Unable to communicate with https://packages.pfsense.org.



  • Dear Experts,

    i upgraded PF sense to 2.1.5 but after that i am unable to see the available packages as it's displaying the following error:

    Unable to communicate with https://packages.pfsense.org. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity

    Can anyone please help me out to get out from the victim.

    Thanks.



  • no answer yet? could you further investigate this or already solved it? I have this same problem and currently using v2.2 …


  • Netgate Administrator

    Is it able to check for updates at the dashboard?

    Steve



  • In my case, yes, it seems to communicate and confirm that I'm on the latest version…

    ![Captura de pantalla - 110215 - 09:12:51.png](/public/imported_attachments/1/Captura de pantalla - 110215 - 09:12:51.png)
    ![Captura de pantalla - 110215 - 09:12:51.png_thumb](/public/imported_attachments/1/Captura de pantalla - 110215 - 09:12:51.png_thumb)


  • Netgate Administrator

    Have you ever used a custom package repository?
    Try fetching the package list directly from the command line:

    [2.2-RELEASE][root@pfSense.localdomain]/root: fetch -o /dev/null https://www.pfsense.org/packages/pkg_config.10.xml
    /dev/null                                     100% of   73 kB  313 kBps 00m00s
    
    

    Also are you using the DNS forwarder or resolver? You don't have localhost as one of your listed dns servers.

    Steve



  • Hi, I've noticed that ping6 directly to the ipv6 number couldn't reach even my GW (this is accesible from any ping from the web without any problems).

    About the DNS I have it as a forwarder not as a resolver (please see attached img)

    I could successfully fetch from the command line (also attached to te image)

    ![Captura de pantalla - 120215 - 16:55:46.png](/public/imported_attachments/1/Captura de pantalla - 120215 - 16:55:46.png)
    ![Captura de pantalla - 120215 - 16:55:46.png_thumb](/public/imported_attachments/1/Captura de pantalla - 120215 - 16:55:46.png_thumb)


  • Netgate Administrator

    If you have a broken v6 connection try this:
    https://doc.pfsense.org/index.php/Controlling_IPv6_or_IPv4_Preference

    Steve



  • You might consider entering a IPV6 DNS server at the bottom of the list of DNS servers…

    Or disabling IPV6 altogether if you just don't quite understand it?



  • @stephenw10, that solved the error contacting http://packages.pfsense.org, now I have a working list :-)

    @kejianshi, as it fails pinging6 from the pfsense server to the default external GW using the ipv6 address directly, no DNS can be contacted either.

    (*) ipv6 was configured-uncofngured here by a long-gone sysadmin who made some strange things here.

    I too think that disabling ipv6 completely could have resolved this quickly but I really would like to have this ipv6 working, it would be really helpful if anyone knows a good document to start the config over.

    Thank you very much again!



  • You want IPV6 working?  we can do that too…

    IPV6 seems easier to me than IPV4 - Maybe I'm strange.


  • Netgate Administrator

    Yeah, you're strange.  ;)

    Impossible to really give you much advise without knowing a lot more about your network but a good place to start would be here:
    https://doc.pfsense.org/index.php/Example_basic_configuration

    Steve



  • Its as easy as IPV4 and no NAT issues.  Sure its base 16 but I have 8 fingers on each hand, so no problem.  (-;

    I love that I can easily give anything I want a public IP and easily firewall it.

    For Audio/Video this will be great as soon as people accept it.

    My biggest issue is that most things are IPV6 ready but not really being skinned in most GUIs yet.



  • @stephenw10, thank you again but that seems pretty general, one thing in my network is that we don't have DMZ :-)

    @kejianshi, great you find it v6 easier than v4, I'm still grasping it

    I want to install squid (or squid3?) + squidgauard (or dansguard?) and I'm reading that these packages have problems with ipv6, is this right?

    A little context if you could use it for some advice…

    Our public ipv6 addresses are

    
    network 2800:160:17C5:0:0:0:0:0/48
    GW 2800:160:17C5:0:0:0:0:1
    
    

    My pfsense server info

    2.2-RELEASE (amd64) 
    built on Thu Jan 22 14:03:54 CST 2015 
    FreeBSD 10.1-RELEASE-p4
    You are on the latest version.
    

