"Unable to check for updates" again
-
@JasonM.:
Has to be some odd issue with just the right config combination I am using on this box because this has happened before with an almost identical setup. It was only resolved because I ended up doing a fresh install do to a hardware issue.
I had this issue as well with 2.1. It happened to be resolving a different IP for updates.pfsense.org than my ISP's DNS was for some reason. I was able to resolve it (no pun intended) by going to System -> General Setup and checking "Do not use the DNS Forwarder as a DNS server for the firewall." This ended up with the ability to ping updates.pfsense.org from the pfsense interface and resolving to the real address of 66.111.2.169. I'd imagine its an issue with the DNS Forwarder caching something bogus.
I know this topic is old but I had the same issue as OP and this immediately fixed the issue for me. Thanks so much.
-
@JasonM.:
Has to be some odd issue with just the right config combination I am using on this box because this has happened before with an almost identical setup. It was only resolved because I ended up doing a fresh install do to a hardware issue.
I had this issue as well with 2.1. It happened to be resolving a different IP for updates.pfsense.org than my ISP's DNS was for some reason. I was able to resolve it (no pun intended) by going to System -> General Setup and checking "Do not use the DNS Forwarder as a DNS server for the firewall." This ended up with the ability to ping updates.pfsense.org from the pfsense interface and resolving to the real address of 66.111.2.169. I'd imagine its an issue with the DNS Forwarder caching something bogus.
Just would like to say that JasonM.'s post worked for me. I checked the option "Do not use the DNS Forwarder as a DNS server for the firewall" and it worked like a charm.
Under "Auto Update", I am now able to see the message:```A new version is now available
Current version: 2.1.3-RELEASE
Built On: Thu May 01 15:52:13 EDT 2014
New version: 2.1.5-RELEASEUpdate source: https://updates.pfsense.org/_updaters/amd64
Thanks once again for posting. -
Hello.
I had the same error "Unable to check for updates" and I'd like to share my case.
I figured out that for security reasons I set to bind the LAN interface only for the DNS forwarder in the "Services: DNS forwarder" section. But there is also an option "Localhost" which you can mark with "Ctrl" key pressed and the DNS forwarder begins to service pfSense's requests too, so the autoupdate feature resumes working right.Thank You so much - you helped me, to resolve this same issue on my box.
:D -
Sorry to revive this old thread but I have the exact same problem again. However this time I know how to reproduce it every time.
I found out the cause this time because I installed squid3 and then went to install squidguard3 and since it doesn't have a signature I had to goto SYSTEM>ADVANCED>PACKAGE SETTINGS and check "Do NOT check package signature" option. As soon as I do this pfsense can no longer check for updates or packages. Unchecking the option does not fix the problem. Only way I can fix it is to restore to my last full backup. After restoring to my good backup if I immediately check that option again the problem returns.
Can anyone else verify what I'm seeing?
Thanks
-
This is still a problem with 2.2 release. If I check "Do NOT check package signature" then pfsense can no longer check for updates or packages. unchecking the option does not correct it, I have to restore the firewall from a backup.
-
I had to make the same change to be able to see updates after moving from dnsmasq to dns resolver (unbound).
Still have alot of unanswered questions about how exactly thats interacting with the system as a whole, but it is working.
-
So I feel stupid and apologize.
This had nothing to do with pfsense itself. When I would goto System>Advanced>Miscellaneous to change that option, firefox was auto filling "Proxy URL" with my pfsense username and "Proxy Password" with my password. That login is set to autofill and firefox was incorrectly filling those fields when it should not have touched them. So when I would check the option to not check package signature and press save it was saving these incorrect proxy fields as well.Sorry if I wasted anyone's time.
-
Ah, that is a classic problem. It bit me just a few days ago. :)
Steve
-
Hmm, OK. We've tried the usual suspects here.
You can see this behaviour in a multiwan setup with gateway groups. The clients on LAN use the gateway group to access the internet, in your case you have a failover setup. If you have firewall rules on LAN that catch all traffic and specify the gateway group then you are never using the system routing table to select a gateway. The pfSense box itself cannot use a gateway group it always uses the system routing table. Thus if it's default gateway is set incorrectly it will not be able to access the internet.
Using the ping test in the diagnostics menu will fail to find this since you have to specify which interface you want to ping from.Go to System: Routing: Gateways: make sure the default gateway is set to something sensible, like your primary WAN connection.
Steve
Steve, thanks a lot for this. It makes sense now why as I'm testing my failover setup, once off my "default gateway" which is set to the "primary" wan connection, pfSense refuses to check updates or download from the available Package list. If I swap the default gateway to the (2nd) wan connection, it immediately works.
Shouldl this behaviour affect my client workstations (DHCP) at all? Or would it just affect the web configurator from accessing the internet when the primary wan is down. Is there a way to add a firewall rule ahead of the failover gateway group "catch all", so that pfSense web configurator traffic is captured first? Hmmm
Andrew
