Unable to communicate with https://packages.pfsense.org. Please verify DNS and



  • I am getting this error after restoring and reconfiguring it i tried this command

    env ip6addrctl_enable="yes" ip6addrctl_policy="prefer_ipv4" /etc/rc.d/ip6addrctl start

    Then Flush command and afterthat reboot of firewall

    But no use  please help


  • Netgate Administrator

    Is it able to check for fimeware updates?
    Are you using policy based routing?
    Are you able to ping it from the pfsense box? From a client behind pfsense?

    Steve



  • Hi steve i am attaching screen shots of firewall output

    *** No pfsense is not able to obtain update status

    • Not able to ping google or pfsense websites but i can ping my DHCP server which is windows 2008 server

    • Internet is working fine in my LAN network but PF sense is not able to obtain any update

    • yesterday i reset PFsense on factory default mode before that it was working fine so no rules are there screen shots of rules is also attached










    **



  • @stephenw10:

    Is it able to check for fimeware updates?
    Are you using policy based routing?
    Are you able to ping it from the pfsense box? From a client behind pfsense?

    Steve

    Hey steve

    as i already mentioned that internet on my LAN is working but i Dont know weather its a problem with MY ISP DNS server or with PFSENSE

    i tried one silverbullet

    System > General Setup > in DNS section along with my ISP DNS i entered google Public DNS address 8.8.8.8 & 8.8.4.4 and now PING in PFsense and Package manager is working.

    but Public DNS are not safe so please tell me the solution for it



  • @scorpion2087:

    but Public DNS are not safe so please tell me the solution for it

    uh… what? DNS in general isn't safe, "public DNS" is no less safe than anything else. That's part of why we've switched essentially everything over to HTTPS.



  • You can switch to using Unbound as the caching resolver and tell it not to use forwarders. That way you can be pretty sure the answers you get are straight from the horse's mouth, the authoritative servers in other words. If you're really paranoid Unbound supports DNSSEC but unfortunately DNSSEC hasn't been yet adopted widely.



  • @kpa:

    You can switch to using Unbound as the caching resolver and tell it not to use forwarders.

    Still, anyone in the position to modify the traffic between you and Google will be able to just as easily modify your recursive lookups direct to other servers.

    Yeah, DNSSEC is ultimately the answer, but it'll be a while before the world gets there.


  • Netgate Administrator

    So the box did not have DNS working correctly but client behind it did? Are your lan clients using the pfSense DNS forwarder or do you have something else on your network providing DNS?
    What sort of connection is your WAN? Usually the DNS servers are provided by the WAN via DHCP or PPP, is your ISP not providing them?

    In System: General: do you have either the 'Allow DNS server list to be overridden by DHCP/PPP on WAN' or 'Do not use the DNS Forwarder as a DNS server for the firewall' boxes checked?

    I use Google's DNS servers and don't worry about it, Google knows everything about me anyway.  ::)

    Steve



  • I have same problem . How i can fixed it


  • Netgate Administrator

    You have the same symptoms as the OP?
    Is the pfSense box able to check for updates?
    You tried the IPv6 fix?

    Steve


Log in to reply