Unable to retrieve package info from https://packages.pfsense.org.



  • «Unable to retrieve package info from https://packages.pfsense.org. Cached data will be used.»

    Today I'm getting this error message. No changes in the configuration since 2 months.


  • Moderator

    Check to see if you have an Blocks in Snort. If your using pfBlocker check the Firewall Logs.

    Or if using Squid maybe it could be blocked there?

    This is the IP that resolves to packages.pfsense.org for me. It might be different for you.
    So check the logs for a similar IP address.

    208.123.73.88

    Or try to    ping packages.pfsense.org and see what the IP is and look at the Logs for any blocks.



  • It was completely offline for a few hours; now it's back. Thank you!  :)



  • Second day my pfsense machines can not get to package site. Ping OK. When I point my browser to https://packages.pfsense.org/ it shows packages.pfsense.org. WTF?



  • @NetWiz:

    Second day my pfsense machines can not get to package site. Ping OK. When I point my browser to https://packages.pfsense.org/ it shows packages.pfsense.org. WTF?

    Same here. Subscribed for updates.



  • +1

    Just today I tried upgrading HW… after 2h I still had 'reinstalling packages'
    In the end I just swapped the disks (so I have a pfSense with packages  ;)), but still can't access package source from within pfSense.
    I have these nice errors in log, so something must be wrong  ???

    
    Aug 7 21:43:09	php: /pkg_mgr_installed.php: XMLRPC communication error:
    Aug 7 21:43:09	php: /pkg_mgr_installed.php: XML_RPC_Client: Connection to RPC server packages.pfsense.org:443 failed. 103
    
    

    No squid, no snort (yet, because it's down), basic setup. 2.1.4-RELEASE (amd64) on APU1C4.



  • Not getting it.

    at home, still have this when I go to "System: Package Manager" -> "Available Packages"

    Unable to communicate with https://packages.pfsense.org. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.
    

    But in the office (same ISP, same pfSense level but one is full and other is nano), I can open the page without issue?

    Any hints on what might be causing this?



  • hmm.

    dns resolves fine, traceroute brings me after 20 hops here:
    packages.atx.pfmechanics.com (208.123.73.88)  132.033 ms  132.232 ms  135.681 ms

    I haven't found any setting for package sources, really open for suggestions here  :-[



  • Extra symptom: going to the packages page makes pfSense gui inaccessible (happened twice too me while searching on the issue), seems it crashes the lighttpd daemon.
    Going to stop for now, it's clearly not coöperating today  >:(

    ps: Sorry for hijacking the thread, my bad, I know (even though it is related)

    –edit spelling--




  • very strange… running 2.1.4-RELEASE (amd64) with custom kernel (no vga) on a mSata, I have this persistent issue on 2 different devices (APU1C and APU1C4)
    I just created a nano version on a SD card, did a full export of my config (including RRD), uploaded it on the fresh nano, slammed that one in one of the boxes and after boot process I can open the "available packages" page without one issue ! (yes I even see the contents :o)

    Go figure.

    Not trying to be the wise-guy here, but now I'm pretty convinced there's something with the full image that is trying to access the packages repository. I found in meantime the file pkg-utils.inc and set it aside from the nano version. Going to boot again from the mSata and try to compare with that one. One never knows I could be lucky and see a difference  ::)

    –edited to avoid anyone would believe this. see below for update--



  • No luck, the 2 files are identical  :(

    Maybe I should stop searching here. (I find it strange there aren't more having the same issue)

    I saw in the file that in turn it calls a bunch of other files, if any of the guru's should have ideas?

    For the moment I'll just stick with the nano…



  • The issue was resolved for me last night. I'm not sure what caused the resolution exactly. I had a problem with not being able to ping IPv6 addresses from my LAN (and from pfsense box). I didn't realize it at first, but then noticed that for some reason I didn't get an IPv6 address from my ISP – I had it before, but it was released for some reason.

    I restarted the cable modem. After cable modem came back up, I did get IPv6 address, but now I noticed that the CPU utilization on my pfsense was staying at 50% (I have Atom D2550, 4 vCPUs, 2 cores). I checked system activity and noticed that processes named something like "services.check" and "debug.rules" were taking up the CPU cycles. I've never seen that before. I let it run for a few minutes, nothing changed, they kept running.

    At that point I restarted by pfsense. The pfsense came back up, and now I had snort taking up 50% of the CPU, constantly. I killed snort service, and it was auto-restarted by the "services monitoring" package. After that the CPU utilization came back to the usual levels of 0-3%.

    Everything is running well so far. I got the IPv6 address from ISP and can now ping IPv6 addresses. And can now access the packages site.

    I'm not sure what caused all of this chaos. It's a little concerning that it just went crazy out of the blue like that. But I guess that's what you get when running multiple packages on the same platform, more chances for conflicts and chaos like that. I'm sure that played a factor in some way.

    So, that's my story. :)



  • Hi dmitripr, good it sorted out for you.

