Unable to check for updates (SOLVED)

stephenw10

Try disabling SSL/TLS for outgoing queries. That should only ever be set in conjunction with forwarding mode.
Also you are filtering responses there using pfBlocker/DNSBL. Check the pfBlocker alerts.

Jossk

@stephenw10

Disabled SSL/TLS for outgoing. No change in DNS Lookup (will leave off).

To be honest, I don't know what I should be looking for in the alerts.

I did try disabling pfBlocker. No change in DNS Lookup.

I can try turning off "Keep Settings", and uninstalling the pfBlocker package.

I'm still confused as to why DNS resolution works on my VLAN interfaces work, while not working on my LAN and loopback.

stephenw10

Check Status > DNS Resolver after you try to look it up. You should see entries for netgate.com.

Otherwise you can try turning up the logging in Unbound to see the individual queries and failures.

Steve

Jossk

@stephenw10

I see 2 entries for netgate.com.

I also turned up logging to Level 3: Query level information in DNS Resolver > Advanced Settings.

(Keep in mind I still have one of my (working) VLANs in my DNS servers list)

stephenw10

@jossk said in Unable to check for updates (SOLVED):

I also turned up logging to Level 3: Query level information in DNS Resolver > Advanced Settings.

Do you see failures in the DNS logs?

Jossk

@stephenw10

I think I found the issue. It was this floating firewall rule.

I disabled it (as shown), then tested via DNS Lookup (I also added Quad9 DNS as external DNS to test). All interfaces, including the loopback and the LAN interface are now connecting.

the IP_PublicDNS Alias (link contains list of public IPs). Unfortunately, it also appears to contain a number of private IPs, including 192.168.0.1, & loopback (127.0.0.1).

Now that I think of it, I know of a better way that doesn't use an arbitrary list.

I feel like an idiot for blindly using the list and not properly vetting before using.

Thank you. I appreciate your assistance and patients.

stephenw10

Yeah, that could easily block outbound requests. Setting direction In would prevent that.

But you probably want to use something that redirects anyway:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

Jossk

@stephenw10

I have that for my IoT subnet. That is the better method to transparently redirect traffic.

I think what happened was I found that list first, then learned how to do that traffic redirection, but neglected to scrap the list & associated rules.

I am perplexed as to why they put private IP addresses, including the reserved loopback on the list.

I just emailed the maintainers of the list to ask them why.

PeterHouse

Unable to check for updates.

I can not see any packages and the notice on my dashboard says "unable to check for updates"

I have tried changing the contents of /usr/local/share/pfSense/pkg/repos/pfSense-repo.conf and soon realized this seemed like the wrong processor for my 2100. Put the file back to original.

$ pkg info pfSense-upgrade

pfSense-upgrade-1.0_29
Name           : pfSense-upgrade
Version        : 1.0_29
Installed on   : Fri Dec 30 12:55:58 2022 EST
Origin         : sysutils/pfSense-upgrade
Architecture   : FreeBSD:12:aarch64
Prefix         : /usr/local
Categories     : sysutils
Licenses       : APACHE20
Maintainer     : coreteam@pfsense.org
WWW            : https://www.pfsense.org/
Comment        : pfSense upgrade script
Annotations    :
	FreeBSD_version: 1203506
	build_timestamp: 2022-11-22T02:25:53+0000
	built_by       : poudriere-git-3.3.99.20220831
	port_checkout_unclean: no
	port_git_hash  : e46d32a272fe
	ports_top_checkout_unclean: yes
	ports_top_git_hash: e46d32a272fe
	repo_type      : binary
	repository     : pfSense
Flat size      : 64.7KiB
Description    :
pfSense upgrade script

