Update questions



    1. pfSense update:

    So on my home page, I'm always getting this:

    http://cl.ly/image/2B1b0V0A0q3w

    Unable to check for update.

    Why would that be?

    1. Package update

    In my installed packages, I see this:

    http://cl.ly/image/1a262I3v140n

    So I know there's an update… I don't understand how to update the packages?

    I know I'm a complete n00b but seriously... how do I update?

    All I can do is:

    • Read the changelog

    • Delete the package

    • Reinstall the package

    • Reinstall components

    I'm kinda afraid to reinstall the packages as I could loose the configuration but is that the way to upgrade?



  • pfsense needs to connect with updates.pfsense.org to check for updates and run auto-update. Try Diagnostics menu, DNS lookup and Ping with url updates.pfsense.org to verify.



  • Might also be worth checking to see if the updater settings are correct (System/Firmware + Updater Settings tab).



  • @gjaltemba:

    pfsense needs to connect with updates.pfsense.org to check for updates and run auto-update. Try Diagnostics menu, DNS lookup and Ping with url updates.pfsense.org to verify.

    DNS Lookup:

    Server	Query time
    127.0.0.1	No response
    24.201.245.77	7 msec
    24.200.0.1	72 msec
    24.53.0.2	62 msec
    

    Ping output:

    PING updates.pfsense.org (162.208.119.39): 56 data bytes
    64 bytes from 162.208.119.39: icmp_seq=0 ttl=51 time=29.695 ms
    64 bytes from 162.208.119.39: icmp_seq=1 ttl=51 time=27.981 ms
    64 bytes from 162.208.119.39: icmp_seq=2 ttl=51 time=30.925 ms
    

    –- updates.pfsense.org ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 27.981/29.534/30.925/1.207 ms

    @muswellhillbilly:

    Might also be worth checking to see if the updater settings are correct (System/Firmware + Updater Settings tab).

    Nothing was selected in the "Default Auto Update URLs"

    So I selected AMD64 stable

    But still, Auto Update fails:

    Downloading new version information...done
    Unable to check for updates.
    Could not contact custom update server.
    

  • Rebel Alliance Global Moderator

    you shouldn't have to put anything in the dropdown.

    Why did you not get a response from 127.0.0.1?

    To be honest that should really be the only dns in pfsense setup unless your not running resolver or forwarder on pfsense.  And if that is the case that entry should be removed.




  • @johnpoz:

    you shouldn't have to put anything in the dropdown.

    Why did you not get a response from 127.0.0.1?

    To be honest that should really be the only dns in pfsense setup unless your not running resolver or forwarder on pfsense.  And if that is the case that entry should be removed.

    It happened when I set up a proxy server with pfSense.

    I was getting terrible speeds and so on this forum it was recommended to me to add the DNS servers from my connection to the "Use alternate DNS-servers for the proxy-server" box in the config for SQUID.

    I did that and since then it works perfect!

    Can this be a problem in regards to the update?


  • Rebel Alliance Global Moderator

    Yeah that suggestion makes no sense..  So your dns you were using sucked?  Again if your not running resolver or forwarder than pointing to loopback 127 is pointless.  Are you running forwarder or resolver - then why did it not answer?

    on pfsense shell query updates.pfsense.org

    [2.2.2-RELEASE][root@pfSense.local.lan]/root: drill updates.pfsense.org
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 43659
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; updates.pfsense.org. IN      A

    ;; ANSWER SECTION:
    updates.pfsense.org.    600    IN      A      208.123.73.82
    updates.pfsense.org.    120    IN      A      162.208.119.39

    ;; AUTHORITY SECTION:

    ;; ADDITIONAL SECTION:

    ;; Query time: 115 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Thu May 21 06:17:03 2015
    ;; MSG SIZE  rcvd: 69
    [2.2.2-RELEASE][root@pfSense.local.lan]/root:


  • Banned

    With proxy junk, every cryptic issue makes "sense".



  • @doktornotor:

    With proxy junk, every cryptic issue makes "sense".

    So what… I should use a proxy?

    I need to do content filtering and such... how can I do that then?

    @johnpoz:

    Yeah that suggestion makes no sense..  So your dns you were using sucked?  Again if your not running resolver or forwarder than pointing to loopback 127 is pointless.  Are you running forwarder or resolver - then why did it not answer?

    on pfsense shell query updates.pfsense.org

    [2.2.2-RELEASE][root@pfSense.local.lan]/root: drill updates.pfsense.org
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 43659
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; updates.pfsense.org. IN      A

    ;; ANSWER SECTION:
    updates.pfsense.org.    600    IN      A      208.123.73.82
    updates.pfsense.org.    120    IN      A      162.208.119.39

    ;; AUTHORITY SECTION:

    ;; ADDITIONAL SECTION:

    ;; Query time: 115 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Thu May 21 06:17:03 2015
    ;; MSG SIZE  rcvd: 69
    [2.2.2-RELEASE][root@pfSense.local.lan]/root:

    [2.1.5-RELEASE][root@pfSense.BlazeStar.lan]/root(3): drill updates.pfsense.org
    drill: Command not found.
    

