OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: mausy5043 on January 22, 2018, 06:59:49 pm
-
Trying to update via System > Firmware > Updates returns this error:
Firmware status check was aborted internally. Please try again.
System > Firmware > Plugins only shows one line:
os-dyndns (orphaned) 1.5 133KiB Dynamic DNS Support
System > Firmware > Packages looks like it is okay.
Help is appreciated. Please let me know what additional info is needed.
-
Which version?
Could be an IPv6 resolve failure.
Can you run this from the console and provide the output please?
# opnsense-update -M
# pkg update -f
Cheers,
Franco
-
Versions:
OPNsense 17.7.12-amd64
FreeBSD 11.0-RELEASE-p17
OpenSSL 1.0.2n 7 Dec 2017
% sudo opnsense-update -M
http://pkg.opnsense.org/FreeBSD:11:amd64/17.7
% sudo pkg update -f
Updating OPNsense repository catalogue...
Fetching meta.txz: 100% 1 KiB 1.5kB/s 00:01
Fetching packagesite.txz: 100% 126 KiB 128.8kB/s 00:01
Processing entries: 100%
OPNsense repository update completed. 462 packages processed.
All repositories are up to date
I retrieved some logs (censored) from my syslog-ng server from when I click the [Update] button on the GUI (maybe they can help):
2018-01-22T20:34:43+01:00 user[notice] configd.py:: [4d66fc5a-edf4-4655-8479-bb82998b24ee] Fetching changelog from remote
2018-01-22T20:34:43+01:00 daemon[info] dnsmasq:: query[A] pkg.opnsense.org from 127.0.0.1
2018-01-22T20:34:43+01:00 daemon[info] dnsmasq:: cached pkg.opnsense.org is 212.32.245.132
2018-01-22T20:34:43+01:00 daemon[info] dnsmasq:: query[AAAA] pkg.opnsense.org from 127.0.0.1
2018-01-22T20:34:43+01:00 daemon[info] dnsmasq:: cached pkg.opnsense.org is 2001:1af8:4900:a01d:1200::2
2018-01-22T20:34:48+01:00 user[err] configd.py:: [4d66fc5a-edf4-4655-8479-bb82998b24ee] returned exit status 1
2018-01-22T20:34:48+01:00 user[notice] configd.py:: [0b514ede-b27d-48ec-9896-53e15a5863be] retrieve firmware update status
:
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: query[SRV] _http._tcp.pkg.opnsense.org from 127.0.0.1
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: forwarded _http._tcp.pkg.opnsense.org to 9.9.9.9
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: forwarded _http._tcp.pkg.opnsense.org to 2620:fe::fe
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: query[A] pkg.opnsense.org from 127.0.0.1
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: forwarded pkg.opnsense.org to 9.9.9.9
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: forwarded pkg.opnsense.org to 2620:fe::fe
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: reply pkg.opnsense.org is 212.32.245.132
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: query[AAAA] pkg.opnsense.org from 127.0.0.1
2018-01-22T20:35:30+01:00 daemon[info] dnsmasq:: cached pkg.opnsense.org is 2001:1af8:4900:a01d:1200::2
2018-01-22T20:35:34+01:00 daemon[info] dhcp6c:: Sending Solicit
:
2018-01-22T20:36:16+01:00 local4[err] configd:: Timeout (120) executing : firmware remote
2018-01-22T20:36:16+01:00 local4[err] configd:: Timeout (120) executing : firmware remote
2018-01-22T20:36:16+01:00 user[notice] configd.py:: [384828ac-6efa-4a6d-9996-43eedd912fab] view local packages
2018-01-22T20:36:16+01:00 user[notice] configd.py:: [9ef9331a-c5bf-4293-a34e-a090ab7c54f2] Retrieving changelog index
:
2018-01-22T20:36:45+01:00 user[err] configd.py:: unable to sendback response [GeoIP|||1.6.11|||Find the country that any IP address or hostname originates from|||795KiB|||0|||GPLv2 acme-client|||0.1.16_2|||Native C client for Let's Encrypt, designed for security|||1.92MiB|||0|||ISCL acme.sh|||2.7.5_2|||ACME protocol client written in shell|||349KiB|||0|||GPLv3+ apcupsd|||3.14.14_2|||Set of programs for controlling APC UPS|||1.09MiB|||0|||GPLv2 apinger|||0.7|||IP device monitoring tool|||199KiB|||0|||GPLv2 arc|||5.21p|||Create & extract files from DOS .ARC files|||92.8KiB|||0|||GPLv2 arj|||3.10.22_6|||Open source implementation of the ARJ archiver|||620KiB|||0|||GPLv2 arp-scan|||1.9|||ARP scanning and fingerprinting tool|||889KiB|||0|||GPLv3 asterisk13|||13.19.0|||Open Source PBX and telephony toolkit|||36.6MiB|||0|||GPLv2 autoconf|||2.69_1|||Automatically configure source code on many Un*x platforms|||2.98MiB|||0|||GPLv3+, AUTOCONF_CONFIGURE_SCRIPT_EXCEPTION, GPLv2+, GFDL autoconf-wrapper|||20131203|||Wrapper script for GNU
Could be an IPv6 resolve failure.
