Unable to check for updates.

Qvik

Hello,

I've been using pfSense since a few months and I really get good performances on my network.

However, I was trying to get pfBlocker installed today and I noticed that I was unable to check for updates and also unable to get the packages available…

I run 2.2.2-RELEASE (amd64).

=> So I did of course do the basic power cycle...
=> I checked the browsing capabilities and DNS resolution... I can browse
=> I can browse to https://updates.pfsense.org/_updaters/amd64 which was set by pfsense with the drop down menu "Default Auto Update URLs"
=> I get this from the Auto Update Tab
Downloading new version information…done
Unable to check for updates.
Could not contact custom update server.

Any idea on how to proceed with more troubleshooting?

Thank you

viragomann

Do you have set a special update URL in System > Firmware > Settings?

Do you have checked DNS resolution at pfSense or an another host?

Qvik

The URL in the System > Firmware > Settings is https://updates.pfsense.org/_updaters/amd64.
It is set on auto update URL, i didn't make any changes there.

For DNS resolution, Enable DNS Resolver is checked.
No DNS forwarder.
Pretty much the WAN is handling DNS (my ISP). I tried to add a 8.8.8.8 entry but didn't change anything.

kjemison1966

Just a thought…  A few months ago I saw a thread on this same type of behavior and it stemmed back to IPv6 not being enable... Do a quick search on it just to be sure.

Elludium_Q-36

I have no trouble checking, downloading, nor installing packages, via: ../pkg_mgr.php

In General Settings I have "Do not use the DNS Forwarder or Resolver as a DNS server for the firewall" left UNCHECKED.

DNS Fowarder is set for all interfaces, including outbound.

I am able to use DNS Lookup for: updates.pfsense.org 
127.0.0.1    2884 msec
208.67.222.222    150 msec
208.67.220.220    95 msec
(I'm on a high latency connection.)

I'm able to ping, IPv4, from localhost:
PING updates.pfsense.org (162.208.119.39) from 127.0.0.1: 56 data bytes
64 bytes from 162.208.119.39: icmp_seq=0 ttl=47 time=81.618 ms
64 bytes from 162.208.119.39: icmp_seq=1 ttl=47 time=82.650 ms
64 bytes from 162.208.119.39: icmp_seq=2 ttl=47 time=106.709 ms
64 bytes from 162.208.119.39: icmp_seq=3 ttl=47 time=119.578 ms
64 bytes from 162.208.119.39: icmp_seq=4 ttl=47 time=84.123 ms
64 bytes from 162.208.119.39: icmp_seq=5 ttl=47 time=83.495 ms
64 bytes from 162.208.119.39: icmp_seq=6 ttl=47 time=84.426 ms
64 bytes from 162.208.119.39: icmp_seq=7 ttl=47 time=83.794 ms
64 bytes from 162.208.119.39: icmp_seq=8 ttl=47 time=156.653 ms
64 bytes from 162.208.119.39: icmp_seq=9 ttl=47 time=107.951 ms

–- updates.pfsense.org ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 81.618/99.100/156.653/23.155 ms

I have IPv6 disallowed.

Traceroute, IPv4, localhost, with Reverse Address Lookup, and Use ICMP, worked, showing 20 hops:
20  162.208.119.39 (162.208.119.39)  104.809 ms  132.864 ms  103.264 ms

I'm using: 
    2.2.5-RELEASE (i386)
built on Wed Nov 04 15:50:18 CST 2015
FreeBSD pfSense.localdomain 10.1-RELEASE-p24 FreeBSD 10.1-RELEASE-p24 #0 f27a67c(releng/10.1)-dirty: Wed Nov 4 16:13:40 CST 2015 root@pfs22-i386-builder:/usr/obj.RELENG_2_2.i386/usr/pfSensesrc/src.RELENG_2_2/sys/pfSense_SMP.10 i386

This was a clean, full install.  Right "out of the box", it couldn't check.  All I did at initial install was set the minimum interfaces, to get to the GUI web configurator.  You know, even the last version I had, couldn't check updates.

NOW....

on ../system_firmware_settings.php
The setting to allow, Unsigned Images, is NOT checked.   
The setting to disable, Dashboard Check, is NOT checked, obviously. 
BUT, I've tried it WITH, and withOUT:  "Use an unofficial server for firmware upgrades"
Setting the dropdown to the correct i386 sets that setting checked, and the url to: 
https://updates.pfsense.org/_updaters
I see an ../amd64 subdir', for there, but no ../i386

I again tried it manually, ../system_firmware_check.php , with the default, or seeing, filled in, https://updates.pfsense.org/_updaters

Downloading new version information…done
Unable to check for updates.
Could not contact pfSense update server https://updates.pfsense.org/_updaters

I noticed that just going to https://updates.pfsense.org shows a "hello world" type page, with the text:

updates.nyi.pfsense.org

and I noticed that in one of the traceroute results.
So, I tried, as a custom update address: https://updates.nyi.pfsense.org/_updaters , which is valid, and shows the same index, as the default link, above.  The resulting output of  ../system_firmware_check.php was:

Downloading new version information…done
Unable to check for updates.
Could not contact custom update server.

Hmmm…  I wonder about the certificate, and, I wonder...

:P