content-Length: 43
< Date: Wed, 09 Oct 2024 17:24:32 GMT
< Server: pfBlockerNG DNSBL
<
Fetching packagesite.pkg: 100% 43 B 0.0kB/s 00:01

• Connection #0 to host e-sac.siteseguro.ws left intact
  pkg-static: Impossible to get the value from Last-Modified HTTP header
  DBG(1)[78285]> PkgRepo: extracting packagesite.yaml of repo Unofficial
  DBG(1)[86680]> PkgRepo: extracting signature of repo in a sandbox
  pkg-static: Repo extraction failed
  Unable to update repository Unofficial
  Updating pfSense-core repository catalogue...
  DBG(1)[78285]> PkgRepo: verifying update for pfSense-core
  DBG(1)[78285]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
  DBG(1)[78285]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.conf
  DBG(1)[78285]> curl_open
  DBG(1)[78285]> Fetch: fetcher used: pkg+https
  DBG(1)[78285]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/meta.conf

DBG(1)[78285]> CURL> attempting to fetch from , left retry 3

• Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
• Trying 208.123.73.207:443...
• Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
• ALPN: curl offers http/1.1
• CAfile: none
• CApath: /etc/ssl/certs/
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN: server accepted http/1.1
• Server certificate:
• subject: CN=*.netgate.com
• start date: Mar 28 00:00:00 2024 GMT
• expire date: Apr 28 23:59:59 2025 GMT
• subjectAltName: host "pkg00-atx.netgate.com" matched cert's "*.netgate.com"
• issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
• SSL certificate verify ok.
• using HTTP/1.1

GET /pfSense_v2_7_2_amd64-core/meta.conf HTTP/1.1
Host: pkg00-atx.netgate.com
User-Agent: pkg/1.20.8
Accept: /
If-Modified-Since: Wed, 06 Dec 2023 21:23:59 GMT

< HTTP/1.1 200 OK
Fetching meta.conf: 0%< Server: nginx
< Date: Wed, 09 Oct 2024 17:24:34 GMT
< Content-Type: application/octet-stream
< Content-Length: 163
< Last-Modified: Wed, 06 Dec 2023 21:23:58 GMT
< Connection: keep-alive
< ETag: "6570e66e-a3"
< Strict-Transport-Security: max-age=31536000; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Robots-Tag: all
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Accept-Ranges: bytes
<

• The requested document is not new enough
• Simulate an HTTP 304 response
• Closing connection

DBG(1)[78285]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/packagesite.pkg
DBG(1)[78285]> curl_open
DBG(1)[78285]> Fetch: fetcher used: pkg+https
DBG(1)[78285]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-core/packagesite.pkg

DBG(1)[78285]> CURL> attempting to fetch from , left retry 3

• Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
• Hostname pkg00-atx.netgate.com was found in DNS cache
• Trying 208.123.73.207:443...
• Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
• ALPN: curl offers http/1.1
• CAfile: none
• CApath: /etc/ssl/certs/
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN: server accepted http/1.1
• Server certificate:
• subject: CN=*.netgate.com
• start date: Mar 28 00:00:00 2024 GMT
• expire date: Apr 28 23:59:59 2025 GMT
• subjectAltName: host "pkg00-atx.netgate.com" matched cert's "*.netgate.com"
• issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
• SSL certificate verify ok.
• using HTTP/1.1

GET /pfSense_v2_7_2_amd64-core/packagesite.pkg HTTP/1.1
Host: pkg00-atx.netgate.com
User-Agent: pkg/1.20.8
Accept: /
If-Modified-Since: Wed, 06 Dec 2023 21:23:59 GMT

< HTTP/1.1 200 OK
Fetching packagesite.pkg: 0%< Server: nginx
< Date: Wed, 09 Oct 2024 17:24:34 GMT
< Content-Type: application/octet-stream
< Content-Length: 1496
< Last-Modified: Wed, 06 Dec 2023 21:23:59 GMT
< Connection: keep-alive
< ETag: "6570e66f-5d8"
< Strict-Transport-Security: max-age=31536000; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Robots-Tag: all
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Accept-Ranges: bytes
<

• The requested document is not new enough
• Simulate an HTTP 304 response
• Closing connection

pfSense-core repository is up to date.
Updating pfSense repository catalogue...
DBG(1)[78285]> PkgRepo: verifying update for pfSense
DBG(1)[78285]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[78285]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-pfSense_v2_7_2/meta.conf
DBG(1)[78285]> curl_open
DBG(1)[78285]> Fetch: fetcher used: pkg+https
DBG(1)[78285]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-pfSense_v2_7_2/meta.conf

