Package Manager unable to communicate to pfsense.com



  • Hello,

    I'm running two pfsense boxes through the same ISP.

    One is at the office and the other is at the ISP's colocation facility.

    The one in the co-location facility hasn't ever been able to bring up the package manager screen while the one at the office can.

    I get a message "Unable to communicate to pfSense.com. Please check DNS, default gateway, etc." when I go to packages.

    I've seen a couple of posts in google about this.  One mentioning allowing DNS server list to be overwritten by DHCP/PPP on WAN and the other about a problem at pfsense's ISP.

    I'm not quite sure where else to turn.

    Thanks in advance.



  • You have to make sure that your pfSense can resolve hostnames. In case you have static IP assignment at your colocation (I guess you have) make sure you have entered some valid DNS servers at system>general. When not using DHCP or PPPoE WAN untich the override box (though it should not be needed). To test if DNS is working go to diagnostics>ping and try to ping pfsense.org.



  • On the system I can't view the packages, I get…


    Ping output:

    PING pfsense.org (69.64.6.21) from 76.9.192.250: 56 data bytes

    --- pfsense.org ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss


    On the system that I can see the packages, I get...


    Ping output:

    PING pfsense.org (69.64.6.21) from 76.9.192.242: 56 data bytes

    --- pfsense.org ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss


    Additionally, from the shell on both systems.

    traceroute from the unable to communicate to system


    traceroute to pfsense.com (69.64.6.21), 64 hops max, 40 byte packets
    76.9-192-249.beanfield.net (76.9.192.249)  0.570 ms  0.569 ms  0.484 ms
    76.9-207-126.beanfield.net (76.9.207.126)  0.357 ms  0.339 ms  0.237 ms
    3  * * *
    4  207.219.123.125 (207.219.123.125)  0.562 ms  0.590 ms  0.480 ms
    toroonxngr00.bb.telus.com (154.11.6.23)  0.608 ms  0.463 ms  0.491 ms
    chcgildtgr00.bb.telus.com (154.11.11.30)  11.229 ms  11.207 ms  14.480 ms
    peer-02-ge-3-0-2-41.chcg.twtelecom.net (66.192.252.101)  11.352 ms  11.219 ms  11.365 ms
    8  206.222.119.82 (206.222.119.82)  20.854 ms  20.855 ms  20.879 ms
    gsr2tw.bluegrass.net (69.64.6.33)  20.774 ms  20.735 ms  20.706 ms
    10  * * *
    11  * * *


    That third hop consistently shows up as such.

    Traceroute from the one that is able to see packages.


    traceroute to pfsense.com (69.64.6.21), 64 hops max, 40 byte packets
    76.9-192-241.beanfield.net (76.9.192.241)  1.085 ms  1.071 ms  0.877 ms
    76.9-207-126.beanfield.net (76.9.207.126)  0.821 ms  1.119 ms  0.855 ms
    srp-6-0-bdr2.tor1.beanfield.net (66.207.209.9)  1.485 ms  0.826 ms  0.566 ms
    4  207.219.123.125 (207.219.123.125)  1.004 ms  1.137 ms  1.146 ms
    toroonxngr00.bb.telus.com (154.11.6.23)  164.659 ms  184.189 ms  1.864 ms
    chcgildtgr00.bb.telus.com (154.11.11.30)  17.166 ms  11.632 ms  11.683 ms
    peer-02-ge-3-0-2-41.chcg.twtelecom.net (66.192.252.101)  11.603 ms  11.640 ms  11.969 ms
    8  206.222.119.82 (206.222.119.82)  21.200 ms  137.032 ms  99.030 ms
    gsr2tw.bluegrass.net (69.64.6.33)  21.176 ms  21.458 ms  21.196 ms
    10  gsr1.bluegrass.net (216.135.95.6)  36.252 ms  36.235 ms  35.968 ms
    11  * * *
    12  * * *




  • Both machines run 1.2 release? Is there the possibility that something is filtered in front of the box that is not working?



  • Yes, both running 1.2 release.

    Possible it's blocked but that makes no sense to me (bearing in mind I'm not a routing guy) considering the traceroute hops look very similar.

    Also am I supposed to be able to ping www.pfsense.org from anywhere?

    Regardless of 3 different service providers, I'm unable to ping it.

    Cheers



  • ping is icmp (which we actually don't allow). the packagemanager uses tcp. do both machines use the same dns servers?



  • Yes they do.

    I assume the output of the ping showing that www.pfsense.org resolving to 69.64.6.21 shows that it's working.

    Oddly, from other machines behind that pfsense install, I can telnet to port 80 and traceroute without that pause at hop 3 or 4.

    I'm wondering if it's the ISP.  But they're not great at figuring out what is wrong when I mailed the results of the two traceroutes to them.  I'm thinking that consistent pause in the traceroute is somehow related…

    Cheers



  • Well, looks like it was something at the ISP side of things.  According to a tech rep, the IP assigned to our WAN interface was conflicting with someone else's subnet.

    They didn't elaborate.  The traceroute with the third hop stuttering isn't fixed but at least now I can get to the packages.


Locked