Failed to retrieve package or update following a manual install of ntopng 5.1
-
Sorry for not knowing well the FreeBSD system. Following a manual ntopng 5.1 installation, I seem to have corrupted the repo and couldn't retrieve any updates or packages. I have performed a 'factory reset' but the system still failed to retrieve any update.
Below is the output when I manually run update from the console.
0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + Netgate pfSense Plus tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell Enter an option: 13 >>> Updating repositories metadata... Updating ntop repository catalogue... Certificate verification failed for /CN=packages.ntop.org 34369421312:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1915: Certificate verification failed for /CN=packages.ntop.org 34369421312:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1915: Certificate verification failed for /CN=packages.ntop.org 34369421312:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1915: Certificate verification failed for /CN=packages.ntop.org 34369421312:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1915: pkg-static: https://packages.ntop.org/FreeBSD/FreeBSD:12:amd64/latest/meta.txz: Authentication error repository ntop has no meta file, using default settings Certificate verification failed for /CN=packages.ntop.org 34369421312:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1915: Certificate verification failed for /CN=packages.ntop.org 34369421312:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:/var/jenkins/workspace/pfSense-build-release-tarballs/BUILD_NODE/pkg-amd64/OS_MAJOR_VERSION/freebsd12/PLATFORM/aws/crypto/openssl/ssl/statem/statem_clnt.c:1915: pkg-static: https://packages.ntop.org/FreeBSD/FreeBSD:12:amd64/latest/packagesite.txz: Authentication error Unable to update repository ntop Updating pfSense-core repository catalogue... Fetching meta.conf: . done Fetching packagesite.txz: . done Processing entries: .. done pfSense-core repository update completed. 14 packages processed. Updating pfSense repository catalogue... Fetching meta.conf: . done Fetching packagesite.txz: .......... done Processing entries: Processing entries............. done pfSense repository update completed. 528 packages processed. Error updating repositories! ERROR: Unable to compare version of pfSense-repo Netgate SG-5100 - Serial: NG202104008217 - Netgate Device ID: 35adf34c7104fc274f17Could someone please shed me a light to get my sg-5100 back to normal?
-
@thwong
If you're still on an outdated pfSense version maybe this thread helps: https://forum.netgate.com/topic/166905/pfsense-2-4-5-cannot-curl-letsencrypt-website-since-dst-root-ca-x3-expiration/3 -
@thwong said in Failed to retrieve package or update following a manual install of ntopng 5.1:
/var/jenkins/workspace
...... that's a May Day - not a Pan Pan.
The system has been edited manually, which is perfectly fine, but this :
for not knowing well the FreeBSD system.
makes a
manual ntopng 5.1 installation,
a big no-go.
Experts do expert things. Others do other things.
I'm mean, it might be possible to do what you want, but you have to deal with the consequences, which are pretty unknown upfront.
For example, the "ntopng 5.1" should be based on FreeBSD 12.2.
This package can pull in other packages, can can actually upgrade pfSense FreeBSD packages, so chances are that they break.The original "ntopng 5.1" has not a GUI interface - and most surely not a pfSEnse GUI style interface.
This means you wind up setting everything from the command line.
I wouldn't do that on a pfSense, but on a vanilla FreeBSD.have performed a 'factory reset'
That will reset default parameters, not repair system files.
I advise you to manually (you win
) re install pfSense.
ntopng is possible, but it will be this one :
as it is the latest version that came out for FreeBSD 12.2 - the version pfSense 52.5.2 uses.
-
If you want ntopng 5.x, then you can run pfSense Plus 22.01 snapshots on that 5100. It has ntopng 5.0.
As you have found out the fun way, manually installing packages from other repositories causes numerous problems and it's one of the reasons we discourage the practice.
The 22.01 snapshots are quite stable these days, I run it on my edge at home and update it every week or so, and it has yet to fail me. But YMMV. 2.6.0 is similarly stable if you run CE, but if you have a 5100 then run Plus.
