PfSense blocking Unifi Updates
-
Hello everyone, I am having a very weird issue. How I have set up my home network is, I have PfSense running on a VM, and behind it sits a Unifi Dream Machine Pro, which controls my home network. I noticed that there is a new update for the UDMP but the requests to the ubiquiti server are not going through. I even tried a manually updating the UDMP and it fails as well. The weird part is that I can ping fw-download.ubnt.com from my computer that is behind the UDMP, but I can't ping it from the UDMP itself.
-
@misinthe When you said you tried manually to update, does that mean you have downloaded the update then tried and fail?
-
@nollipfsense said in PfSense blocking Unifi Updates:
@misinthe When you said you tried manually to update, does that mean you have downloaded the update then tried and fail?
I SSH into the UDMP and did the ubnt-upgrade https://fw-download.ubnt.com/data/udm/d530-udmpro-1.11.0-69dd1244f5e94a8ea72b246822fe8fb2.bin command, I get a "line 54: arithmetic syntax error. File download failed (#161)"
-
@misinthe If you didn't allow that SSH through the firewall it's not going anywhere.
-
@misinthe said in PfSense blocking Unifi Updates:
arithmetic syntax error. File download failed
I see that error mentioned here
https://community.ui.com/questions/UDM-Pro-worsening-problems/6c979c0d-40d7-42a9-bec9-8438309e9e7dWithout digging too deep into that thread, users suggest using curl, and then someone pointed out when using curl it was easy to determine it was dns issues.. Which would make sense.
Where does the udmp point to for dns? Are you doing any blocking or filtering of dns - say pfblocker? Are you running ips on pfsense?
I update my controller behind pfsense, and it grabs firmware for my AP, etc. I have had zero issues updating anything.
but I can't ping it from the UDMP itself.
So it doesn't resolve to an IP, or it does resolve to correct IP but ping doesn't respond?
-
@johnpoz said in PfSense blocking Unifi Updates:
@misinthe said in PfSense blocking Unifi Updates:
arithmetic syntax error. File download failed
I see that error mentioned here
https://community.ui.com/questions/UDM-Pro-worsening-problems/6c979c0d-40d7-42a9-bec9-8438309e9e7dWithout digging too deep into that thread, users suggest using curl, and then someone pointed out when using curl it was easy to determine it was dns issues.. Which would make sense.
Where does the udmp point to for dns? Are you doing any blocking or filtering of dns - say pfblocker? Are you running ips on pfsense?
I update my controller behind pfsense, and it grabs firmware for my AP, etc. I have had zero issues updating anything.
but I can't ping it from the UDMP itself.
So it doesn't resolve to an IP, or it does resolve to correct IP but ping doesn't respond?
I do have pfBlockerNG set up, I tried adding .ubnt.com to the Whitelist under DNSBL and it didn't help.
Here is what I get with curl and ping from the UDMP.
This is the ping from the computer behind the UDMP.
-
@misinthe and what does the udmp resolve that too? does it?
Its says bad address, that would seem to indicate it couldn't resolve it.
What do you have the udmp pointing to for dns? can it resolve anything? say you ping www.google.com does that resolve? Or does it say bad address as well?
-
@johnpoz said in PfSense blocking Unifi Updates:
@misinthe and what does the udmp resolve that too? does it?
Its says bad address, that would seem to indicate it couldn't resolve it.
What do you have the udmp pointing to for dns? can it resolve anything? say you ping www.google.com does that resolve? Or does it say bad address as well?
I don't know how I missed it but I didn't assign the PfSense DNS address to the WAN on the UDMP.... It's working now. Thank you!
-
@misinthe said in PfSense blocking Unifi Updates:
I didn't assign the PfSense DNS address to the WAN on the UDMP
doh ;) hehehe glad you got it sorted.
