pfSense stops updating packages

compiz

Hi everybody!
I have a topton mini pc with intel n100 cpu and 4x2.5gbps ethernet ports (i226v).
This mini pc was running 23.09.1 and now 24.03, in both cases the check for updates stops working both for new versions of pfSense and for packages.
Ok now I know there is no newer version from 24.03 but I want to emphasise that this problem existed in both versions (23.09.1 and 24.03). Right now if I login to the gui, I see in the check for new versions in the dashboard: "Error in version information"
and if I go to packages where I know from a 2nd pfSense (VM this time) that 2 packages have updates, the list loads but it doesn't show the updates and after trying a couple of times the package list doesn't load at all.

If I go to shell and give: pkg update ; pkg upgrade
I get:

Updating pfSense-core repository catalogue...
pkg: No SRV record found for the repo 'pfSense-core'
pkg: An error occured while fetching package
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/meta.txz -- pkg+:// implies SRV mirror type
repository pfSense-core has no meta file, using default settings
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/packagesite.pkg -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/packagesite.txz -- pkg+:// implies SRV mirror type
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: No SRV record found for the repo 'pfSense'
pkg: An error occured while fetching package
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-pfSense_plus_v24_03/meta.txz -- pkg+:// implies SRV mirror type
repository pfSense has no meta file, using default settings
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-pfSense_plus_v24_03/packagesite.pkg -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-pfSense_plus_v24_03/packagesite.txz -- pkg+:// implies SRV mirror type
Unable to update repository pfSense
Error updating repositories!
Updating pfSense-core repository catalogue...
pkg: No SRV record found for the repo 'pfSense-core'
pkg: An error occured while fetching package
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/meta.txz -- pkg+:// implies SRV mirror type
repository pfSense-core has no meta file, using default settings
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/packagesite.pkg -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/packagesite.txz -- pkg+:// implies SRV mirror type
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: No SRV record found for the repo 'pfSense'
pkg: An error occured while fetching package
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-pfSense_plus_v24_03/meta.txz -- pkg+:// implies SRV mirror type
repository pfSense has no meta file, using default settings
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-pfSense_plus_v24_03/packagesite.pkg -- pkg+:// implies SRV mirror type
pkg: packagesite URL error for pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-pfSense_plus_v24_03/packagesite.txz -- pkg+:// implies SRV mirror type
Unable to update repository pfSense
Error updating repositories!

Internet works, I now DNS problem nor connectivity issues.
Then I try: pfSense-upgrade -dc
and I get:

pfSense-repoc-static: failed to fetch the repo data
failed to read the repo data.
failed to update the repository settings!!!
failed to update the repository settings!!!

In both commands, it takes forever to finish them so I can give the next input.
Now I know if I do a reboot it will be resolved, but the thing is, I have dynamic IP and every time I do reboot, IP changes...and when the IP changes, I have to do 2FA to like 200 services and sites so I try not to do a reboot unless I really really really have to.
Is there any other option/command I can do to help pfSense check for updates without having to reboot it?

Kind regards,
George

stephenw10

Try running: pSense-repoc then pkg -d update. See what errors are shown.

compiz

Thanks for the reply, here are the results from those commands:

pfSense-repoc
pfSense-repoc: failed to fetch the repo data
failed to read the repo data.

and

pkg -d update
DBG(1)[4268]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[4268]> PkgRepo: verifying update for pfSense-core
DBG(1)[4268]> PkgRepo: need forced update of pfSense-core
DBG(1)[4268]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[4268]> Request to fetch pkg+https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/meta.conf
DBG(1)[4268]> curl_open
pkg: No SRV record found for the repo 'pfSense-core'
DBG(1)[4268]> Fetch: fetcher used: pkg+https
DBG(1)[4268]> curl> fetching https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/meta.conf

DBG(1)[4268]> CURL> No mirror set url to https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/meta.conf

DBG(1)[4268]> CURL> attempting to fetch from https://pfsense-plus-pkg.netgate.com/pfSense_plus-v24_03_amd64-core/meta.conf, left retry 3

* Couldn't find host pfsense-plus-pkg.netgate.com in the .netrc file; using defaults
* Resolving timed out after 30010 milliseconds

stephenw10

Hmm, just seems unable to connect at all. Can you ping ews.netgate.com ?

compiz

@stephenw10
From my PC yes, from the router no

compiz

@stephenw10 after a few minutes it gave me this:

ping: cannot resolve ews.netgate.com: Address family for hostname not supported

stephenw10

Huh, what does host ews.netgate.com show?