-
@viragomann Thanks for your suggestion. I'm running 21.05.1 which seems to be the latest one. :(
-
@gertjan Thanks mate for the feedback. nTopng did save me at least a $100 in the coming few months. nTopng 0.8 may not have the feature that I need to monitor suspicious and unexpected traffic.
I'm not going to be an expert of Linux as being a network professional. Probably I should be back to where I was.
-
@jimp Thanks mate. I found 21.05 has a ntopng package of 4.x which doesn't come with the feature that I need. For now, I think I would be happy to have everything resumed with 4.x until it has a 'standard' 5.x package.
-
Wanna end this thread and the easy fix for me is to:
- remove the ntopng packages.
- update all the packages.
- restart the firewall.
-
@jimp Thanks for mentioning the 21.02. I tried the development one and it still showing ntopng 4.0 community.
In shell, I got the following from 'ntopng -V'.Version: 4.0.0 [Community build]
GIT rev: :5.0.211014Thinking the package's built from 5.0. I either manually install ntopng 5.0 or get ntop to refund me the license I purchase. Seems there isn't an ideal solution for me.
-
I had a typo above, it should be 22.01 snapshots, not 21.02.
This is from a firewall running a 22.01 snapshot:
-
@jimp Thanks for the screenshot. The GUI appearance is v5.0 but it's somehow showing community version 4.0 that doesn't recognize my license. I had a word with nTop and they said pfsense ntop package should be still v4.0 and therefore cannot recognise my license which is in 5.0 format.
I'm running 22.01 development build and manually run ntopng 5.1 at my own risk because I really need it for improving my Internet usage at a lower cost to save the money I put it in buying the nTop license.
The broken pfsense repo can be recovered when I manually remove all the ntop related packages.
The following screen is from pfsense+ ntopng package.
The following screen is from ntop's ntopng package.
-
Then something else must be wrong in your system.
I'd suggest first trying it in an isolated setup, like a test VM running a 22.01 snapshot.
The ntopng package is definitely 5.x on 22.01, if you are seeing 4.x, then it isn't installing properly, likely due to other changes you've made on there.
-
@jimp Thanks for your suggestion. I am not a Linux guru and have no idea to run pfsense in a VM. The only I could try is to:
- remove all ntop packages
- remove all ntop directories
- remove all ntop configuration in the system
- remove the ntop repo
- install ntop from pfsense repo
Will give it a try later this week.
-
@thwong said in Failed to retrieve package or update following a manual install of ntopng 5.1:
I am not a Linux guru and have no idea to run pfsense in a VM.
If, by any chance, you have a Windows 10 Pro system some where, you don't need any 'Linux' knowledge (actually worse, now you need Microsoft knowledge ...).
It goes like this " Virtualizing pfSense with Hyper-V Virtualizing pfSense with Hyper-V ".
Or take a look at several step-by-step youtube videos. Look at more then one !I'll add in some advise :
Use at least 2 NIC's, which probably means you have a slide an extra network card.
Don't even think you can use an USB-NIC. Just don't ;)
One NIC will be your LAN, the other will be solely reserved for the VM and will be WAN.It's pretty straight forward, and very nice to test thing out using close to zero extra hardware.
-
@gertjan Thanks mate for your advice. I will see if my daughter's Surface running Windows 10 Pro or not. All my systems are running OSX (Intel or M1). I recalled I run VirtualBox a long time ago for Arista switch stuff. Will see what I can do.
-
@jimp I did the following and still without luck to get the v5.0 running.
- removal of all ntop packages
- deletion of all ntop folders
- reinstall ntopng package
However, I can tell the interface is looking like v5.0. v4.0 wouldn't be giving me some screens that I'm familiar with. At least my company is running both v4.2 and v5.1 so I could identify the difference.
I hope I have a chance to get it up in a VM. Or perhaps if I can pay to get it fixed because I run out of time for work.