    It seems I'm not there yet. I installed the sd card in my production box, loaded latest config again, booted, and it was even worse.
    I was unable to see the available packages (that pesky XMLRPC msg again), but what was even worse is that I had no longer access to the forum (??)
    Other pages no issue, pfSense forum did not open. (dns resolved however)
    Reverted to the full install (has become easy, just change boot order ;D)
    Now I have access to the forum again, but even though I did not touch the mSata, when I went to my packages page it couldn't display the version column anymore? So I went to the log, and found this new errors:

    Aug 8 20:18:40	php: /pkg_mgr_installed.php: XMLRPC communication error:
    Aug 8 20:18:40	php: /pkg_mgr_installed.php: XML_RPC_Client: Connection to RPC server packages.pfsense.org:443 failed. 103
    Aug 8 20:14:16	php: /pkg_mgr_installed.php: XMLRPC request failed with error 5: Didn't receive 200 OK from remote server. (HTTP/1.1 502 Bad Gateway)
    

    Pffff  >:(

    I already restarted the whole, but no avail. I anyway scrapped my earlier statement "nano vs full" before anyone would take it for true  :-[

    Really puzzled at this moment…

    -- edit: expanded with other 2 errors --



  • for all reading this… another update. (quickly, who knows how long it continues working  :-)

    All https from here to pfsense failed. Autoconfig backup, Forum, Portal, even the homepage, all inaccessible. And yes, packages is one of them.

    So. I'll call it a day. I no longer believe it's a problem with my systems. And I'll check again tomorrow if I have access again. I should have known...  ::)



  • @bennyc:

    I had no longer access to the forum (??)

    I also couldn't access pfsense sites (form, packages … nothing). Looks like they were down for some time today. Don't think it has anything to do with the pfsense box, I couldn't access the sites from work either.

    Now, they seem to be back up.



  • Well, I just tried to access packages page again, and what do you know … doesn't work. Same error as before (in the original post of this thread).

    I don't think it's the router. Something's gotta be wrong with the packages server. It seems to be a hit or a miss.



  • Definitely seems to be something wrong with the package server. pfSense attempts to do a POST to https://packages.pfsense.org/xmlrpc.php but this results in a 502 Bad Gateway error. Probably something is up with either nginx or PHP on the package server.


  • Banned

    No go on 42 firewalls…. deffo something with the server...



  • I have a fresh install and isn't working…
    I can ping packages.pfsense.org from pfsense box.@dmitripr:

    Well, I just tried to access packages page again, and what do you know … doesn't work. Same error as before (in the original post of this thread).

    I don't think it's the router. Something's gotta be wrong with the packages server. It seems to be a hit or a miss.



  • So any ETA on a fix for the 502 error? SSL cert expire? ISP gateway change and filtering HTTPS?


  • Banned

    Stale ARP cache?



  • Working now. Thanks for getting it running again. I am right in the middle of doing my last install (hopefully) of PFSense/Squid/QLProxy.
    This will work great for my kids' school.

    Jim



  • Still not working here in https !

    Those in need of a package, see this topic for a workaround:
    https://forum.pfsense.org/index.php?topic=75265.msg437914#msg437914

    –edit: I see the packages, but package installation is not coöperating yet  :( --
    --seems I have a partially installed package now.                                            --
    --new error bottom of packages page during removal:                                    --
    -- Warning: Unterminated comment starting line 904 in /usr/local/pkg/snort/snort.inc on line 904 Parse error: syntax error, unexpected $end in /usr/local/pkg/snort/snort.inc on line 904      --


  • Moderator

    – Warning: Unterminated comment starting line 904 in /usr/local/pkg/snort/snort.inc on line 904 Parse error: syntax error, unexpected $end in /usr/local/pkg/snort/snort.inc on line 904       --

    Did you try to uninstall Snort and then try a fresh install.



  • @BBcan177:

    Did you try to uninstall Snort and then try a fresh install.

    Yes, a couple of times, but each time with a different result. Removing required me to remove the files (the hard way)
    It starts fine, but never makes it completely. Noticed it also makes an https connection to the package server, so assuming now the problem is also there.

    I reverted back to https for xmlrpcbaseurl now, and still can't see the available packages. I saw on the related thread someone posted it is working again (for him), here it isn't yet so I'm going to remain a bit patient before continuing…  ;)



  • No access to packages. I can see only list of them, but when I try to install it don't. May be it from ISP on pfSense server.

    P.S. I am from Russia. Seems to me, it  comes from sanctions against us.



  • So I'm back in the office, and guess what? Packages are available on the pfSense instance here, no issue at all?
    Tunnel'ed -> home, but still no go on the home FW?
    Even opening the package page, gives again following errors:

    Aug 11 09:08:12 php: /pkg_mgr_installed.php: XMLRPC communication error:
    Aug 11 09:08:12 php: /pkg_mgr_installed.php: XML_RPC_Client: Connection to RPC server packages.pfsense.org:443 failed. 103

    Same ISP.
    Could someone point me to a direction on how to tackle this, as it's driving me nuts!



  • I've started packet capture on both systems (office = working, home != working)
    What I've noticed right away, is that the exchange at home is quite different. Reassambly is working @home, and several times a window size update during this exchange (??)
    And I don't have that in the exchange captured in the office.
    Could it be this is what the server (proxy?) is tripping over?