WWW: https://www.pfsense.org/

$ pkg-static -d update

DBG(1)[86073]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[86073]> PkgRepo: verifying update for pfSense-core
DBG(1)[86073]> PkgRepo: need forced update of pfSense-core
DBG(1)[86073]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[86073]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.conf
DBG(1)[86073]> opening libfetch fetcher
DBG(1)[86073]> Fetch > libfetch: connecting
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.conf with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.conf with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.conf with opts "i"
DBG(1)[86073]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz
DBG(1)[86073]> opening libfetch fetcher
DBG(1)[86073]> Fetch > libfetch: connecting
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz with opts "i"
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/meta.txz: Service Unavailable
repository pfSense-core has no meta file, using default settings
DBG(1)[86073]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg
DBG(1)[86073]> opening libfetch fetcher
DBG(1)[86073]> Fetch > libfetch: connecting
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg with opts "i"
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.pkg: Service Unavailable
DBG(1)[86073]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz
DBG(1)[86073]> opening libfetch fetcher
DBG(1)[86073]> Fetch > libfetch: connecting
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz with opts "i"
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-core/packagesite.txz: Service Unavailable
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
DBG(1)[86073]> PkgRepo: verifying update for pfSense
DBG(1)[86073]> PkgRepo: need forced update of pfSense
DBG(1)[86073]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[86073]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.conf
DBG(1)[86073]> opening libfetch fetcher
DBG(1)[86073]> Fetch > libfetch: connecting
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.conf with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.conf with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.conf with opts "i"
DBG(1)[86073]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz
DBG(1)[86073]> opening libfetch fetcher
DBG(1)[86073]> Fetch > libfetch: connecting
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz with opts "i"
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/meta.txz: Service Unavailable
repository pfSense has no meta file, using default settings
DBG(1)[86073]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg
DBG(1)[86073]> opening libfetch fetcher
DBG(1)[86073]> Fetch > libfetch: connecting
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg with opts "i"
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.pkg: Service Unavailable
DBG(1)[86073]> Request to fetch pkg+https://repo.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz
DBG(1)[86073]> opening libfetch fetcher
DBG(1)[86073]> Fetch > libfetch: connecting
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz with opts "i"
DBG(1)[86073]> Fetch: fetching from: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz with opts "i"
pkg-static: https://repo00.atx.netgate.com/pkg/pfSense_plus-v23_01_aarch64-pfSense_plus_v23_01/packagesite.txz: Service Unavailable
Unable to update repository pfSense
Error updating repositories!

Wheat thoroughly mixed with chaff, unable to separate. Any/All help appreciated.

rcoleman-netgate

@peterhouse

Upgrades to 1100/2100 models are suspended while an issue is being fixed
Package updates for 22.05 can be found by changing branch from 23.01 to 22.05 in System->Update

PeterHouse

@rcoleman-netgate Thank you, that works - All I really needed was to see the packages. Any updates can wait until after I get an openVPN configured - what can go wrong now?

KB8DOA

I am stuck AGAIN on ALL of my SG-5100 pfSense+ boxes.

Am stuck on 22.05 and getting "Unable to check for updates"

I do have the Update settings Branch set to 23.01

Can anyone advise on what to do this time?

rcoleman-netgate

@kb8doa What is the output of this command:

cat /usr/local/etc/pkg/repos/pfSense.conf

run at Diagnostics->Command Prompt in the GUI.

KB8DOA

@kb8doa
FreeBSD: { enabled: no }

pfSense-core: {
url: "pkg+https://firmware.netgate.com/pkg/pfSense_plus-v23_01_amd64-core",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/local/share/pfSense/keys/pkg",
enabled: yes
}

pfSense: {
url: "pkg+https://firmware.netgate.com/pkg/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/local/share/pfSense/keys/pkg",
enabled: yes
}

stephenw10

Ok, that is correct. What does pkg-static -d update show?