    This server has 3 network i/f and 3 vlans

    cablenic WAN	 up	100baseTX <full-duplex> 190.8.65.21 2800:160:17c5::2
     cablenic intsi	         up	1000baseT <full-duplex> 192.168.32.253
     cablenic intsm	         up	1000baseT <full-duplex> 192.168.18.245
     cablenic VLANCER up	1000baseT <full-duplex> 172.28.255.254 2800:160:17c5::1:1 (here are 50% of network PCs)
     cablenic VLANTI	 up	1000baseT <full-duplex> 192.168.168.1
     cablenic VLANSEM up	1000baseT <full-duplex> 192.168.14.254 (here are 50% of network PCs)</full-duplex></full-duplex></full-duplex></full-duplex></full-duplex></full-duplex>
    

    Thank you again!!


  • Netgate Administrator

    The best piece of advise I can give you is to start with a basic configuration and build it up testing at each stage. Don't try and do everything in one go.

    @ kejianshi: Hexadecimal limbs, why didn't I think of that.  ;)

    Steve


  • LAYER 8 Global Moderator

    So what IPv6 are you using on the lan side if that is your public?

    inetnum:    2800:160::/32
    status:      allocated
    aut-num:    N/A
    owner:      Gtd Internet S.A.
    ownerid:    CL-GISA-LACNIC
    responsible: Manuel Suanez Berrios
    address:    Moneda, 920, Piso 11
    address:    6500712 - Santiago - RM
    country:    CL



  • @johnpoz, I had this previous config which might have changed as I was playing around…

    VLANCER, 2800:160:17c5::1:1 /52
    VLANSEM, 2800:160:17c5::1:2 /52 and so on...
    

    @stephenw10, you are correct, step-by-step, the only thing I want by now is to establish connection from my pfsense server to  my default public GW first then to the world using ipv6 address –no DNS at first :-)

    Our DNS servers would be

    2800:160::2
    2800:160::1
    

    Thanks for your kind replies!


  • LAYER 8 Global Moderator

    /52 ??  yeah that would not be correct..



  • Sleeping - Look at this when I wake.



  • @johnpoz /52 is not correct? I thought it could be subdivided in 16 networks with this… any suggestion?


  • LAYER 8 Global Moderator

    min size of ipv6 segment is suppose to be /64, you can get a /48 for example from say tunnel broker HE, they route that to you via your tunnel then you can break that up into as many /64 you want.


  • Netgate Administrator

    But those VLANs have the same subnet, no?



  • I have had great success with a /48 for WAN and handing out /64s on all interfaces, including openvpn interfaces.

    I do want to experiment with something like a /52 on the WAN and handing out a limited number of /64s after. (tried before and failed)

    Why?  Because some data centers for some odd reason are still hesitant to hand me a /48.  Maybe all they have is a /48 themselves?

    I know thats a crap configuration, but it would solve problems for me also to get that to work.

    I will soon have a chance to try that…  "soon" according to the data center.

    However, as previously stated, if you want IPV6 now, getting a HE IPV6 tunnel works super well.



  • @stephenw10, yes, those VLANs had the same /52…

    @kejianshi, I will better go with /64, so I will post here how it goes...

    In any case my "problem" is pinging from pfsense to my default route (even though both ips answer from the Internet)...

    
    pfsense             <----> default GW 
    2800:160:17c5::2/48 <----> 2800:160:17c5::1 /48
    
    

    I don't know why but I'm still thinking the ipv4 way, I resist to waste so many addresses :-)

    Thank you guys for following up…



  • /64 on the wan is near useless.  You really want to be able to give each LAN/OPT interface a /64



  • @kejianshi I'm sorry I wasn't clear… I want first to get this two addresses to communicate each other (pf <-> gw) using the /48 mask... only then I will change the /52 to /64 configs for my internal networks...

    Any suggestion as to how troubleshoot this pf <-> gw issue? It's worth saying that this problem presents only for ipv6. It works fine in ipv4...

    I'm folllowing this document, but I have done it twice for the WAN part and I still don't find anything  :-
    https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

    Thank you again



  • Just to let you know that I finally could establish comm between pf <-> gw . I'm almost sure it was a fw rule, but I touched so many little things… now I'm going to subnet using /64... Thank you all for your kind support.



  • Its really difficult to help figure out IPV6 without seeing your settings.  For me anyway.  But I'm glad its working for you.



  • Hello,

    Just to let you know that my IPv6 is working now, again it seemed to be a faulty firewall rule. Once the connection established between my "pfsense" <-> "default isp gw" everything else went fine.

    . public addresses 2800:160:17C5::/48
    . internal addresses 2800:160:17C5:1~4::/64

    Initially I messed up with dhchpv6, then manual ipv6, finally stateless :-) and it works all right!

    Again, thank you all for your great comments and support!


Log in to reply