[bug since 2.1.2] Unable to communicate with https://packages.pfsense.org

xhark

Hi,

I use a lot of pfSense behind proxy server to browse pfSense packages. With 2.1 it was OK but #heartbleed…  and now it does not work with 2.1.2 (amd64). The proxy is configured in system > advanced > miscellaneous, but when I see the logs the pfSense does not use the proxy to join https://package.pfsense.org

Is it a bug ?

On the dashboard the version check works "You are on the latest version.", so it concerned only the packages :s
Any idea ?

Thank you  :)

ps: telnet on proxy:port is ok and DNS resolution too from pfSense

dustyboshoff

bump….  :P

I'm having the same problem. I can resolve through 'DNS Lookup' tool and browse to it from a browser through the pfSense, however clicking on 'System>Packages>Available Packages" just gives me. "Unable to communicate with https://packages.pfsense.org. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.". Dashboard also shows "Obtaining update status ..." then changes to "You are on the latest version.". I have proxy configured in "System>Advanced>Misc" too.

Any help would be appreciated.

noobSauce

I had the same "Unable to communicate with …" problem.

After verifying that I didn't have a DNS issue, I navigated to System-->Routing-->Gateways, and noticed many GW entries.

I deleted all the stale gateway entries that remained from a previous test configuration and soon after, I was able to get the dashboard-->Version to display "You are on the latest version."

cmb

It should still be using the proxy, the only thing functionally different is using HTTPS instead of HTTP. If you change "xmlrpcbaseurl" in /etc/inc/globals.inc from HTTPS to HTTP does it work through the proxy?

jawojtek

Hi.
I have same issue with pfSenses after update to 2.1.2.
The difference is I do not use proxy at all.
After updating globals.inc it worked but using plain http.

Are you going to patch it soon?
I prefer waiting few days than manually update multiple machines.

Furthermore - some pfSense went through update to 2.1.2 and vmware tools package but some failed to update this package.

cmb

There is no bug here in general, there may be something specific to use of proxy servers only but that's yet to be confirmed or denied.

If you aren't using a proxy and you get "Unable to communicate with https://packages.pfsense.org", then you have one of two issues:

1. either your system can't actually get out to the Internet (no default gateway, missing/wrong DNS servers)
2. it can't fetch files via HTTPS for some reason. Something upstream blocking it, or if you have a Hifn card, this: https://redmine.pfsense.org/issues/3125

jawojtek

@cmb:

1. either your system can't actually get out to the Internet (no default gateway, missing/wrong DNS servers)
2. it can't fetch files via HTTPS for some reason. Something upstream blocking it, or if you have a Hifn card, this: https://redmine.pfsense.org/issues/3125

Thank for reply.
I disagree 1. I get DNS response, I see HTTPS packets leaving interface destined to 208.123.73.88.443; unfortunately with no response. Furthermore HTTP package request works so it's not an Internet access (or DNS) issue in general.
Regarding 2.: It can be something with HTTPS, no relevant entries in log, though. I use VMware. Please note I use OpenVPN on that server (and it works).

I'd appreciate any hints.
Thanks.

cmb

If you see SYNs leaving and no SYN ACKs coming back, you're blocking the traffic somewhere. You have proper connectivity in general since HTTP works, and our restrictions for HTTPS are identical to HTTP, so we're not blocking you (and we don't really block any sources short of bogons, and an IP here and there on occasion that's doing stupid stuff).

vipermy

@cmb:

It should still be using the proxy, the only thing functionally different is using HTTPS instead of HTTP. If you change "xmlrpcbaseurl" in /etc/inc/globals.inc from HTTPS to HTTP does it work through the proxy?

Hi, just to share .. we are facing the same issue with pfSenses (behind the proxy) after update to 2.1.2. After updating globals.inc it worked on plain http (and not https).
Thanks.

cmb

@vipermy:

Hi, just to share .. we are facing the same issue with pfSenses (behind the proxy) after update to 2.1.2. After updating globals.inc it worked on plain http (and not https).

Thanks for the feedback. With 3 separate confirmations, via a proxy is likely a legit issue.
https://redmine.pfsense.org/issues/3612

If anyone digs at the source on this issue, please add info on that redmine ticket.

For those who find this thread and aren't using a proxy, you have a general connectivity problem of some sort that's entirely unrelated to this thread, please start your own thread with information about your scenario.

xhark

Sorry for the delay.

It works with editing the /etc/inc/globals.inc and change from

        "xmlrpcbaseurl" => "https://packages.pfsense.org",

to:

        "xmlrpcbaseurl" => "http://packages.pfsense.org",

I confirm that pfSense try to contact HTTPS without going through the proxy.

A Former User

@x16wda:

taunusstein.net, I am seeing the same behavior, coincidentally after I upgraded to 2.1.3 this evening.  :(

I had not checked packages for several weeks before the upgrade. Tonight, I have no issue pinging the ipv4 site but get no response from the ipv6 address, and I get the same "unable to connect to https://packages.pfsense.org" error.  No proxy in my configuration and no other connectivity issues.

Update: disable IPv6 (System, Advanced, Networking, uncheck Allow IPv6) and packages show up fine.

Worked perfect i was pulling my hair out till i tried the disable ipv6 !

topoldo

@topoldo:

Hi all.
I have the same problem with this configuration:

• No proxy
• No IPv6

[skip…]

Solved! It was my fault, I was wrong in setting the gateway.
Now it works with the Override Host in DNS forwarders trick.
Topoldo

acald

Solved!

We have multiple subnets and one uses its own DNS server instead of using the DNS forwarder.  Because of this we adjusted the interfaces that the DNS forwarder listens on.  In the process we must have killed pfSense's ability to reach the update servers because once I tried changing it to ALL, it perked right up and displayed the update's availability.

Happily updated ti 2.1.3.  Thanks guys!

xhark

Sorry but I use the 2.1.4 and the bug is always the same, can't contact the server.

However the file is correctly patched cf https://redmine.pfsense.org/projects/pfsense/repository/revisions/1930a63e811915da210555804925e67ec419d662

(The workaround with /etc/inc/global.inc.php works)

No idea ?

nut 0

2.1.4-RELEASE (i386)

Can't still work with Package Manager!

-> "Unable to communicate with https://packages.pfsense.org. …"

:'(

Any Ideas?

Edit:

Seems to be a Problem of packages.pfsense.org.
https://packages.pfsense.org/xmlrpc.php is still giving error:
faultCode 105 faultString XML error: Invalid document end at line 1

Supermule

I dont have that issue at all with 2.1.4

Works fine from Denmark…

eduardogoncalves

Same here:

2.1.4-RELEASE (i386)
built on Fri Jun 20 12:59:29 EDT 2014
FreeBSD 8.3-RELEASE-p16
You are on the latest version.

But on packages page:

Unable to communicate with https://packages.pfsense.org. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.

denizv

Today, i backed up my configuration. I switched from embedded version of pfsense (on usb) to regular version (on hdd).
This problem suddenly appared.
I tried

1. http://packages.pfsense.org
2. Checked gateways, dns forwarder settings, dns servers, tried different settings
3. I can ping packages.pfsense.org on wan
4. "You are on the latest version" is visible
5. No ipv6, no proxy
6. I pretty much tried everything i have read and think of

I'm thinking either there is difference between LiveCD and NanoBSD version or this site might be bugged/down. What should i do next?

Supermule

I got this as well now. :(

NOT good….