DBG(1)[78285]> CURL> attempting to fetch from , left retry 3

• Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
• Trying 208.123.73.207:443...
• Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
• ALPN: curl offers http/1.1
• CAfile: none
• CApath: /etc/ssl/certs/
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN: server accepted http/1.1
• Server certificate:
• subject: CN=*.netgate.com
• start date: Mar 28 00:00:00 2024 GMT
• expire date: Apr 28 23:59:59 2025 GMT
• subjectAltName: host "pkg00-atx.netgate.com" matched cert's "*.netgate.com"
• issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
• SSL certificate verify ok.
• using HTTP/1.1

GET /pfSense_v2_7_2_amd64-pfSense_v2_7_2/meta.conf HTTP/1.1
Host: pkg00-atx.netgate.com
User-Agent: pkg/1.20.8
Accept: /
If-Modified-Since: Wed, 02 Oct 2024 19:28:18 GMT

< HTTP/1.1 200 OK
Fetching meta.conf: 0%< Server: nginx
< Date: Wed, 09 Oct 2024 17:24:35 GMT
< Content-Type: application/octet-stream
< Content-Length: 178
< Last-Modified: Wed, 02 Oct 2024 19:28:18 GMT
< Connection: keep-alive
< ETag: "66fd9ed2-b2"
< Strict-Transport-Security: max-age=31536000; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Robots-Tag: all
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Accept-Ranges: bytes
<

• The requested document is not new enough
• Simulate an HTTP 304 response
• Closing connection

DBG(1)[78285]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.pkg
DBG(1)[78285]> curl_open
DBG(1)[78285]> Fetch: fetcher used: pkg+https
DBG(1)[78285]> curl> fetching https://pkg.pfsense.org/pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.pkg

DBG(1)[78285]> CURL> attempting to fetch from , left retry 3

• Couldn't find host pkg00-atx.netgate.com in the .netrc file; using defaults
• Hostname pkg00-atx.netgate.com was found in DNS cache
• Trying 208.123.73.207:443...
• Connected to pkg00-atx.netgate.com (208.123.73.207) port 443
• ALPN: curl offers http/1.1
• CAfile: none
• CApath: /etc/ssl/certs/
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN: server accepted http/1.1
• Server certificate:
• subject: CN=*.netgate.com
• start date: Mar 28 00:00:00 2024 GMT
• expire date: Apr 28 23:59:59 2025 GMT
• subjectAltName: host "pkg00-atx.netgate.com" matched cert's "*.netgate.com"
• issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
• SSL certificate verify ok.
• using HTTP/1.1

GET /pfSense_v2_7_2_amd64-pfSense_v2_7_2/packagesite.pkg HTTP/1.1
Host: pkg00-atx.netgate.com
User-Agent: pkg/1.20.8
Accept: /
If-Modified-Since: Wed, 02 Oct 2024 19:28:18 GMT

< HTTP/1.1 200 OK
Fetching packagesite.pkg: 0%< Server: nginx
< Date: Wed, 09 Oct 2024 17:24:36 GMT
< Content-Type: application/octet-stream
< Content-Length: 160456
< Last-Modified: Wed, 02 Oct 2024 19:28:18 GMT
< Connection: keep-alive
< ETag: "66fd9ed2-272c8"
< Strict-Transport-Security: max-age=31536000; preload
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Robots-Tag: all
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Accept-Ranges: bytes
<

• The requested document is not new enough
• Simulate an HTTP 304 response
• Closing connection

pfSense repository is up to date.
Error updating repositories!

---

So strange, as few days ago, it still worked... will read now also the output and trying to understand what happened and how I can fix it...

TommyMoo

@stephenw10

Im sorry, looks like pfBlocker blocked someting, as I looked the protocoll result, I saw it went to 10.10.10.1 pf blocker...I switched off pfblocker, and now packages appear again!

Must find out now, why pfBlocker is causing this, at less, I now know, what to look for! Thank you very much!!

stephenw10

@TommyMoo said in pfsense available packages empty:

pkg+http://pkg.goxdrive.com.br/repo/FreeBSD:14:amd64/packagesite.pkg

That should not be there. It's some other pkg repo that could be pulling in conflicting pkgs.

That must have been added manually at some point. You should remove it or at least comment it out if you still see problems.

Steve