PfSense 2.0.1 updates and packages issue



  • Hello,

    I have a pfSense installation for a long while now and it worked just fine (great job with it!!) however in the past few months I have the following issue:

    2.0.1-RELEASE (i386)
    built on Mon Dec 12 18:24:17 EST 2011
    FreeBSD 8.1-RELEASE-p6

    Unable to check for updates.

    If I go into Packages/Available Packages I get the following:

    Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.

    even though I can ping any host from within pfSense …

    In the System/Firmware/Settings I have: pfSense i386 stable updates and the URL is: http://updates.pfsense.org/_updaters

    Is there something I should do to make it work?

    Thank you,

    Nick



  • Can ping any host by DNS name? If so, the next most common issue is Snort false positives black listing the IP. Your update URL is correct, that will show a directory listing when you browse there. Can you browse there from behind the firewall?



  • Thank you for the quick reply!

    I can ping by DNS name but if I'm visiting the URL from a computer behind the pfSense router I get a 404 error. I had Snort installed but I've uninstalled it and rebooted the router afterwards.


  • Rebel Alliance Developer Netgate

    The update URL will show 404 if you go in a browser - it's not meant to be accessed by humans :-)

    If you get 404 that means you are getting to the server at least.



  • That is good news but it doesn't solve the problem :)


  • Rebel Alliance Developer Netgate

    If you go to a shell from the console and try something like:

    links http://updates.pfsense.com/manifest

    And choose 'display' - does that show up? Or what do you get?



  • I get a list of URLs for updates:

    
    pfSense i386 stable updates     http://updates.pfsense.org/_updaters                              
    pfSense amd64 stable updates    http://updates.pfsense.org/_updaters/amd64                        
    pfSense i386 2.1 DEVELOPMENT snapshots  http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/i386/pfSen
    pfSense amd64 2.1 DEVELOPMENT snapshots http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/amd64/pfSe
    
    


  • Friendly bump :)


  • Rebel Alliance Developer Netgate

    If you can fetch the manifest it should be able to fetch the updates and packages.

    The only other possible thing could be a proxy or filter of some kind between your firewall and the Internet.

    At the very least the updates check should be working, it just fetches http://updates.pfsense.org/_updaters/version and that should only contain a little string such as "2.0.1-RELEASE".

    Anything noteworthy showing up in your system logs?



  • I have the same problem. I cant see anything in the logs that is note worthy.



  • Same here.
    The update URLs mentioned above are also not working…


  • Rebel Alliance Developer Netgate

    If you're going to claim you have the same problem, at the very least provide some supporting evidence. What exact URL did you try and what was the exact error you received? Did you try to load it by hand or directly in the firewall's web interface as an update URL? Are you sure you have working DNS and a proper default gateway set?

    The URLs definitely work, there are many people using them without problems all over the world, so there must be something unique about your particular setup that is either making them not work for you, or making them appear to not work for you.



  • Got this working.

    I just had to change system->firmware->updater settings to pfsense i386 stable updates.

    Seems its not set this way for a default install.

    Was never claiming that pfsense has a problem, was just looking for someone who may be able to point us in the right direction. Sorry to waste your time.



  • @nitsuj:

    Got this working.

    I just had to change system->firmware->updater settings to pfsense i386 stable updates.

    Seems its not set this way for a default install.

    Was never claiming that pfsense has a problem, was just looking for someone who may be able to point us in the right direction. Sorry to waste your time.

    I had this exact same problem with 2.0.1, only with amd64 rather than i386.  Your post helped me fix the problem with pfSense, so thank you!

    @jimp:

    If you're going to claim you have the same problem, at the very least provide some supporting evidence. What exact URL did you try and what was the exact error you received? Did you try to load it by hand or directly in the firewall's web interface as an update URL? Are you sure you have working DNS and a proper default gateway set?

    The URLs definitely work, there are many people using them without problems all over the world, so there must be something unique about your particular setup that is either making them not work for you, or making them appear to not work for you.

    Your response was rude and largely unnecessary.  Two additional people saying "me too" is an indicator that there is a problem that needs to be addressed, not something that can just be brushed off.

    The problem lies with pfSense.  Such a basic parameter should be set during the installation process, especially when a quick install is performed.



  • This issue happened on my side too around couple of months ago but its okay now even though i haven't touched any configuration.



  • I have installed the same installation (with amd64)
    2.0.1-RELEASE (i386)
    built on Mon Dec 12 18:24:17 EST 2011
    FreeBSD 8.1-RELEASE-p6

    My connection to Internet is through proxy and I have it defined. I can check for firmware upgrades, after going to firmware settings and changing some parameters but I can't check for package updates or install new packages.
    Is there a way around this using shell? or probably downloading all updates and installing them from a local machine?



  • DraNick, MTI and others having the same problem:

    In order to check and install packages from the web interface try unchecking "Block private networks" in Interfaces => WAN

    This is supposed to block 192.168.0.0/16 IPs, but somehow it was blocking www.pfsense.com (192.207.126.26) in a router with pfSense 2.0.1

    Maybe this was a bug in 2.0.1, but it seem corrected in 2.1 as it behaves correctly (as I'be been unable to reproduce the problem).


  • Netgate Administrator

    Interesting. I wouldn't have thought that would make any difference. That rule only blocks incoming connections. I wonder if it caused the automatically generated rules to be rebuilt.  :-\

    Steve



  • Block private networks can't block outbound traffic, and couldn't have blocked 192.207.126.0/24 that we're on. Had to have been something else that changed in the mean time.



  • Thank you jimp, nitsuj, fransecs, cmb and all the others that got involved in this.

    Upgrading to 2.1 seem to have solved the issue. It can check for upgrades correctly now, on my end.

    Thanks once again!



  • @cmb:

    Block private networks can't block outbound traffic, and couldn't have blocked 192.207.126.0/24 that we're on. Had to have been something else that changed in the mean time.

    You were rigth CMB, I had been changing settings around and I gave false information without ban intention.

    This is the setting that made the difference to me in order to upgrade pfSense:

    System => General Setup => "Do not use the DNS Forwarder as a DNS server for the firewall" (in the "DNS Servers" section)

    I hope it helps anyone, sorry for the delay!


  • Netgate Administrator

    You shouldn't have to do that. Check that your DNS forwarder (or resolver) is bound to localhost.

    Steve