OPNsense Forum

Archive => 22.7 Legacy Series => Topic started by: JG76 on October 07, 2022, 06:46:14 pm

Title: Upgraded to 22.7.4 now unable to check for updates
Post by: JG76 on October 07, 2022, 06:46:14 pm: Can anyone tell me how to fix the following? Thanks.

Code: [Select]
***GOT REQUEST TO CHECK FOR UPDATES*** Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Fri Oct 7 12:33:31 EDT 2022 Fetching changelog information, please wait... fetch: transfer timed out Updating OPNsense repository catalogue... pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: No address record repository OPNsense has no meta file, using default settings pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: No address record pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: No address record Unable to update repository OPNsense Error updating repositories! pkg: Repository OPNsense cannot be opened. 'pkg update' required Checking integrity... done (0 conflicting) Your packages are up to date. ***DONE***
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: Kwolfe19 on October 08, 2022, 07:51:18 pm: I have the same problem. I am looking for a solution now. It seems like this happens every few months and the problem is usually related to all DNS queries from the opnsense machine are failing. My client machines are all fine.
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: phoenix on October 08, 2022, 10:25:24 pm: Which DNS server(s) are you using, is it one on OPNsense server or on your LAN or an external DNS server (your ISP's?)?

Have you tried doing a lookup from the Interfaces/Diagnostic page, does that get a response when the package update fails?
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: Kwolfe19 on October 09, 2022, 03:15:55 am: I ssh into the opnsense box and ran:
Code: [Select]
dig google.com
The DNS server that it is hitting is not the correct one. It is trying to use an old pi-hole server that I turned off many months ago. It's like an old configuration came back from the dead. I'm trying to figure out where that setting is so I can undo it.
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: Kwolfe19 on October 09, 2022, 03:21:31 am: Looks like /etc/resolv.conf got updated during the upgrade. So now the question is, what did it get updated from so I can get that fixed.
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: Kwolfe19 on October 09, 2022, 03:37:22 am: I restored it to the .bak file that was created, but I really want to find the source that the installer uses to generate the file and fix that. Does anyone know where to look for that? Thank you!
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: Kwolfe19 on October 09, 2022, 03:45:30 am: I found a DNS setting in my wireguard setup in the config.xml file. Fixed that through the UI, but didn't find any other references to that DNS server. Any other ideas would be welcome.
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: guenti_r on October 09, 2022, 03:07:37 pm: Had this also, figured out it was an MTU issue ::)
Lowering the MTU on WAN solved it (dont know why...).
Restart to apply the settings.
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: santi.benejam on October 19, 2022, 09:52:28 am: I can't check updates after upgrade from 22.1.10 to 22.7. A connectivity test fails. A ping google.com don't work but DNS resolves it.
How can I upgrade to 22.7.6?
Running Connectivity audit I get this:
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Wed Oct 19 11:26:16 CEST 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Operation timed out
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: schup on October 19, 2022, 12:33:35 pm: I had the same problem after a previous update, a later update fixed it and it is now back with 22.7.6 (22.7.5 worked)

A ping (Interfaces > Diagnostics > Ping) doesn't work with default settings but does work when specifying the "Source Address"

To work around the update problem I created an output NAT rule.

Firewall > NAT > Outbound - see attached screenshot.

With this change ping and updat work.
Not a fix but at least updates are working.
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: franco on October 19, 2022, 12:49:24 pm: To be frank, the "this breaks that and then it works and now it's back" just means nothing related to updates happens to your setup that breaks intermittently for other reasons.

Cheers,
Franco
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: santi.benejam on October 19, 2022, 03:26:30 pm: Hi Franco, I've been using OPNSense in a FW6 Protectli since 2019 and this is the first time an update fails with these symptoms.

I added an outgoing NAT rule as suggested by schup and now ping works and I can get updates. I don't know if it happened during the update. I think that for some reason the update failed or had to be updated to version 22.7.6 and was not done because it could not be downloaded.
Tomorrow morning I'll update it to 22.7.6.
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: schup on October 19, 2022, 04:30:32 pm: Quote from: franco on October 19, 2022, 12:49:24 pm
To be frank, the "this breaks that and then it works and now it's back" just means nothing related to updates happens to your setup that breaks intermittently for other reasons.
With the update to 22.7 this started happening to me - and not only to me.

See https://forum.opnsense.org/index.php?topic=29748.0

After a minor version update I disabled the outbound nat rule and it worked.
Now it is back to not working after the update.

I do not know what this is caused by. If you can tell me what could help in getting to the bottom of the issue I'd be happy to investigate.
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: santi.benejam on October 20, 2022, 08:08:00 am: I upgraded today to 22.7.6 and then deactivated the NAT Rule and connections to internet from local box are working now.
Connectivity audits and check for updates ara working too.
Franco, If you need something that can help to debug this errors, how can I help?
Title: Re: Upgraded to 22.7.4 now unable to check for updates
Post by: doog on October 20, 2022, 10:15:12 am: I think I'm going to open a new topic about this, since it might be unrelated to the problems experienced in this post.