This remark triggered me because I also had an issue with `lftp` not working on some of my Debian-based servers. That was caused by a setting in `lftp` that was resolved by forcing `lftp` to first try connecting via IPv4 before IPv6.
So, I unchecked Firewall > Settings > Advanced : option "Allow IPv6"
Now, I still get in the GUI the message Firmware status check was aborted internally. Please try again..
But, after a couple of seconds the list with plugins is displayed and os-dyndns now reports as installed.
So, the issue is worked-around. But I'd really also like to re-enable IPv6 at some point.
-
This is still not entirely right. You want to:
1. Set the system to prefer IPv4 over IPv6 under System: Settings: General.
and / or
2. Find out why IPv6 doesn't fully work from the OPNsense box itself.
Cheers,
Franco
-
I enabled System > Settings > General : Prefer IPv4 over IPv6
and
re-enabled Firewall > Settings > Advanced : Allow IPv6
Clicking [Update] on System > Firmware > Update : now first returns an error "Firmware status check was aborted internally. Please try again." when the page is opened and with every next click it succeeds "There are no updates available on the selected mirror.". Until I close and re-open the Update page.
-
The GUI timeout is 60 seconds.
How long does this command run?
# pkg update -f
And does this work?
# ping6 pkg.opnsense.org
If both show weird behaviour you could try another mirror that does not offer any IPv6 connectivity.
Cheers,
Franco
-
% time sudo pkg update -f
Updating OPNsense repository catalogue...
Fetching meta.txz: 100% 1 KiB 1.5kB/s 00:01
Fetching packagesite.txz: 100% 126 KiB 128.8kB/s 00:01
Processing entries: 100%
OPNsense repository update completed. 462 packages processed.
All repositories are up to date.
0.271u 0.085s 0:00.52 67.3% 382+14709k 4+275io 7pf+0w
% ping6 -c4 pkg.opnsense.org
PING6(56=40+8+8 bytes) 2001:985:509c:1:20e:c4ff:fed0:9f95 --> 2001:1af8:4900:a01d:1200::2
16 bytes from 2001:1af8:4900:a01d:1200::2, icmp_seq=0 hlim=57 time=6.060 ms
16 bytes from 2001:1af8:4900:a01d:1200::2, icmp_seq=1 hlim=57 time=5.629 ms
16 bytes from 2001:1af8:4900:a01d:1200::2, icmp_seq=2 hlim=57 time=7.547 ms
16 bytes from 2001:1af8:4900:a01d:1200::2, icmp_seq=3 hlim=57 time=5.814 ms
--- pkg.opnsense.org ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 5.629/6.263/7.547/0.757 ms
Doesn't look problematic.
UPDATE: After a reboot the 'problem' has now disappeared.
-
Weird... if this should ever start happening again, please measure how long the background check takes...
# /usr/bin/time configctl firmware check
Cheers,
Franco
-
OK
-
Franco
I've also been having problems with this, I've run those commands and this is the output:
root@opnsense01:~ # /usr/bin/time configctl firmware check
{"connection":"ok","repository":"ok","product_version":"17.7.12-2c647006e","product_name":"opnsense","os_version":"FreeBSD 11.0-RELEASE-p17","last_check":"Wed Jan 24 19:05:29 CET 2018","updates":"0","download_size":"","new_packages":[],"reinstall_packages":[],"upgrade_packages":[],"downgrade_packages":[],"upgrade_needs_reboot":"0"}
3.10 real 0.01 user 0.00 sys
root@opnsense01:~ #
root@opnsense01:~ # /usr/bin/time configctl firmware check
^[O3P{"connection":"error","repository":"error","product_version":"17.7.12-2c647006e","product_name":"opnsense","os_version":"FreeBSD 11.0-RELEASE-p17","last_check":"Wed Jan 24 19:07:02 CET 2018","updates":"","download_size":"","new_packages":[],"reinstall_packages":[],"upgrade_packages":[],"downgrade_packages":[],"upgrade_needs_reboot":"0"}
61.09 real 0.01 user 0.00 sys
As far as I'm aware all my IPv6 is working as it should, what else would you need to debug this problem?
-
For the second one 60 seconds is really really long. 60 seconds triggers the hard-wired timeout.
All it does is fetch the mirror database and parse it.
I still think this keeps hanging eventually:
# /usr/bin/time pkg update -f
Or at least very slowly load the database....
A way to avoid his is console option 12 which offers no visible GUI auditing, but runs fine eventually. It *could* be added as a GUI update option too, but there will be no analysis or changelog display or reboot confirmation.
Cheers,
Franco
-
I have also noticed this behavior forever. Whenever the update tab is pressed it always fails with the message "Firmware status check was aborted internally. Please try again." But the page lists any new firmware available in the list below. If I click update again it successfully updates. I considered this a nuisance, but it would be good if this can be resolved.
Another suggestion that I have is regarding disabling the list of every single update from the day OPNsense was launched (15.1) Since all branches other than 18 is not supported or even revertible to having this in the update tab serves no purpose as the information is available on the OPNsense webpage anyway. It would be much cleaner to have only the last few updates listed (maybe 4).