"Unable to check for updates" after upgrade from from 23.05.1 to 23.09
-
After upgrading from 23.05.1-RELEASE to 23.09-RELEASE I get the message: "Unable to check for updates" in Status>Dashboard>System Information>Version. This is on a Netgate 6100.
This is the first time I'm doing an upgrade on a production setup, please help.
-
At the command line run:
pkg-static -d updateWhat errors are shown?
Steve
-
DBG(1)[70228]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[70228]> PkgRepo: verifying update for pfSense-core DBG(1)[70228]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[70228]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core/meta.conf DBG(1)[70228]> curl_open pkg-static: No SRV record found for the repo 'pfSense-core' DBG(1)[70228]> Fetch: fetcher used: pkg+https DBG(1)[70228]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core/meta.conf DBG(1)[70228]> CURL> No mirror set url to https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core/meta.conf DBG(1)[70228]> CURL> attempting to fetch from https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core/meta.conf, left retry 3 -
I assume it fails to fetch the file below that and retries until the retries are exhausted?
Can it resolve anything? Like:
[23.09-RELEASE][admin@5100.stevew.lan]/root: host google.com google.com has address 142.250.187.206 google.com has IPv6 address 2a00:1450:4009:81f::200e google.com mail is handled by 10 smtp.google.com. -
This post is deleted! -
@stephenw10 Humm, it's not able to resolve google.
Host google.com not found: 2(SERVFAIL)
I should have mentioned at the beginning, this the secondary firewall in a HA setup with CARP.
-
Ok what is it using for DNS? Can it resolve against anything configured? Try Diag > DNS Lookup
-
OK, it looks like the update cleared the DNS Server Settings. After reentering the DNS servers IPs and host names I'm informed that "The system is on the latest version." The "Retrieving support information" gear is still spinning, I'm assuming it will eventually stop.
Thank you for your help.
-
@stephenw10 Looks like we celebrated too early. My package list is empty and the "Retrieving support information" gear is still spinning. I tried "pkg update; pkg upgrade" and got:
Updating pfSense-core repository catalogue... repository pfSense-core has no meta file, using default settings Unable to update repository pfSense-core Updating pfSense repository catalogue... repository pfSense has no meta file, using default settings Unable to update repository pfSense Error updating repositories! Updating pfSense-core repository catalogue... pkg: An error occured while fetching package pkg: An error occured while fetching package repository pfSense-core has no meta file, using default settings pkg: An error occured while fetching package pkg: An error occured while fetching package Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg: An error occured while fetching package pkg: An error occured while fetching package repository pfSense has no meta file, using default settings pkg: An error occured while fetching package pkg: An error occured while fetching package Unable to update repository pfSense Error updating repositories! -
Ok, same as before, try running
pkg-static -d updateto get full error details.Also try
pfSense-repoc. See if that throws errors. -
DBG(1)[42008]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[42008]> PkgRepo: verifying update for pfSense-core DBG(1)[42008]> PkgRepo: need forced update of pfSense-core DBG(1)[42008]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[42008]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core/meta.conf DBG(1)[42008]> curl_open DBG(1)[42008]> Fetch: fetcher used: pkg+https DBG(1)[42008]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v23_09_amd64-core/meta.conf DBG(1)[42008]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; using defaults * Trying [2610:160:11:18::207]:443... * Immediate connect fail for 2610:160:11:18::207: No route to host * Trying 208.123.73.207:443... * Immediate connect fail for 208.123.73.207: Network is unreachable * Failed to connect to pfsense-plus-pkg00.atx.netgate.com port 443 after 4 ms: Couldn't connect to server * Closing connection DBG(1)[42008]> CURL> attempting to fetch from , left retry 2pfSense-repoc: failed to fetch the repo data failed to read the repo data.I tried DNS lookup of google.com and got: 142.251.32.78 but when I try to ping said IP address I get 100% packet loss:
PING 142.251.32.78 (142.251.32.78): 56 data bytes --- 142.251.32.78 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet lossI can ping google.com from the other non-upgraded firewall just fine:
PING google.com (172.217.13.110): 56 data bytes 64 bytes from 172.217.13.110: icmp_seq=0 ttl=117 time=3.697 ms 64 bytes from 172.217.13.110: icmp_seq=1 ttl=117 time=3.789 ms 64 bytes from 172.217.13.110: icmp_seq=2 ttl=117 time=3.737 ms --- google.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 3.697/3.741/3.789/0.038 ms -
@Kajetan321 said in "Unable to check for updates" after upgrade from from 23.05.1 to 23.09:
- Immediate connect fail for 208.123.73.207: Network is unreachable
That implies you have something blocking access to it or some bogus route added.