KB8DOA

@stephenw10 said in Unable to check for updates (SOLVED):

pkg-static -d update

I uninstalled ntop quite some time ago and am seeing mention of it, in what you requested:

DBG(1)[88664]> pkg initialized
pkg-static: Warning: Major OS version upgrade detected. Running "pkg bootstrap -f" recommended
Updating ntop repository catalogue...
DBG(1)[88664]> PkgRepo: verifying update for ntop
DBG(1)[88664]> PkgRepo: need forced update of ntop
DBG(1)[88664]> Pkgrepo, begin update of '/var/db/pkg/repo-ntop.sqlite'
DBG(1)[88664]> Request to fetch https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/meta.conf
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/meta.conf with opts "i"
DBG(1)[88664]> Request to fetch https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/meta.txz
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/meta.txz with opts "i"
pkg-static: https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/meta.txz: Not Found
repository ntop has no meta file, using default settings
DBG(1)[88664]> Request to fetch https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/packagesite.pkg
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/packagesite.pkg with opts "i"
pkg-static: https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/packagesite.pkg: Not Found
DBG(1)[88664]> Request to fetch https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/packagesite.txz
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/packagesite.txz with opts "i"
pkg-static: https://packages.ntop.org/FreeBSD/FreeBSD:14:amd64/latest/packagesite.txz: Not Found
Unable to update repository ntop
Updating pfSense-core repository catalogue...
DBG(1)[88664]> PkgRepo: verifying update for pfSense-core
DBG(1)[88664]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[88664]> Request to fetch pkg+https://firmware.netgate.com/pkg/pfSense_plus-v23_01_amd64-core/meta.conf
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://pkg00-atx.netgate.com/pkg/pfSense_plus-v23_01_amd64-core/meta.conf with opts "i"
DBG(1)[88664]> Fetch: fetcher chosen: https
DBG(1)[88664]> Request to fetch pkg+https://firmware.netgate.com/pkg/pfSense_plus-v23_01_amd64-core/packagesite.pkg
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://pkg00-atx.netgate.com/pkg/pfSense_plus-v23_01_amd64-core/packagesite.pkg with opts "i"
DBG(1)[88664]> Fetch: fetcher chosen: https
DBG(1)[88664]> Request to fetch pkg+https://firmware.netgate.com/pkg/pfSense_plus-v23_01_amd64-core/packagesite.txz
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://pkg00-atx.netgate.com/pkg/pfSense_plus-v23_01_amd64-core/packagesite.txz with opts "i"
DBG(1)[88664]> Fetch: fetcher chosen: https
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
DBG(1)[88664]> PkgRepo: verifying update for pfSense
DBG(1)[88664]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[88664]> Request to fetch pkg+https://firmware.netgate.com/pkg/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/meta.conf
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://pkg01-atx.netgate.com/pkg/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/meta.conf with opts "i"
DBG(1)[88664]> Fetch: fetcher chosen: https
DBG(1)[88664]> Request to fetch pkg+https://firmware.netgate.com/pkg/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.pkg
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://pkg01-atx.netgate.com/pkg/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.pkg with opts "i"
DBG(1)[88664]> Fetch: fetcher chosen: https
DBG(1)[88664]> Request to fetch pkg+https://firmware.netgate.com/pkg/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz
DBG(1)[88664]> opening libfetch fetcher
DBG(1)[88664]> Fetch > libfetch: connecting
DBG(1)[88664]> Fetch: fetching from: https://pkg01-atx.netgate.com/pkg/pfSense_plus-v23_01_amd64-pfSense_plus_v23_01/packagesite.txz with opts "i"
DBG(1)[88664]> Fetch: fetcher chosen: https
pfSense repository is up to date.
Error updating repositories!

KB8DOA

@stephenw10

issued in Command Line:
pkg delete -y ntop

to delete ntop

This RESOLVED my "Unable to check for updates" issue.

stephenw10

Interesting. It looks like at some point you added the ntop repo to get the subscription version?

mgi

Hello,

I have the same problem now on my Netgate 2100.

I updated the repo config already from "repo" to "firmware", but after I did that, I see cert issues related the new domain.

For some reason the content of my post is flagged as spam and I can post those. The full post can be found on https://pastebin.com/T6yRB4Yw

Any ideas?

Thanks...

SteveITS

@mgi The 1100/2100 repos are still offline while they sort out the issue affecting older models.
https://forum.netgate.com/topic/178049/pfsense-plus-23-01-updates-on-the-1100-and-2100-systems