OPNsense Forum
Archive => 22.7 Legacy Series => Topic started by: phoenix on August 18, 2022, 11:39:27 am
-
For quite a while I've been having problems running updates to OPNsense, they always fail with a "signature invalid" with the 'latest 'base'. If it happens for the major releases I just download the installation DVD, do that as a clean install and import my backed-up settings.
I'm currently on an ADSL pppoe connection without any problems other than this one. I have Zyxel VMG8924-B10A router that's in Bridge mode and all is working fine, I also have used a Fritzbox router with the pppoe connection in 'passthru' mode and that had the same problem.
Is there any way to determine what's causing this problem?
As usual, the latest 22.7.2 also failed at the same point after downloading the latest 'base', I've also tried various alternative mirrors both in the UK and further afield, all with the same result.
***GOT REQUEST TO UPDATE***
Currently running OPNsense 22.7.1 (amd64/OpenSSL) at Wed Aug 17 18:35:34 UTC 2022
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (100 candidates): .......... done
Processing candidates (100 candidates): ... done
The following 20 package(s) will be affected (of 0 checked):
The cleanup will free 12 MiB
Deleting files: .......... done
All done
Nothing to do.
Starting web GUI...done.
Generating RRD graphs...done.
Fetching base-22.7.2-amd64.txz:
... failed, signature invalid
***DONE***
-
Try a different mirror?
-
Hey phoenix,
Can you post both the health and the connectivity audit?
Thanks,
Franco
-
Try a different mirror?
I've already tried that
-
Try a different mirror?
I've already tried that
Many try many things... more here.
https://forum.opnsense.org/index.php?topic=27698.0
-
Hey phoenix,
Can you post both the health and the connectivity audit?
Thanks,
Franco
Hi Franco
I now have a Frankenstein system as it's done the 'partial' upgrade but not the kernel or base, forgot to mention that earlier.
The details you asked for are here:
OPNsense
>>> Check installed plugins
os-theme-rebellion 1.8.8
os-vmware 1.5_1
os-wireguard 1.11
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ................................................................. done
***DONE***
***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7.2 (amd64/OpenSSL) at Thu Aug 18 12:58:25 UTC 2022
Checking connectivity for host: www.mirrorservice.org -> 212.219.56.184
PING 212.219.56.184 (212.219.56.184): 1500 data bytes
1508 bytes from 212.219.56.184: icmp_seq=0 ttl=52 time=26.667 ms
1508 bytes from 212.219.56.184: icmp_seq=1 ttl=52 time=26.272 ms
1508 bytes from 212.219.56.184: icmp_seq=2 ttl=52 time=26.312 ms
1508 bytes from 212.219.56.184: icmp_seq=3 ttl=52 time=27.001 ms
--- 212.219.56.184 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 26.272/26.563/27.001/0.296 ms
Checking connectivity for repository (IPv4): https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 798 packages processed.
All repositories are up to date.
Checking connectivity for host: www.mirrorservice.org -> 2001:630:341:12::184
PING6(1548=40+8+1500 bytes) 2a02:8011:d000:4ca:19fa:3acd:1c66:4279 --> 2001:630:341:12::184
--- 2001:630:341:12::184 ping6 statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv6): https://www.mirrorservice.org/sites/opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 798 packages processed.
All repositories are up to date.
***DONE***
The last attempt was pointed at the University of Kent mirror, this was the third mirror I tried.
-
Hi Franco
I was just doing some tests via the OPNsense konsole and when I left I thought I'd try an update via option 12, strangely it updated the kernel which I didn't think it had downloaded, obviously it had. :)
-
I had a similar issue yesterday using Arhuus, used Kent and upgraded ok.
-
The most obvious question to review is the one about making a pkg-update, or even a opnsense-update from terminal, but none helps with this.
I have tried several different package servers, CH, NL, UK, DK, SE.
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7 (amd64/OpenSSL) at Fri Aug 19 07:21:16 CEST 2022
Fetching changelog information, please wait... fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/sets/changelog.txz: No address record
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: No address record
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: No address record
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: No address record
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
Same result.
My DNS has been set to 8.8.8.8 and 1.1.1.1 and also tried one of those or both and also changed order.
My system was installed two days ago and frankly I don't see how I might have broken it since nothing is configured but for a LAN port.
-
So just try to confirm DNS works from the box, go to Interfaces: Diagnostics: DNS Lookup and insert "pkg.opnsense.org" and leave host empty.
If there is no result DNS is not working. This means it's not configured correctly.
Cheers,
Franco
-
No result on my part.
Rebooted as well. Tried diff mirrors.
Just to review one thing: where exactly is the DND entry you refer to when setting 1.1.1.1 and 8.8.8.8 ?
System > Settings > General > Networking > DNS ?
LATER THAT DAY...
Ok, fixed it.
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7.2 (amd64/OpenSSL) at Fri Aug 19 12:32:16 CEST 2022
Fetching changelog information, please wait... done
Updating OPNsense repository catalogue...
Fetching meta.conf: . done
Fetching packagesite.pkg: .......... done
Processing entries: .......... done
OPNsense repository update completed. 798 packages processed.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
Checking for upgrades (80 candidates): .......... done
Processing candidates (80 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***
I had not configured a path to INTERNET via my GW on my Router. After some praying and chanting and random slayings of black Roosters I felt strong and confident enough to compensate for the lack of AI in the interface and tell it what to do.
Not much thanks to the manual. Anyone heard of real life examples?
-
I had a similar issue yesterday using Arhuus, used Kent and upgraded ok.
I had tried this twice but just for completeness I changed the repo to the Kent mirror (again!) and, lo and behold, it updated the base system, rebooted and all is well. :)
I still think there's some sort of problem but as a mere home user I can't imagine what it might be. I didn't mention this earlier but I also confirmed that the DNS was OK and returned the correct results. I'd also seen that wireguard had been mentioned and that it interfered with the resolv.conf so I checked that (as I use wireguard) and it correctly pointed to my LAN DNS servers.
Basically my OPNsense is up and running with no problems after the final 'base' upgrade. If there's anything you need from me to (possibly) help troubleshoot this issue just let me know.
Is there any good "how to" articles on setting up a local repository? As I have an unlimited (but slow) download it might be a solution for my system.
-
Hi Bill,
Basically you rsync our subdir from http://mirror.ams1.nl.leaseweb.net/ and put it on a local http(s) server and then point your firmware mirror setting to it.
That's it.
Cheers,
Franco
-
Hi Franco
Thanks for that info, I'll give it a try and see what happens. ;) I think that's probably the best for me in the short term. Judging by the build activity where I live I'm hopefully in an area that's getting FTTP soon(ish) and I'll see what happens with the updates when I get that more reliable connection.