Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Unable to check for updates.

    General pfSense Questions
    4
    5
    2959
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      Qvik last edited by

      Hello,

      I've been using pfSense since a few months and I really get good performances on my network.

      However, I was trying to get pfBlocker installed today and I noticed that I was unable to check for updates and also unable to get the packages available…

      I run 2.2.2-RELEASE (amd64).

      => So I did of course do the basic power cycle...
      => I checked the browsing capabilities and DNS resolution... I can browse
      => I can browse to https://updates.pfsense.org/_updaters/amd64 which was set by pfsense with the drop down menu "Default Auto Update URLs"
      => I get this from the Auto Update Tab
      Downloading new version information…done
      Unable to check for updates.
      Could not contact custom update server.

      Any idea on how to proceed with more troubleshooting?

      Thank you

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        Do you have set a special update URL in System > Firmware > Settings?

        Do you have checked DNS resolution at pfSense or an another host?

        1 Reply Last reply Reply Quote 0
        • Q
          Qvik last edited by

          The URL in the System > Firmware > Settings is https://updates.pfsense.org/_updaters/amd64.
          It is set on auto update URL, i didn't make any changes there.

          For DNS resolution, Enable DNS Resolver is checked.
          No DNS forwarder.
          Pretty much the WAN is handling DNS (my ISP). I tried to add a 8.8.8.8 entry but didn't change anything.

          1 Reply Last reply Reply Quote 0
          • K
            kjemison1966 last edited by

            Just a thought…  A few months ago I saw a thread on this same type of behavior and it stemmed back to IPv6 not being enable... Do a quick search on it just to be sure.

            1 Reply Last reply Reply Quote 0
            • E
              Elludium_Q-36 last edited by

              I have no trouble checking, downloading, nor installing packages, via: ../pkg_mgr.php

              In General Settings I have "Do not use the DNS Forwarder or Resolver as a DNS server for the firewall" left UNCHECKED.

              DNS Fowarder is set for all interfaces, including outbound.

              I am able to use DNS Lookup for: updates.pfsense.org 
              127.0.0.1    2884 msec
              208.67.222.222    150 msec
              208.67.220.220    95 msec
              (I'm on a high latency connection.)

              I'm able to ping, IPv4, from localhost:
              PING updates.pfsense.org (162.208.119.39) from 127.0.0.1: 56 data bytes
              64 bytes from 162.208.119.39: icmp_seq=0 ttl=47 time=81.618 ms
              64 bytes from 162.208.119.39: icmp_seq=1 ttl=47 time=82.650 ms
              64 bytes from 162.208.119.39: icmp_seq=2 ttl=47 time=106.709 ms
              64 bytes from 162.208.119.39: icmp_seq=3 ttl=47 time=119.578 ms
              64 bytes from 162.208.119.39: icmp_seq=4 ttl=47 time=84.123 ms
              64 bytes from 162.208.119.39: icmp_seq=5 ttl=47 time=83.495 ms
              64 bytes from 162.208.119.39: icmp_seq=6 ttl=47 time=84.426 ms
              64 bytes from 162.208.119.39: icmp_seq=7 ttl=47 time=83.794 ms
              64 bytes from 162.208.119.39: icmp_seq=8 ttl=47 time=156.653 ms
              64 bytes from 162.208.119.39: icmp_seq=9 ttl=47 time=107.951 ms

              –- updates.pfsense.org ping statistics ---
              10 packets transmitted, 10 packets received, 0.0% packet loss
              round-trip min/avg/max/stddev = 81.618/99.100/156.653/23.155 ms

              I have IPv6 disallowed.

              Traceroute, IPv4, localhost, with Reverse Address Lookup, and Use ICMP, worked, showing 20 hops:
              20  162.208.119.39 (162.208.119.39)  104.809 ms  132.864 ms  103.264 ms

              I'm using: 
                  2.2.5-RELEASE (i386)
              built on Wed Nov 04 15:50:18 CST 2015
              FreeBSD pfSense.localdomain 10.1-RELEASE-p24 FreeBSD 10.1-RELEASE-p24 #0 f27a67c(releng/10.1)-dirty: Wed Nov 4 16:13:40 CST 2015 root@pfs22-i386-builder:/usr/obj.RELENG_2_2.i386/usr/pfSensesrc/src.RELENG_2_2/sys/pfSense_SMP.10 i386

              This was a clean, full install.  Right "out of the box", it couldn't check.  All I did at initial install was set the minimum interfaces, to get to the GUI web configurator.  You know, even the last version I had, couldn't check updates.

              NOW....

              on ../system_firmware_settings.php
              The setting to allow, Unsigned Images, is NOT checked.   
              The setting to disable, Dashboard Check, is NOT checked, obviously. 
              BUT, I've tried it WITH, and withOUT:  "Use an unofficial server for firmware upgrades"
              Setting the dropdown to the correct i386 sets that setting checked, and the url to: 
              https://updates.pfsense.org/_updaters
              I see an ../amd64 subdir', for there, but no ../i386

              I again tried it manually, ../system_firmware_check.php , with the default, or seeing, filled in, https://updates.pfsense.org/_updaters

              Downloading new version information…done
              Unable to check for updates.
              Could not contact pfSense update server https://updates.pfsense.org/_updaters

              I noticed that just going to https://updates.pfsense.org shows a "hello world" type page, with the text:

              updates.nyi.pfsense.org

              and I noticed that in one of the traceroute results.
              So, I tried, as a custom update address: https://updates.nyi.pfsense.org/_updaters , which is valid, and shows the same index, as the default link, above.  The resulting output of  ../system_firmware_check.php was:

              Downloading new version information…done
              Unable to check for updates.
              Could not contact custom update server.

              Hmmm…  I wonder about the certificate, and, I wonder...

              :P

              1 Reply Last reply Reply Quote 0
              • First post
                Last post