Netgate 1100(on 22.05-Release) can no longer update nor install apps
-
I have a Netgate SG-1100 running version 22.05-Release.
The system no longer gets update information. In the Retrieving section of System>Update>SystemUpdate, the cog icon spins indefinitely.
If I power-cycle the box, after a long time, the Retrieving section says "Unable to check for Updates".--
I have another problem that I don't know if it's related or not.
The package manager no longer is able to install a new package.When I try to install the NUT package, I get this response:
"Another instance of pfsense-upgrade is running. Try again later."Anybody experience these issues and hopefully solved them? Thanks in advance..
-
It could be a number of things.
At the command line try entering:
pkg-static -d updateSee what error(s) it returns.
Steve
-
@stephenw10
Thanks for the quick response.When I first posted my problems, I was using <alternative_admin_account>. When I ran "pkg-static -d update" using that account, I got this error:
pkg-static: Insufficient privileges to update the repository catalogue.So I then re-enabled the default admin account and re-ran the pkg-static command. That worked. It finished with
[fetching a bunch of files]
pfSense repository is up to date.
All repositories are up to date.Again, using the default admin account, I was able to install the NUT package.
It's a little weird, since I re-enabled the default admin account using the <alternative_admin_account>. So I would have thought <alternative_admin_account> would have all of the privileges to do everything.
Thanks again.
-
Ah, interesting. Hmm, you actually disabled the admin account?
-
@stephenw10 Yeah, I was mimic'ing the recommendations from some NAS vendors : create an alternative admin account and disable the default admin account.
Minor security-by-obscurity attempt I guess.
-
@davidylau said in Netgate 1100(on 22.05-Release) can no longer update nor install apps:
Yeah, I was mimic'ing the recommendations from some NAS vendors
NASs are not firewalls/router.
The first shares resources among a lot of users. All these users have typically their own login ID and password. 'root' or admin can access all resources (files) of all users.Firewall share ..... nothing, and are administrated, as a NAS, by typically one user, the admin.
If you think the admin account is exposed, their is one easy and final solution : accept admin logins into pfSense only to from your IP, on the pfsense LAN interface.
For daily use, create other interfaces for yourself, friends, family, co-workers or visitors, and block the admin access (block the access to pfsense itself) on all these interfaces.
If you need to admin pfsense, hook yourself physically up to the LAN interface.
Lock pfSense up in a physical non accessible place and you'll be fine.Btw : I'm doing the same thing with my Synology NAS : I don't care about their advise that I should rename my admin account : it accepts admin access only from my device, my IP on its LAN. Added a double auth to the admin account, and I feel safe enough.
-
off-topic:
Me too do not follow these advise! I guess OP is using a QNAP NAS.
QNAP indeed recommends to disable the origin admin account and use an alternative admin account instead.
That is because a very large number of users did expose their NAS without any security to internet and was attacked and hacked with malware/ransomware.
But even when doing so at a QNAP, the alternative admin does not have all privileges, even with sudo some things wont work.
A significant count of apps do not work or cant be installed, because they refer "hard-coded" to the origin admin account.
So this advise is really "security-by-obscurity".Regards
-
Hmm, that's curious. I can't replicate that here, and I didn't expect to be able to.
How exactly did you disable the account?There are some things that must be run as admin/root but the gui processes always do that.
Steve
-
@gertjan Thanks for the comment.
I had already implemented the other steps you mentioned.
-
@fsc830 Thanks for the comment.
Which other QNAP apps won't work with another admin account? I haven't experienced that.
-
@stephenw10 How I disabled the admin account:
System>User Manager>Users>Edit , I clicked the "Disable, This user cannot login" button.
-
Mmm, by itself that should not cause a problem with the pkg system. I wonder if it was failing for some other related reason. Are you able to recreate it? No worries if not.
Steve
-
@stephenw10 I'd rather not muck with the fire-wall as my house has multiple users who need internet most of the time :-)
FWIW, I don't remember changing anything else to get the package manager working again.
