OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: rajl on January 06, 2018, 09:56:36 pm
-
So I am evaluating OPNSense as a replacement for PFSense (not to start a flameware, but OPNSense has features that PFSense doesn't which are useful to me). However, when I try to update the firmware through the WebGUI, it fails with the following error:
Firmware status check was aborted internally. Please try again.
The logs say:
Jan 6 15:49:03
configd.py: [4297ea6f-e1c5-46ca-a2d3-2d36f80d3f4f] view remote packages
Jan 6 15:49:03
configd.py: [8071332c-d198-42e6-a5e8-1108b8870172] retrieve firmware update status
Jan 6 15:49:03
configd.py: [21d096d3-f98e-4765-81ea-7b2afa5b15b4] returned exit status 1
Jan 6 15:48:57
configd.py: [21d096d3-f98e-4765-81ea-7b2afa5b15b4] Fetching changelog from remote
Jan 6 15:48:53
configd.py: generate template container OPNsense/Auth
Jan 6 15:48:53
configd.py: [cc2a0904-55f7-4ead-8709-c11720859c4c] generate template OPNsense/Auth
Jan 6 15:48:53
configd.py: [f12072fd-42bb-4d8a-8133-0fc01c4462a2] update firmware configuration
I did perform an update from the console, but it took forever. I did some searching of the forums and it seems others have had this problem before, but did not say what it was. There was some hint that it could be related to the use of a proxy, use of IPv6 by default, or other issues unspecified. In my case, there is no proxy and I have native IPv6 enabled and working (I've tested it on other sites).
Any help?
-
How much free disk space is there on the firewall?
Bart...
-
I posted about this back in October last year, it could be a problem with IPv6, take a lake a look and see if it's the same problem: https://forum.opnsense.org/index.php?topic=6097.msg25538#msg25538
-
"Firmware status check was aborted internally. Please try again."
I get this from time to time (IPv4, nano i386, 17.1.10 was the last I updated), but after pressing the "Update" button repeatedly I get the box to show the latest updates.
Have you tried a different update server?
-
Slow/defunct IPv6 is my guess. Try to prefer IPv4 and see how that goes...
Cheers,
Franco
-
How much free disk space is there on the firewall?
Bart...
At least 100 GB (I put a spare 128 GB Samsung 830 I had lying around in there as the install/boot drive)
-
I posted about this back in October last year, it could be a problem with IPv6, take a lake a look and see if it's the same problem: https://forum.opnsense.org/index.php?topic=6097.msg25538#msg25538
It could be, but I hope not. I will test sometime this week and report back. It would be strange if it were as my previous PFSense installation had no problems when IPv6 was preferred and my ISP provides native IPv6.
-
Slow/defunct IPv6 is my guess. Try to prefer IPv4 and see how that goes...
Cheers,
Franco
Will do and will report back. Why would IPv6 be causing this issue?
-
Because it can't resolve locally. It takes a timeout for each DNS lookup, which ends up stalling every little detail during the update process and finally running into the GUI timeout (it's only 45 seconds for the repo database fetch).
The console update option 12 should work when giving it a lot of time tough as there is no hard timeout there. It's intentional to have a very basic update script there to provide a safety net for users.
Cheers,
Franco
-
A bit late of a reply, but it works fine if I select “Prefer IPv4 over IPv6”. This is mildly annoying as Inhave working IPv6. However, I can always toggle the switch when doing an OPNSense update and use IPv6 normally for the rest of the Internet.
Any idea why IPv6 does not work well with the update server?
-
I update no issue with IPV6 turned on, sounds like a setting issue to me
what do you get here
http://ipv6-test.com/
-
Even though your clients may have perfect internet, your ISP may not offer IPv6 servers to the box and if you don't allow the box to access the local DNS service or the servers you entered are not IPv6-capable you get this behaviour.
System: Settings: General at the bottom.... uncheck the option that prevents system resolution against the configured DNS server.
Cheers,
Franco
-
PS: Hmm, or maybe IPv6 resolution works fine but the system can't route IPv6... A simple ping6 test will reveal this.
-
System: Settings: General at the bottom.... uncheck the option that prevents system resolution against the configured DNS server.
Cheers,
Franco
I confirm I have this unchecked and have no probelems
-
PS: Hmm, or maybe IPv6 resolution works fine but the system can't route IPv6... A simple ping6 test will reveal this.
Upon further inspection, IPv6 is not working even though my WAN interface gets a native IPv6 address from the ISP’s gateway. IPv6 was working “out of the box” with my old PFSense installation, so I wonder what OPNSense is doing differently? I will try to figure it out when I have time.
-
I switched from pfSense without issues as did other members of team rebellion
Maybe if you share your dhcp6 lan settings here someone will be spot a config error for you
-
I switched from pfSense without issues as did other members of team rebellion
Maybe if you share your dhcp6 lan settings here someone will be spot a config error for you
"Team Rebellion" -- I like that, and it's part of the reason for my trialing of OPNSense. However, it's been quite the learning experience. Some things are much better than PFSense, but other areas definitely lack feature parity.
I'm going to dig into it some more when I have the time. As I recall, my ISP in particular has issues with IPv6 not playing nice with PFSense and I was one of the few that got it to work. But I wasn't sure how. So this may not even be OPNSense's fault (although I think it is as the WAN is being assigned a valid IPV6 address from the /64 subnet assigned to me).
For this issue, I think my best bet will be to compare my PFSense config to my OPNSense config and see what's missing (if anything). If I can't figure it out, I will post a more specific post to the community for help.
-
Ok, the problem remains and, upon further investigation, I don't think it's my fault.
I can confirm that IPv6 works on my WAN interface as it is assigned a valid IPv6 address of 2600:1700:fc0:8640:xxxx:xxxx:xxxx:xxxx. When I do an IPv6 Ping to the sites like Google, the ping test succeeds. When I try to update firmware from the web interface and I have the option "prefer IPv4 over IPv6" enabled, the system works. However, when I do not have this option checked, updates from the web interface fail even though I have a working IPv6 on my WAN.
What am I doing wrong?
-
So will
# pkg update -f
stall for you?
Cheers,
Franco
-
So will
# pkg update -f
stall for you?
Cheers,
Franco
Nope. That works just fine.
-
Hmm, that would easily conclude there is nothing wrong with your install.
Help me understand where lies the problem in your IPv6 experience instead. I must be missing something.
Thanks,
Franco
-
I'm definitely having IPv6 problems on the LAN side of my firewall. But that I would suspect is a different issue from this.
My network is configured like this:
ONT -> ISP Gateway -> OPNSense Router -> LAN
The ONT is optical network terminal where the fiber terminates and is converted to an ethernet cable.
The ISP Gateway is one of those "all-in-one" modem/router boxes that they force upon you. Unfortunately, it does not support bridge mode, but only provides for a pseudo-bridge called "IP-Passthrough" where the public WAN of the Gateway is assigned to your router. The gateway then runs a NAT table that passes almost all traffic received on the public IP to your router. What is not passed is unclear. The ISP currently offers a native IPv6 implementation, which assigns each customer a /64 block. When in IP-Passthrough mode, the /64 block is assigned to the OPNSense router to do with as it pleases.
For the WAN interface, I can demonstrate that (1) a publicly routable IPv6 address is assigned and (2) that I can ping the public internet (e.g., ping6 www.google.com) using IPv6. Further, some LAN clients are able to use IPv6 just fine, but others can't use it at all.
I also have not changed any of the options on my interface related to IPv6. I have DHCPv6 as my configuration type, I have 64 as my prefix delegation size, and all other fields are empty.
Any of that information help?