Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: chris888 on January 17, 2024, 10:35:00 PM

Title: [solved] opnsense mirrors: "Connection refused" when checking for updates
Post by: chris888 on January 17, 2024, 10:35:00 PM
Hi - since a few days, I get errors on a quite old HA install - both, from GUI and from command line.
The error is on both nodes and I tried different mirrors, all with the same result.
Code Select

configctl firmware check
OK

Code Select

opnsense-update -M
https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7

Code Select

pkg update -f
Updating OPNsense repository catalogue...
pkg: https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7/latest/meta.txz: Connection refused
repository OPNsense has no meta file, using default settings
pkg: https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: Connection refused
pkg: https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7/latest/packagesite.txz: Connection refused
Unable to update repository OPNsense
Error updating repositories!


Doing a ping or curl in the same session works without problems - e.g.:
Code Select

curl "https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7/latest/packagesite.pkg"


The logs show nothing special - except that the upgrade fails.

Code Select

configd.py 93027 - [meta sequenceId="393"] [bb7ec313-3623-4a36-85bb-9fce6a4d4600] Script action failed with Command '/usr/local/opnsense/scripts/firmware/query.sh remote ' returned non-zero exit status 1. at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute     subprocess.check_call(script_command, env=self.config_environment, shell=True,   File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call     raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/firmware/query.sh remote ' returned non-zero exit status 1.
Title: Re: opnsense mirrors: "Connection refused" when checking for updates
Post by: Patrick M. Hausen on January 17, 2024, 10:53:07 PM
Pick a different mirror?
Title: Re: opnsense mirrors: "Connection refused" when checking for updates
Post by: chris888 on January 18, 2024, 02:44:12 PM
Quote from: Patrick M. Hausen on January 17, 2024, 10:53:07 PM
Pick a different mirror?

Thanks for your response, but ...

Quote from: chris888 on January 17, 2024, 10:35:00 PM
(...) and I tried different mirrors (...)

and all failed with the same error message.
Title: Re: opnsense mirrors: "Connection refused" when checking for updates
Post by: Patrick M. Hausen on January 18, 2024, 02:56:50 PM
Sorry, I concentrated on the code snippets while reading and missed that.

Is there another firewall system in front of this setup? If not, try to tcpdump on the WAN interface and find out who's sending the ICMP unreachable messages.
Title: Re: opnsense mirrors: "Connection refused" when checking for updates
Post by: chris888 on January 18, 2024, 06:05:34 PM
For me, it doesn't look like a connectivity issue. The same connection with CURL is fine.
I also tried to avoid possible issues with IPv6 by using pkg -4 in the console, but this didn't help.

Does anyone know what causes the mirrors to answer with "Connection refused"?

Connecting with curl from the firewall or any webbrowser from clients in the internal network to the mirrors works without any issues.
Title: Re: opnsense mirrors: "Connection refused" when checking for updates
Post by: chris888 on January 19, 2024, 12:43:06 PM
I finally found the problem: there was an orphaned proxy setting in /usr/local/etc/pkg.conf
Text only | Text with Images