    What is different in setup, is that at home I present my wan connection tagged to the APU, and lan untagged… So the MTU is off by 4 bytes. Could it be there it's going wrong?
    Strange enough I see no other symptoms, and only recently this is giving problems.

    Going to try some things later, but not to keen on changing WAN connection stuff on a remote box  ::)


  • Moderator

    Bennyc,

    What browser are you using? Have you tried on a different browser as a test?



  • Hi,

    tnx for the suggestion. I work with Chrome normally, and tried with Firefox. No difference.

    Changed the MTU size of the WAN if to 1496. (so I have now 1500 for re0, and 1496 for the vlan if on re0)
    No difference in behaviour unfortunately, still still see retransmissions & lost segments warnings when I do another capture  >:(
    It does this however only when I go to "available packages". When going to "installed packages", it also connects to the server "packages.pfsense.org" on 443 but this seems to go fine (maybe less data to exchange?)

    I'm pretty sure though I'm on the right track… will try to switch to non-tagged environment for the APU this evening to at least get this working again. (it already asked too much of my time... all this just to get a package (there's no such thing as a free lunch? ::)))



  • interesting read (for someone new to freebsd): http://etutorials.org/Networking/Integrated+cisco+and+unix+network+architectures/Chapter+5.+Ethernet+and+VLANs/VLAN+Configurations/ , scroll down to § FreeBSD/OpenBSD VLAN Capabilities
    This guy says freebsd should auto-correct the MTU when creating the vlan if (decrease by 4B)

    I checked that one my system, it did not. (phys.int MTU and vlan on that int remains both 1500). No idea if that's a bug or normal behavior 8)



  • Another update… Moved from vlan approach for WAN, to regular setup, default MTU.

    1 good thing, some bad.

    The good:

    • I saw available packages again on my home FW.

    The bad:

    • I cannot prove it is no coincidence. Could be just luck, or someone fixing the packages server.

    • Note the "past" in the good news. Saw. It worked once. Gone again….

    • I still have some errors in log, though also different onces. And many of them are arprequest errors

    The new errors:
    Aug 11 23:28:45 kernel: arprequest: cannot find matching address
    Aug 11 23:28:35 php: /pkg_mgr.php: XMLRPC communication error:
    Aug 11 23:28:35 php: /pkg_mgr.php: XML_RPC_Client: Connection to RPC server packages.pfsense.org:443 failed. 103



  • I have monitored by Wireshark VmWare's Workstation with installed pfsense 2.1.4, with changed "xmlrpcbaseurl" => "http://packages.pfsense.org"

    Result: pfSense make successful request for available packages. But when I selected some packages to install, it has switched to the https-traffic. And failed to receive anything.

    I can provide logs from Wireshark by demand.

    Next time I will try to use VPN, with US-based IP.



  • Issue seems to be solved?
    Didn't touch anything here, but have https access again + was able to install packages.

    You got to love it  ;D



  • Hi!

    Can confirm. Two of my 2.1.4 installations now show Available Packages with out any problems.

    It would be fun to know if the pf-team did something to the packet-server. Did you?  ;)



  • Hey guys!

    I have still problems with IPv6 access to packages…
    Unable to communicate with www.pfsense.com. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.

    Also see this:

    IPv6 validation for http://www.pfsense.com

    AAAA DNS record 2610:160:11:11::69
    IPv6 web server web server is unreachable : No route to host
    IPv6 DNS server

    And:

    IPv6 validation for https://packages.pfsense.org

    AAAA DNS record 2610:160:11:11::88
    IPv6 web server web server is unreachable : Connection timed out
    IPv6 DNS server

    What is going on here?
    On IPv4 works just fine.

    I have no snort blocks and all other IPv6 services and sites are working just fine for me.
    This is happening on 2 different pfSense boxes, one 2.1.4 and other 2.1

    Regards,
    Greg



  • Any further information? I have the same Problem.



  • Guys,

    I am having the same issue and pfSense won't allow me to install any new packages.

    php: /pkg_mgr.php: XMLRPC request failed with error 5: Didn't receive 200 OK from remote server. (HTTP/1.0 403 Forbidden)

    I also receive "faultCode 105 faultString XML error: Invalid document end at line 1" when trying to access https://packages.pfsense.org/xmlrpc.php.

    If I open https://packages.pfsense.org/ the only thing I see is "packages.pfsense.org".

    Anybody shares the same issues?

    Heelp :)



  • It appears that packages.pfsense.org now has an IPv6 address and pfSense package manager does not implement Happy Eyeballs and thus is failing to fallback to IPv4 if you have IPv6 enabled but no successful connection through the Internet.

    I removed my default IPv6 route and the package manager sprung back to life.  I was testing routing IPv6 over OpenVPN with a ULA prefix.



  • Given that Happy Eyeballs only exists in (quoting from your link): Google's Chrome web browser, Opera 12.10, Firefox version 13, and Mac OS X Lion, I'm going to hand this back to you with a, "patches accepted".


Log in to reply