Issues to registration system
-
okay, fixed it with a workaround for now:
Well, my issue running the pfsense on a proxmox host was, that outgoing requests from the pfsense were going out with 0.0.0.0 as source IP. They never got any responses.
Looking around with this issue on google and these forums, a not so good but working quickfix is:
Set an Outbound NAT -Rule for "0.0.0.0" to be the WAN address. Then the updates / upgrades / register pages will work... -
@fischkopp said in Issues to registration system:
okay, fixed it with a workaround for now:
Well, my issue running the pfsense on a proxmox host was, that outgoing requests from the pfsense were going out with 0.0.0.0 as source IP. They never got any responses.
Looking around with this issue on google and these forums, a not so good but working quickfix is:
Set an Outbound NAT -Rule for "0.0.0.0" to be the WAN address. Then the updates / upgrades / register pages will work...Your Rocks man, it fix the problem to contact Netgate server to update, and also the update packages.
-
@FischKopp can you tell more in details what configuration need to be done?
i also encounter this issue in my homelab -
You're seeing that exact same error?
If you send me your NDI in chat I can check if we are seeing it and what status it has.
Steve
-
@chaosmassive The necessary "workaround" is documented in the comment - what are you missing? :-)
-
@FischKopp
This is the rule i created, but the network error for registering is still there. Edit: Took it a few minutes, now the register dialogue works but when i click on register it says thank you but stays unregistered. Package manager also not working.
-
@UmbraAtrox I replaced the Source Network all (0.0.0.0) by This Firewall, so its only apply to the firewall !!
-
@bootable Thanks, everything works now. It seems to also have worked with 0.0.0.0 but i changed it to "this firewall". The register didn't work for me because pfsense still doesn't show a error when a already used key is used. New key + your nat rule = works
-
Hmm, I'd be very interested to know what NAT states are created with that rule. You should never need to NAT traffic from the firewall itself unless it's from localhost.
With that rule in place the firewall will NAT it's own traffic and that will include IPSec connections that may fail with it set.
Steve
-
@stephenw10 That's true, I agree but some times if you modify in some way the routing table like add nat out rules, do that the system refresh something unexplainable
-
Yes it could restore a default route for example. I would be wary about adding a NAT rule for all traffic. I have seen that break things numerous times!
-
@stephenw10 Yes that is why In my way to add that rule, I put the source as this firewall only, and not 0.0.0.0
-
That still catches traffic from the WAN IP though which is what should not be done and what can break IPSec, for example.
-
I encountered a similar issue and found a solution by disconnecting all inactive ExpressVPN OpenVPN clients. Previously, I had them connected at all times to switch interfaces quickly if a streaming service blocked me. However, with only one active OpenVPN client connected to my VPN WAN interface, the problem was resolved and everything is functioning correctly now.
-
This is an old post so hoping my guess is accurate regarding the issue in the first post.
I am building up a new system and only have the LAN interface active with a LAN gateway attached and have been able to get modules downloaded and etc. The WAN interface is disabled and not connected yet.
My hunch is that for some reason NetGate wants to see something from the WAN side or firewall directly from this device. Otherwise one cannot register the box. Is my hunch correct?
If so, why can't we register a box in a semi online mode, no WAN connection yet.
Thanks for any thoughts!
JOhn
-
You don't need a 'WAN' specifically to register. As long as the firewall has a default route and can connect out it should be able to reach the registration system.
You would want to have the WAN NIC physically present in the device before registering though even if it's disabled. If you add it later you would change the system NDI and have to re-register.
Steve
-
Thank-you for the reply!
Well... my WAN interface is enabled but it is not attached to any wan switch as I am just trying to configure it up and have everything mostly ready to swap and go... plug and play maybe?!
I tried again several times and the same thing comes up every time.
Thank you for choosing Netgate pfSense Plus
The registration system is not currently available. Please check your network connection and try again.Is the system down and been down for some period of time? I can download modules and was able to update to the latest version, 2.7.0. There may be a x.x.5 update? Dunno.
Anyway, any other workaround?
Thanks!
John
-
Not it's not down. Can the firewall ping out? Can it resolve hosts? Is it trying to use IPv6?
-
Yes to all questions. Using my lan gateway on the lan interface only. Using OpenDNS to resolve names.
WAN interface is enabled, set with my ISPs Static credentials, (ready to go when I get everything configured. Still learning), but attached to nothing... no WAN connection yet. Just an empty RJ45 receptacle.
Thank you again very much!
John
-
Ok try setting the firewall to prefer IPv4 in System > Advanced > Networking.