Is it somehow only giving you an IPv6 address?

compiz

@stephenw10

host ews.netgate.com
;; connection timed out; no servers could be reached

It is weird if it switched back to IPv6 which means an ISP problem, I can access from my pc any IPv4 sites though, just pfSense itself can't

SteveITS

@compiz Is DNS functioning then? System/General; Diagnostics/DNS Lookup.

re: IPv6, there is a setting to disable that for (only) pfSense: https://docs.netgate.com/pfsense/en/latest/network/ipv6/ipv6-preference.html

stephenw10

Oh just no DNS resolution. Is Unbound still running? Assuming you are using Unbound still, which is the default.

compiz

@SteveITS

it was running the default yes, I have changed it to use the external DNS only, it seems to be able to detect now the updates but it failes to install them

pkg update ; pkg upgrade
Updating pfSense-core repository catalogue...
pkg: An error occured while fetching package
pkg: An error occured while fetching package
repository pfSense-core has no meta file, using default settings
pkg: An error occured while fetching package
pkg: An error occured while fetching package
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: An error occured while fetching package
pkg: An error occured while fetching package
repository pfSense has no meta file, using default settings
pkg: An error occured while fetching package
pkg: An error occured while fetching package
Unable to update repository pfSense
Error updating repositories!
Updating pfSense-core repository catalogue...
pkg: An error occured while fetching package
pkg: An error occured while fetching package
repository pfSense-core has no meta file, using default settings
pkg: An error occured while fetching package
pkg: An error occured while fetching package
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
pkg: An error occured while fetching package
pkg: An error occured while fetching package
repository pfSense has no meta file, using default settings
pkg: An error occured while fetching package
pkg: An error occured while fetching package
Unable to update repository pfSense
Error updating repositories!

compiz

@stephenw10 I mixed the replies, sorry.
I already had the "Prefer to use IPv4 even if IPv6 is available" option enabled.

stephenw10

Ok so now run pfSense-repoc then pkg -d update and see what the error is.

compiz

without me touching anything, it seems to be working now.
it does check for updates for pfSense and packages and it was able to update acme and System_Patches successfully.
What did the trick was to change the DNS from "Use local DNS, fallback to remote" to "Use remote DNS, ignore local DNS" and then back to "Use local DNS, fallback to remote".
Now I am curious as to what might caused the bound DNS to fail and how to prevent it from future crashes?

Thanks for the help guys :)

stephenw10

Had Unbound stopped entirely? Check the System and Resolver logs. You ight see what stopped it if so.

compiz

@stephenw10 the first didn't give any output, just sent me back to prompt, the 2nd

 pkg -d update
DBG(1)[64522]> pkg initialized
pkg: Unable to open '/usr/local/etc/pkg/repos//pfSense.conf':No such file or directory
No active remote repositories configured.

compiz

@stephenw10 said in pfSense stops updating packages:

Had Unbound stopped entirely? Check the System and Resolver logs. You ight see what stopped it if so.

May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 3: 330 queries, 286 answers from cache, 44 recursions, 12 prefetch, 0 rejected by ip ratelimiting
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 3: requestlist max 1 avg 0.0178571 exceeded 0 jostled 0
May 14 18:48:05	unbound	20336	[20336:0] info: average recursion processing time 0.058644 sec
May 14 18:48:05	unbound	20336	[20336:0] info: histogram of recursion processing times
May 14 18:48:05	unbound	20336	[20336:0] info: [25%]=0.0196608 median[50%]=0.0557056 [75%]=0.0963765
May 14 18:48:05	unbound	20336	[20336:0] info: lower(secs) upper(secs) recursions
May 14 18:48:05	unbound	20336	[20336:0] info: 0.000000 0.000001 1
May 14 18:48:05	unbound	20336	[20336:0] info: 0.002048 0.004096 2
May 14 18:48:05	unbound	20336	[20336:0] info: 0.004096 0.008192 4
May 14 18:48:05	unbound	20336	[20336:0] info: 0.008192 0.016384 3
May 14 18:48:05	unbound	20336	[20336:0] info: 0.016384 0.032768 5
May 14 18:48:05	unbound	20336	[20336:0] info: 0.032768 0.065536 10
May 14 18:48:05	unbound	20336	[20336:0] info: 0.065536 0.131072 17
May 14 18:48:05	unbound	20336	[20336:0] info: 0.131072 0.262144 2
May 14 18:48:05	unbound	20336	[20336:0] notice: Restart of unbound 1.19.3.
May 14 18:48:05	unbound	20336	[20336:0] notice: init module 0: validator
May 14 18:48:05	unbound	20336	[20336:0] notice: init module 1: iterator
May 14 18:48:05	unbound	20336	[20336:0] info: start of service (unbound 1.19.3).
May 14 18:48:05	unbound	20336	[20336:0] info: service stopped (unbound 1.19.3).
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting
May 14 18:48:05	unbound	20336	[20336:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0
May 14 18:48:07	unbound	24209	[24209:0] notice: init module 0: validator
May 14 18:48:07	unbound	24209	[24209:0] notice: init module 1: iterator
May 14 18:48:07	unbound	24209	[24209:0] info: start of service (unbound 1.19.3).
May 14 18:48:07	unbound	24209	[24209:3] info: generate keytag query _ta-4f66. NULL IN
May 14 19:46:10	unbound	24209	[24209:2] info: generate keytag query _ta-4f66. NULL IN
May 14 19:46:10	unbound	24209	[24209:1] info: generate keytag query _ta-4f66. NULL IN

stephenw10

Hmm, no cause shown there. It did restart though.

compiz

@stephenw10 said in pfSense stops updating packages:

Hmm, no cause shown there. It did restart though.

Now i can't open sites from my pc, it starts with crashed page and then reloads and it is ok and it does that every time with every page.
I think I have to do a restart, can't avoid it

stephenw10

@compiz said in pfSense stops updating packages:

it starts with crashed page

How is it failing? Definitely DNS not resolving?

Should probably move this to a new thread if pkgs are updating OK now.