  • Banned

    You need to use content filtering for pfSense itself? Really? What for?

    Regarding drill, this is present on 2.2.x. On 2.1.x, kindly use dig.


  • Rebel Alliance Global Moderator

    drill is part of unbound I thought, I don't recall having to install that on psfsense.  Oh your only on 2.1.5

    So you don't have the resolver, so your only forwarding, or seems your not since you got not answer from 127.0.0.1 in your previous.

    Use the host command then..

    [2.2.2-RELEASE][root@pfSense.local.lan]/root: host updates.pfsense.org 127.0.0.1
    Using domain server:
    Name: 127.0.0.1
    Address: 127.0.0.1#53
    Aliases:

    updates.pfsense.org has address 208.123.73.82
    updates.pfsense.org has address 162.208.119.39
    updates.pfsense.org has IPv6 address 2610:160:11:11::82
    updates.pfsense.org has IPv6 address 2610:1c1:3::109


  • Banned

    Setting the proxy clearly does not work properly on 2.1.x, as an example: https://redmine.pfsense.org/issues/3789

    Exclude your pfSense from any shitty proxying and you won't have issues.


  • Rebel Alliance Global Moderator

    so your setting a proxy in pfsense - here?




  • Okay so sorry for being such a n00b maybe I didn't express myself correctly.

    First of all, i performed a manual firmware upgrade by downloading the update file from pfsense.org
    So that's that.
    Now I'm up to date.

    However, after the reboot, I've been getting these errors :

    Crash report begins.  Anonymous machine information:
    
    amd64
    8.3-RELEASE-p16
    FreeBSD 8.3-RELEASE-p16 #0: Mon Aug 25 08:27:11 EDT 2014     root@pf2_1_1_amd64.pfsense.org:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.8
    
    Crash report details:
    
    PHP Errors:
    [21-May-2015 16:53:32 Canada/Eastern] PHP Fatal error:  Class 'SQLite3' not found in /etc/inc/captiveportal.inc on line 1334
    [21-May-2015 16:53:50 Canada/Eastern] PHP Fatal error:  Class 'SQLite3' not found in /etc/inc/captiveportal.inc on line 1334
    [21-May-2015 16:54:12 Canada/Eastern] PHP Fatal error:  Class 'SQLite3' not found in /etc/inc/captiveportal.inc on line 1334
    [21-May-2015 16:54:52 Canada/Eastern] PHP Fatal error:  Class 'SQLite3' not found in /etc/inc/captiveportal.inc on line 1334
    
    Filename: /var/crash/minfree
    2048
    

    Good news is I don't use the captive portal (yet) this was just a test which I could never get to work.

    I'd still like to repair that.

    I'm also getting those "notices" :

    05-21-15 16:56:29	[ There were error(s) loading the rules: pfctl: DIOCADDRULE: Operation not supported by device - The line in question reads [0]: ]
    

    Finally, I am still unable to see potential upgrades from the dashboard:

    Version	
    2.2.2-RELEASE (amd64) 
    built on Mon Apr 13 20:10:22 CDT 2015 
    FreeBSD 8.3-RELEASE-p16
    
    Unable to check for updates.
    

    Second topic, what I was referring to when talking about a proxy was not that I use an external proxy to access the internet from pfSense.
    I installed the Squid3 packages to create a proxy on pfSense.
    The goal is that I want to do content filtering on my LAN.
    To block sites like Facebook, YouTube and so on.

    Now @doktornotor when you refer to "shitty proxying" are you saying I should NOT use SQUID3 on pfSense?
    Why?


  • Rebel Alliance Global Moderator

    So does pfsense now show if there is updates or not?




  • @johnpoz:

    So does pfsense now show if there is updates or not?

    Nope!

    Check out my message above : "Unable to check for updates."


  • Banned

    @BlazeStar:

    Now @doktornotor when you refer to "shitty proxying" are you saying I should NOT use SQUID3 on pfSense?
    Why?

    Look at the Cache/Proxy subforum and see for yourself.



  • @doktornotor:

    Look at the Cache/Proxy subforum and see for yourself.

    So is there a less "shitty" way to do content filtering??