[bug since 2.1.2] Unable to communicate with https://packages.pfsense.org



  • There is no bug here in general, there may be something specific to use of proxy servers only but that's yet to be confirmed or denied.

    If you aren't using a proxy and you get "Unable to communicate with https://packages.pfsense.org", then you have one of two issues:

    1. either your system can't actually get out to the Internet (no default gateway, missing/wrong DNS servers)
    2. it can't fetch files via HTTPS for some reason. Something upstream blocking it, or if you have a Hifn card, this: https://redmine.pfsense.org/issues/3125


  • @cmb:

    1. either your system can't actually get out to the Internet (no default gateway, missing/wrong DNS servers)
    2. it can't fetch files via HTTPS for some reason. Something upstream blocking it, or if you have a Hifn card, this: https://redmine.pfsense.org/issues/3125

    Thank for reply.
    I disagree 1. I get DNS response, I see HTTPS packets leaving interface destined to 208.123.73.88.443; unfortunately with no response. Furthermore HTTP package request works so it's not an Internet access (or DNS) issue in general.
    Regarding 2.: It can be something with HTTPS, no relevant entries in log, though. I use VMware. Please note I use OpenVPN on that server (and it works).

    I'd appreciate any hints.
    Thanks.



  • If you see SYNs leaving and no SYN ACKs coming back, you're blocking the traffic somewhere. You have proper connectivity in general since HTTP works, and our restrictions for HTTPS are identical to HTTP, so we're not blocking you (and we don't really block any sources short of bogons, and an IP here and there on occasion that's doing stupid stuff).



  • @cmb:

    It should still be using the proxy, the only thing functionally different is using HTTPS instead of HTTP. If you change "xmlrpcbaseurl" in /etc/inc/globals.inc from HTTPS to HTTP does it work through the proxy?

    Hi, just to share .. we are facing the same issue with pfSenses (behind the proxy) after update to 2.1.2. After updating globals.inc it worked on plain http (and not https).
    Thanks.



  • @vipermy:

    Hi, just to share .. we are facing the same issue with pfSenses (behind the proxy) after update to 2.1.2. After updating globals.inc it worked on plain http (and not https).

    Thanks for the feedback. With 3 separate confirmations, via a proxy is likely a legit issue.
    https://redmine.pfsense.org/issues/3612

    If anyone digs at the source on this issue, please add info on that redmine ticket.

    For those who find this thread and aren't using a proxy, you have a general connectivity problem of some sort that's entirely unrelated to this thread, please start your own thread with information about your scenario.



  • Sorry for the delay.

    It works with editing the /etc/inc/globals.inc and change from

            "xmlrpcbaseurl" => "https://packages.pfsense.org",
    

    to:

            "xmlrpcbaseurl" => "http://packages.pfsense.org",
    

    I confirm that pfSense try to contact HTTPS without going through the proxy.



  • @x16wda:

    taunusstein.net, I am seeing the same behavior, coincidentally after I upgraded to 2.1.3 this evening.  :(

    I had not checked packages for several weeks before the upgrade. Tonight, I have no issue pinging the ipv4 site but get no response from the ipv6 address, and I get the same "unable to connect to https://packages.pfsense.org" error.  No proxy in my configuration and no other connectivity issues.

    Update: disable IPv6 (System, Advanced, Networking, uncheck Allow IPv6) and packages show up fine.

    Worked perfect i was pulling my hair out till i tried the disable ipv6 !



  • @topoldo:

    Hi all.
    I have the same problem with this configuration:

    • No proxy
    • No IPv6

    [skip…]

    Solved! It was my fault, I was wrong in setting the gateway.
    Now it works with the Override Host in DNS forwarders trick.
    Topoldo



  • Solved!

    We have multiple subnets and one uses its own DNS server instead of using the DNS forwarder.  Because of this we adjusted the interfaces that the DNS forwarder listens on.  In the process we must have killed pfSense's ability to reach the update servers because once I tried changing it to ALL, it perked right up and displayed the update's availability.

    Happily updated ti 2.1.3.  Thanks guys!



  • Sorry but I use the 2.1.4 and the bug is always the same, can't contact the server.

    However the file is correctly patched cf https://redmine.pfsense.org/projects/pfsense/repository/revisions/1930a63e811915da210555804925e67ec419d662

    (The workaround with /etc/inc/global.inc.php works)

    No idea ?



  • 2.1.4-RELEASE (i386)

    Can't still work with Package Manager!

    -> "Unable to communicate with https://packages.pfsense.org. …"

    :'(

    Any Ideas?

    Edit:

    Seems to be a Problem of packages.pfsense.org.
    https://packages.pfsense.org/xmlrpc.php is still giving error:
    faultCode 105 faultString XML error: Invalid document end at line 1


  • Banned

    I dont have that issue at all with 2.1.4

    Works fine from Denmark…



  • Same here:

    2.1.4-RELEASE (i386)
    built on Fri Jun 20 12:59:29 EDT 2014
    FreeBSD 8.3-RELEASE-p16
    You are on the latest version.

    But on packages page:

    Unable to communicate with https://packages.pfsense.org. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.



  • Today, i backed up my configuration. I switched from embedded version of pfsense (on usb) to regular version (on hdd).
    This problem suddenly appared.
    I tried

    1. http://packages.pfsense.org
    2. Checked gateways, dns forwarder settings, dns servers, tried different settings
    3. I can ping packages.pfsense.org on wan
    4. "You are on the latest version" is visible
    5. No ipv6, no proxy
    6. I pretty much tried everything i have read and think of

    I'm thinking either there is difference between LiveCD and NanoBSD version or this site might be bugged/down. What should i do next?


  • Banned

    I got this as well now. :(

    NOT good….



  • linked with this topic:

    https://forum.pfsense.org/index.php?topic=78276.0

    Same issue imho. There's something still not right.



  • @cmb:

    It should still be using the proxy, the only thing functionally different is using HTTPS instead of HTTP. If you change "xmlrpcbaseurl" in /etc/inc/globals.inc from HTTPS to HTTP does it work through the proxy?

    To to confirm, this workaround also worked here. Just changing to http got me access to the available package pages.

    Seem to me there is some issue with the proxy!

    –edit: using 2.1.4-RELEASE (amd64) on APU1C4--



  • Problem solved itself this morning, i think it was server related



  • Nope.

    Someone whom should have known better got the CARP addresses wrong for v6 late last week.

    Since we're moving racks in the data center, the problem didn't surface until we failed over while moving one of the last pieces of gear to the new rack, the. Fee stablished the primary.



  • Download the update you need and browse to that file locally if you need.



  • After while i can say it clear and loud

    PFSENSE as firewall IS GREAT CLEAR OF BUGS BETTER THAN HOLY S*** CISCO ASA have multiple option than juniper

    But the only thing i dream in is stable version of squid3-dev with easy way to add and authenticate users (using UI)



  • confirmed works disabling ipv6 on 2.1.5 and 2.2.4 for me, 2 different WAN providers.



  • @msmith9xr4:

    confirmed works disabling ipv6 on 2.1.5 and 2.2.4 for me, 2 different WAN providers.

    You have IPv6 problems in that case. Start a new thread describing your IPv6 config, what you see when trying to traceroute6 to packages.pfsense.org (or google.com or anything else IPv6-enabled, guessing nothing will work in that case).

    Locking thread since it's been hijacked by a handful of completely unrelated things.


Log in to reply