Can you ping the pkg server?[23.09-RELEASE][admin@2100-2.stevew.lan]/root: ping -c 3 pfsense-plus-pkg00.atx.netgate.com PING pfsense-plus-pkg00.atx.netgate.com (208.123.73.207): 56 data bytes 64 bytes from 208.123.73.207: icmp_seq=0 ttl=51 time=112.563 ms 64 bytes from 208.123.73.207: icmp_seq=1 ttl=51 time=112.511 ms 64 bytes from 208.123.73.207: icmp_seq=2 ttl=51 time=112.216 ms --- pfsense-plus-pkg00.atx.netgate.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 112.216/112.430/112.563/0.153 ms -
@stephenw10 Sure, "ping -c 3 pfsense-plus-pkg00.atx.netgate.com" returns "ping: UDP connect: No route to host"
-
Check you have a valid default IPv4 route. Look in Diag > Routes or run
netstat -rn4.If there's no default or it's somehow invalid make sure the default IPv4 gateway is set as WAN (not automatic) in System > Routing > Gateways.
-
@stephenw10 I set the gateway to be WAN (not automatic), after that I was able to ping google.ca. As well:
PING pfsense-plus-pkg00.atx.netgate.com (208.123.73.207): 56 data bytes 64 bytes from 208.123.73.207: icmp_seq=0 ttl=51 time=58.867 ms 64 bytes from 208.123.73.207: icmp_seq=1 ttl=51 time=58.679 ms 64 bytes from 208.123.73.207: icmp_seq=2 ttl=51 time=58.667 ms --- pfsense-plus-pkg00.atx.netgate.com ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 58.667/58.738/58.867/0.091 msHowever, SystemPackage>ManagerAvailable>Packages still shows no packages.
Thank you for your continued support.
-
OK so re-run
pkg-static -d updateandpfSense-repocand see what errors that's showing now it's able to try to connect. -
@stephenw10 OK, it looks like the packages populated over night. Hopefully this is it and everything else is working as expected, more testing to to be done. Thank you.
-
@stephenw10 So after more testing the secondary node appears to be functioning normally. I then switch CARP to maintenance mode on primary node and proceeded with the upgrade of the primary node. The upgrade seemed to have gone well, I was even informed that my system is on the latest version. Next I preceded to check available packages. Unfortunately the list was empty. Trying to execute pkg-static -d update resulted in the page not refreshing, it seemed like the command hung.
I checked that DNS was setup correctly and it is, I'm able to resolve names to IP addresses. Surprisingly, I can't ping google.ca. I checked that System > Routing > Default gateway
is set to "WAMGW" and it was. I also tried rebooting the firewall, nothing changed. -
Does it have a default route present and correct in Diag > Routing?
It's better to run
pkg-static -d updateat the actual command line if you can. That way you can see the partial output and any errors while it's running. -
The gateway IP is our ISP provided gateway. The same as on the secondary firewall.
[23.09-RELEASE][admin@pfsense1.lan.optiwave.com]/root: pkg-static -d update DBG(1)[43703]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[43703]> PkgRepo: verifying update for pfSense-core DBG(1)[43703]> PkgRepo: need forced update of pfSense-core DBG(1)[43703]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[43703]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense _plus-v23_09_amd64-core/meta.conf DBG(1)[43703]> curl_open DBG(1)[43703]> Fetch: fetcher used: pkg+https DBG(1)[43703]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus- v23_09_amd64-core/meta.conf DBG(1)[43703]> CURL> attempting to fetch from , left retry 3 * Couldn't find host pfsense-plus-pkg00.atx.netgate.com in the .netrc file; usin g defaults * Trying 208.123.73.207:443... * Trying [2610:160:11:18::207]:443... * Immediate connect fail for 2610:160:11:18::207: No route to host * ipv4 connect timeout after 21175ms, move on! * Failed to connect to pfsense-plus-pkg00.atx.netgate.com port 443 after 30025 m s: Timeout was reached * Closing connection DBG(1)[43703]> CURL> attempting to fetch from , left retry 2
