OPNsense Forum

I keep having the "Timeout while connecting to the selected mirror." error when trying to check for updates. Have tried other mirrors, same issue.

What works fine:
- Pinging Opnsense mirror in NL
- Downloading a package from the Opnsense shell:

curl --tcp-nodelay -4 -vvvvv -o kernel-19.7.3-amd64.txz -k https://pkg.opnsense.org/FreeBSD:11:amd64/19.7/sets/kernel-19.7.3-amd64.txz

Only odd thing I notice is that pinging a hostname from Opnsense shell is quite slow (a few secs), pinging an IP is fast. I don't know why this could be, have configured 1.1.1.1 as the system DNS. Even then, somewhat slower DNS should not break the firmware update feature.

Any ideas? Any logfile I can check? I tried general, but nothing in there.

Your IPv6 is defunct as indicated by your "-4" use in curl.


Cheers,
Franco

I had indeed disabled ipv6 DHCP client, however.

- My provider does not support ipv6 with their modem in bridge mode (Ziggo, NL).
- I have the updates listed up to 20.6, so it worked at some point.
- I have enabled "Prefer IPv4 over IPv6" on the WAN interface.

So, this does not seem like an ipv6 issue? Plus, should updates not work on ipv4?

I also tested instructions from another thread:

root@action:~ # opnsense-update -M
http://mirror.terrahost.no/opnsense/FreeBSD:11:amd64/20.1
root@action:~ # pkg update -f
Updating OPNsense repository catalogue...
Fetching meta.txz: 100%    1 KiB   1.5kB/s    00:01
Fetching packagesite.txz: 100%  183 KiB 187.0kB/s    00:01
Processing entries: 100%
OPNsense repository update completed. 708 packages processed.
All repositories are up to date.

And:

root@action:~ #  /usr/bin/time configctl firmware check
{
        "connection":"timeout",
        "downgrade_packages":[],
        "download_size":"",
        "last_check":"Fri May 29 11:49:01 CEST 2020",
        "new_packages":[],
        "os_version":"FreeBSD 11.2-RELEASE-p16-HBSD",
        "product_name":"opnsense",
        "product_version":"20.1",
        "reinstall_packages":[],
        "remove_packages":[],
        "repository":"error",
        "updates":"",
        "upgrade_major_message":"",
        "upgrade_major_version":"",
        "upgrade_needs_reboot":"0",
        "upgrade_packages":[]
}
       31.11 real         0.20 user         0.02 sys

Fixed!

The issue was indeed the slow DNS. The firmware update performs many DNS lookups, leading the update to run over its timeout.

I had to enable "Do not use the local DNS service as a nameserver for this system", as my Unbound runs on port 5300. Simply a setting I had missed somehow.

Strange that the curl wasn't showing the issue, but happy to hear you could resolve it. :)


Cheers,
Franco

That's because that was a single DNS request which only has a 3-5s delay. I guess there's a fallback. The timeouts for the 70+ DNS requests in the firmware update stack up, however.