Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Install packages through LAN proxy

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    12 Posts 4 Posters 6.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robi
      last edited by

      Guys, I'm having an issue where pfSense is used as an internal network, which has no access to the internet. It just routes and firewalls some internal, industrial-purposed networks, where internet access is not needed/allowed.
      However, I need some packages to install on it, and I can manage to get some temporary internet access through a host connected to one of the internal LANs behind it, by running an http proxy.

      I've got in System: Advanced: Miscellaneous: Proxy support enabled an set up to the working proxy. The update checker in the dashboard uses it and correctly detects that I'm on the latest release.

      But in System: Package Manager: Available Packages I still get an error message saying it's unable to download the packages list after some considerable timeout. It seems the Package Manager doesn't take into account the proxy setting specified in the Proxy support page. Only the update checker works.

      Note the special case when the proxy is not seen through the WAN interface, but through one of the LANs. Could that be the cause?

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        From the sound of it, you'll have to find a way to get the PFS to route out directly to the internet, even if only temporarily. If you have a gateway out to the web on the same network as the PFS WAN you can just change your default gateway out and that should do it. Otherwise, you may have to add a route to your switch to allow the PFS to 'see' the internet properly.

        1 Reply Last reply Reply Quote 0
        • R
          robi
          last edited by

          I know that. But I was hoping I could just use the local proxy for that, there's no way to put any internet connection on the WAN side at all.

          1 Reply Last reply Reply Quote 0
          • M
            muswellhillbilly
            last edited by

            Had a quick look at the php involved in downloading and installing the packages. From what I can see, the system pulls down a '*.pbi' package file and drops it in the /tmp folder from where it installs it. If you can set up a second PFS which can pull down the relevant package file directly from the internet, you could transfer the *.pbi to your internal PFS and install it manually perhaps.

            https://forums.freebsd.org/threads/howto-install-pc-bsd-pbis-on-freebsd.35180/

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              That certainly would not work, downloading the PBIs will get you no GUI.

              1 Reply Last reply Reply Quote 0
              • R
                robi
                last edited by

                Yep, that's what I was afraid of.

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  Other than that - this should work on any 2.2.x box (see https://redmine.pfsense.org/issues/3612). Random pointers (this really is not debuggable in a meaningful way without logs from the proxy or some packet captures)

                  • If you have IPv6 set up there, tick the "Prefer IPv4" checkbox.
                  • Remember that the traffic is HTTPS (if the proxy won't proxy HTTPS, it won't work)
                  1 Reply Last reply Reply Quote 0
                  • R
                    robi
                    last edited by

                    It doesn't work, sorry. (and I'm using IPv4 only)

                    On my proxy's log, I see when it connects from the dashboard to updates.pfsense.org via HTTPS. But there's no log entry at all for anyone trying to access packages.pfsense.org in any way, despite the fact that I clicked several times in the web gui to the Available Packages link. It just says "unable to communicate with https://packages.pfsense.org…" but in reality, it doesn't even try to touch the configured proxy server.

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned
                      last edited by

                      Do some packet capture, perhaps, and file a bug eventually.

                      1 Reply Last reply Reply Quote 0
                      • R
                        robi
                        last edited by

                        OK, packages don't download through LAN proxy that's for sure.
                        Worked around by setting up a VPN server on LAN side, connecting from pfSense to that as VPN client and routing all internet traffic through it.

                        1 Reply Last reply Reply Quote 0
                        • M
                          muswellhillbilly
                          last edited by

                          @doktornotor:

                          That certainly would not work, downloading the PBIs will get you no GUI.

                          My bad. Hadn't tried it, so wasn't sure but thought it might be worth a go. Good to hear you found a workaround.

                          1 Reply Last reply Reply Quote 0
                          • N
                            nebja
                            last edited by

                            Hello i am new to this too . I have as a project to make a Computer work as DHCP ,  Firewall , DNS , http(s) proxy and L3 routing  and route traffic from trusted and DMZ to and the outside network of the school that has internet connection threw another proxy.  (Proxy support isn't working for me either) Is there any way to install the packages manually (even the pkg is not installed)?I can download any packages from my trusted network but i have no internet connection on pfsense.I posted here as its similar problem .

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.