[solved] opnsense mirrors: "Connection refused" when checking for updates

Started by chris888, January 17, 2024, 10:35:00 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 17, 2024, 10:35:00 PM Last Edit: January 21, 2024, 09:59:05 AM by chris888
Hi - since a few days, I get errors on a quite old HA install - both, from GUI and from command line.
The error is on both nodes and I tried different mirrors, all with the same result.
Code Select

configctl firmware check
OK

Code Select

opnsense-update -M
https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7

Code Select

pkg update -f
Updating OPNsense repository catalogue...
pkg: https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7/latest/meta.txz: Connection refused
repository OPNsense has no meta file, using default settings
pkg: https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7/latest/packagesite.pkg: Connection refused
pkg: https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7/latest/packagesite.txz: Connection refused
Unable to update repository OPNsense
Error updating repositories!


Doing a ping or curl in the same session works without problems - e.g.:
Code Select

curl "https://mirror-opnsense.serverbase.ch/FreeBSD:13:amd64/23.7/latest/packagesite.pkg"


The logs show nothing special - except that the upgrade fails.

Code Select

configd.py 93027 - [meta sequenceId="393"] [bb7ec313-3623-4a36-85bb-9fce6a4d4600] Script action failed with Command '/usr/local/opnsense/scripts/firmware/query.sh remote ' returned non-zero exit status 1. at Traceback (most recent call last):   File "/usr/local/opnsense/service/modules/actions/script_output.py", line 44, in execute     subprocess.check_call(script_command, env=self.config_environment, shell=True,   File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call     raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/firmware/query.sh remote ' returned non-zero exit status 1.
January 17, 2024, 10:53:07 PM #1
Pick a different mirror?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 18, 2024, 02:44:12 PM #2
Quote from: Patrick M. Hausen on January 17, 2024, 10:53:07 PM
Pick a different mirror?

Thanks for your response, but ...

Quote from: chris888 on January 17, 2024, 10:35:00 PM
(...) and I tried different mirrors (...)

and all failed with the same error message.
January 18, 2024, 02:56:50 PM #3
Sorry, I concentrated on the code snippets while reading and missed that.

Is there another firewall system in front of this setup? If not, try to tcpdump on the WAN interface and find out who's sending the ICMP unreachable messages.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 18, 2024, 06:05:34 PM #4
For me, it doesn't look like a connectivity issue. The same connection with CURL is fine.
I also tried to avoid possible issues with IPv6 by using pkg -4 in the console, but this didn't help.

Does anyone know what causes the mirrors to answer with "Connection refused"?

Connecting with curl from the firewall or any webbrowser from clients in the internal network to the mirrors works without any issues.
January 19, 2024, 12:43:06 PM #5
I finally found the problem: there was an orphaned proxy setting in /usr/local/etc/pkg.conf
Print
Go Up Pages1
User actions