Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Solved: Is a direct (unproxied) Internet Connection needed to upgrade to 2.3 ??

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    16 Posts 8 Posters 8.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GuruNot
      last edited by

      We use multiple virtual pfSense firewalls for internal test segmentation, they do not have direct access to the internet they only have access via a proxy.

      I have recently tried to upgrade two instances one running 2.2 and one running 2.2.6 to 2.3 and both have failed in the same manner.

      Using the Auto-Upgrade mechanism, via the web console, the update is successfully downloaded and installs fine, following the initial reboot both displayed the following error in a continuous loop:

      "ERROR!!! An error occurred on pkg execution (rc = 70) with parameters 'update-f':
      pkg : http://pkg.pfsense.org/pfsense_v2_3_0_i386-core/meta.txz : no route to host"
      pkg : http://pkg.pfsense.org/pfsense_v2_3_0_i386-core/packagesite.txz : no route to host"
      pkg : http://pkg.pfsense.org/pfsense_v2_3_0_i386-pfSense_v2_3_0/meta.txz : no route to host"
      pkg : http://pkg.pfsense.org/pfsense_v2_3_0_i386-pfSense_v2_3_0/packagesite.txz : no route to host"

      To me this suggests that a direct internet connection is required to retrieve some data, which is no longer in the update, is there any way around this ?

      Thanks

      1 Reply Last reply Reply Quote 0
      • H
        henryvu
        last edited by

        Hey,
        That errors look like exactly what i faced yesterday when upgrading it. so far from what i understand after digging and experiencing so far

        1. You might need to reconfigure /etc/resolve.conf . this file contain records of name server, so you will need to update them to google DNS. That might fix it
        2. The connection need to specify gateway in order to download the file.
        3. Using proxy to support HTTP internal system under System -> Advance -> Misc will cause a result. Even if you install 2.3 from scratch, it will still suffer from finding Available Package under System -> Packages.
        4. If your connection to Internet is stand behind another proxy it will likely causing problem (ex: you use Pfsense as a Proxy connect to another upstream proxy)

        Other option is hold that update until a patch is release and come back to use 2.2.6 if you have a Snapshot of your proxy before upgrade

        1 Reply Last reply Reply Quote 0
        • G
          GuruNot
          last edited by

          Name resolution of pkg.pfsense.org is fine, my existing DNS Servers resolve that ok. I already have a proxy set in System -> Advance -> Misc as this is used by the Auto Update mechanism, which downloads the 2.3 upgrade file fine.

          The issue is on that first reboot, it would seem that it attempts a direct connection at that point which causes issues in a proxied environment.

          As soon as I had made note of the issue, I reverted both instances back to the Snapshot I took before starting the upgrade process. So there was minimal impact.

          I am hoping there is a work around/fix otherwise I will not be able to go to 2.3 for these instances.

          1 Reply Last reply Reply Quote 0
          • Y
            YonNomNom
            last edited by

            Hey so i figured i would jump on this post too as it is the same problem that i am having.

            My pfsense box cant access the internet unless it is using a proxy (the proxy is separate to this instance of pfsense). It managed to update to 2.3 and is currently forwarding traffic like expected but now it is stuck attempting to download package metadata :(

            I have attempted to add a proxy to the pkg configuration but that has not helped it does not even attempt to contact the proxy.

            pkg_env: {
              http_proxy: "http://10.xxx.xxx.xxx:8080"
            }

            I am not sure if this is a pfsense problem or a bug with pkg itself not liking proxies.

            Thanks for a great product, Yon

            pfsense.png_thumb
            pfsense.png

            1 Reply Last reply Reply Quote 0
            • H
              henryvu
              last edited by

              I believe that the bug on pfsense itself.

              I have tested a fresh installation of 2.3 on my Citrix environment. As long as i config the proxy under System - Advance - Misc. The webConfigurator will hang and display a 504 error (Gateway fail). if you try to check a available packages it will crash and force to reboot.

