Auto Upgrade impossible - Unable to check for updates



  • Hello,

    I'm using Pfsense 2.2.1-release (amd64).
    But in the home of my Fw it says : "Unable to check for updates".

    If I go to system / Firmware / Auto Update ;
    Downloading new version information…done
    Unable to check for updates.
    Could not contact pfSense update server https://updates.pfsense.org/_updaters/amd64

    If I go to system / Firmware / Updater Settings ;
    Nothing in Default auto update Urls, and nothing in Base Url.

    If I select "pfsense amd64-stable updates (current architecture)", The checkbox "use en unofficial server for firmware upgrades" is automaticaly checked, and in base url I have : https://updates.pfsense.org/_updaters/amd64

    I save … and still unable to check for update ....

    I was in 2.2, ans I did a manual upgrade, and it works, but still no auto update avalaible...

    How to enable auto update ??

    Thanks.



  • It should just work.  Are you sure that you have Internet access from WAN?  Are you able to go to Diagnostics - Ping and ping 8.8.8.8?



  • Assuming you have a connection, fix your DNS.



  • Dns problème , good point. I have a bind on it, to manage private dns entry.

    I activate the option : " Do not use the DNS Forwarder as a DNS server for the firewall "

    I can ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8) from 212.129.29.175: 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=59 time=1.041 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=1.034 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=1.023 ms

    –- 8.8.8.8 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 1.023/1.033/1.041/0.007 ms

    I can ping google.com
    PING google.com (173.194.40.99) from 212.129.29.175: 56 data bytes
    64 bytes from 173.194.40.99: icmp_seq=0 ttl=58 time=1.035 ms
    64 bytes from 173.194.40.99: icmp_seq=1 ttl=58 time=1.065 ms
    64 bytes from 173.194.40.99: icmp_seq=2 ttl=58 time=1.055 ms

    --- google.com ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 1.035/1.052/1.065/0.012 ms

    But still not able to get version information ...
    Downloading new version information...done
    Unable to check for updates.
    Could not contact custom update server.

    I can ping updates.pfsense.org
    PING updates.pfsense.org (162.208.119.39): 56 data bytes
    64 bytes from 162.208.119.39: icmp_seq=0 ttl=52 time=100.938 ms
    64 bytes from 162.208.119.39: icmp_seq=1 ttl=52 time=100.937 ms
    64 bytes from 162.208.119.39: icmp_seq=2 ttl=52 time=100.909 ms

    --- updates.pfsense.org ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 100.909/100.928/100.938/0.013 ms

    And I can do telnet on updates.pfsense.org 443
    telnet updates.pfsense.org 443
    Trying 162.208.119.39...
    Connected to updates.pfsense.org.
    Escape character is '^]'.
    GET
    HTTP/1.1 400 Bad Request
    Server: nginx/1.6.2
    Date: Tue, 24 Mar 2015 21:51:29 GMT
    Content-Type: text/html
    Content-Length: 172
    Connection: close

    <title>400 Bad Request</title>

    <center>

    400 Bad Request

    </center>


    <center>nginx/1.6.2</center>

    Connection closed by foreign host

    My Fw handle the public Ip. All my services are up (mails, web, vpn).
    But I can't check the update.

    Any other good ideas ??



  • Play with DNS, Gateway, and General Settings. For example, change settings, then change back to original settings.

    I occasionally experience this problem. The above usually fixes it. Just some quirk/bug, I imagine.



  • You may also get that problem while everything else seems fine if under general setup, you have " Do not use the DNS Forwarder as a DNS server for the firewall " checked.



  • I totally stopped the  DNS forwarder and the DNS resolver.
    I use bind for my internal zone.
    I use thdse dns servers for the public DNS :
    88.191.253.51
    88.191.253.52
    8.8.8.8
    192.168.1.254

    these two pings are working :
    ping -S public_ip updates.pfsense.org
    ping -S 192.168.1.254 updates.pfsense.org

    How verify in command line the configuration of the firmware upgrade ?



  • I had same problem.

    Using 'default' interface for PING I was unable to ping www.google.com unless I specifically selected one of my WAN interfaces (it would then work).

    Turned out that PFSense was using the wrong 'default' in its interface selection.  Once I selected the 'default' gateway for one of my WAN interfaces and saved, everything was cured and PFSense could get its updates automatically.

    I believe this was because PFSense originally set up on of my LAN interfaces as WAN and I swapped this later.

    Hope this helps someone…



  • Nope …
    I checked every thing and all are ok...
    The default interface is ok for the Wan interface, and no gateway for the 2 others lan interfaces.



  • I hate it when no one follows through, resolves the issue, or marks it as "solved"!

    I searched, but wound up posting in :

    Unable to check for updates.    https://forum.pfsense.org/index.php?topic=94909.0

    :(



  • Hi, I was too with same problem without resolution in anywhere place, That I did, In my machine, I browsing the site: https://updates.pfsense.org/_updaters/latest.tgz, downloaded this file, then was to firewall into system, firmware - Enable Firmware Update, Select File, and point to latest.tgz, click in Upgrade Firmware and wait the process finished.

    I hope that help u



  • Thank you, BUT…

    You shouldn't have to manually download ANYTHING!!!!!

    Maybe it only affects those who aren't Gold Members!


    Let's see...  I don't allow anything to access my LAN, so I'd probably have to download that to my desktop, then file transfer it to my pfSense machine, and then point to the file, recursively.  Then, i'd need to set some utility to poll for changes to the file, on the pfSense server.

    Yeah, "sure"!!!!



  • That means the system can't download a file from us. Most often in current versions, broken IPv6 connectivity on your system is the cause, it thinks it has v6 connectivity but doesn't. System>Advanced, Networking, check "Prefer IPv4 over IPv6". Reboot, then try again. Second most likely, DNS on the host itself is non-functional.

    @Elludium_Q-36:

    Maybe it only affects those who aren't Gold Members!

    ::) No, the software has no clue whether you're a gold member.