              I hope this issue will be rectify on next patch

              1 Reply Last reply Reply Quote 0
              • R
                robi
                last edited by

                +1 for a way to update systems offline!

                Scenarios when this is required:

                • when internal pfSense systems can't see the internet, only through proxy (like above)
                • when upgrading spare (second) hardware offline first, and replacing in production environment just by plugging the cables between the old and the new, to ensure minimal downtime and 100% working previous state

                I would imagine something like a utility to analyze the configuration first, and evaluate if it's possible or not to do the update offline (meaning: no direct internet connection available at the moment when the system boots up first time after the upgrade).
                For offline update, offer the possibility to download the package files somehow manually, and be able to give them to the firewall during the first boot after the update, to be able to finish it properly.
                Like a gzipped file containing all that's needed for package reinstallation, pretty much like Dropbox does.

                1 Reply Last reply Reply Quote 0
                • G
                  GuruNot
                  last edited by

                  @YonNomNom:

                  I have attempted to add a proxy to the pkg configuration but that has not helped it does not even attempt to contact the proxy.

                  pkg_env: {
                    http_proxy: "http://10.xxx.xxx.xxx:8080"
                  }

                  As I was watching the console, I hadnt realised the upgrade had actually worked and the GUI was accessible.

                  So , taking your lead I CTRL+C to break in to the console, copied pkg.conf.sample to pkg.conf and modified the pkg_env sections as follows:

                  pkg_env: {
                  http_proxy=http://proxy:port
                  https_proxy=http://proxy:port
                  HTTP_PROXY=http://proxy:port
                  HTTPS_PROXY=http://proxy:port
                  }

                  Obviously replacing the proxy and port with my details.

                  Rebooted and all is good it pulled down the packages. Not sure if it is the upper case or the https entries that helped, but it is working and it wont hurt to keep both in the file.

                  1 Reply Last reply Reply Quote 0
                  • Y
                    YonNomNom
                    last edited by

                    @GuruNot:

                    So , taking your lead I CTRL+C to break in to the console, copied pkg.conf.sample to pkg.conf and modified the pkg_env sections as follows:

                    So how do we get this fixed for the next release?

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      It was working at one point earlier in 2.3, but may have regressed. We're looking into it again. https://redmine.pfsense.org/issues/6149

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • R
                        robi
                        last edited by

                        Just created a new ticket: https://redmine.pfsense.org/issues/6151
                        Edit: we were working both in the same time  ???

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          @robi:

                          Just created a new ticket: https://redmine.pfsense.org/issues/6151

                          See my message just above yours. I'd already created a ticket for it. :-)

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • R
                            robi
                            last edited by

                            Lots of tickets these days, isn't it  :-\

                            1 Reply Last reply Reply Quote 0
                            • X
                              xhark
                              last edited by

                              @GuruNot:

                              So , taking your lead I CTRL+C to break in to the console, copied pkg.conf.sample to pkg.conf and modified the pkg_env sections

                              For people who read this, path is /usr/local/etc/pkg.conf :)

                              No need to copy pkg.conf.sample, juste create pkg.conf and add

                              @GuruNot:

                              pkg_env: {
                              http_proxy=http://proxy:port
                              https_proxy=http://proxy:port
                              HTTP_PROXY=http://proxy:port
                              HTTPS_PROXY=http://proxy:port
                              }

                              Rebooted and all is good it pulled down the packages.

                              SysNetAdmin & Blogger on http://blogmotion.fr

                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                Editing that file is kind of ugly.

                                Try the patch I just added to https://redmine.pfsense.org/issues/6149

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kernel-panic
                                  last edited by

                                  What would be the right time to apply this patch without having trouble in the update process from the previous version?

                                  regards

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    McGlenn
                                    last edited by

                                    the patch from https://redmine.pfsense.org/issues/6149 worked for me, but only after changing the uppercase HTTP_PROXY to lowercase http_proxy

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.