Solved: Update error, wrong firmware, package database version mismatch

Started by jobero, March 10, 2024, 05:49:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 10, 2024, 05:49:00 AM Last Edit: April 20, 2024, 07:17:16 PM by jobero
Hello.

After updating to Firmware 24.1_1 the firmware updater run into trouble.


The check will re-create the database. Looking like this:

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.1_1 at Sun Mar 10 04:10:55 CET 2024
Fetching changelog information, please wait... fetch: transfer timed out
Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
Waiting for another process to update repository OPNsense
All repositories are up to date.
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking for upgrades (0 candidates): . done
Processing candidates (0 candidates): . done
Checking integrity... done (0 conflicting)
Your packages are up to date.
self: No packages available to install matching 'opnsense'
***DONE***

Searching for an update results in attached error in file opnsense_update_error1.PNG: The with the message release type "opnsense" is not available in this repository.

The history page for the firmware shows the wrong installed version 24.1. Instead the main page of opnsense shows version information:
OPNsense 24.1_1-amd64
FreeBSD 13.2-RELEASE-p9
OpenSSL 3.0.12
See also attached file opnsense_update_error2.PNG for the version history page.

The status page shows opnsense version 24.1_1 and looks like the attached picture opnsense_update_error3.PNG

So I have a mismatch in version history between installed software and package manager.

Changing the package repository doesn't changed system's behaviour.
In use is unbound for DNS resolution. Sending a ping to an IP works, DNS resolution for an address not. VPN is working fine, too.

I'm sure I missed something but hesitage to ask what is needed.
Do you have any hints for troubleshooting this issue?
March 10, 2024, 03:40:49 PM #1
It looks like your DNS resolution is broken.

What do you have under System: Settings: General for Networking?

What do you have under Services: Unbound DNS: Query Forwarding and Services: Unbound DNS: DNS over TLS?

What do you get on Interfaces: Diagnostics: DNS Lookup for pkg.opnsense.org?  Leave the server field blank.
March 11, 2024, 10:49:14 AM #2 Last Edit: March 11, 2024, 10:51:34 AM by jobero
Here are the results:
1. System: Settings: General for Networking:
Selected the checkbox to prefer IPv4 over IPv6
and three DNS servers connected with the WAN_GW.
The servers are 9.9.9.9, 213.187.64.1 and 217.69.224.73.

2.1 Services: Unbound DNS: Query Forwarding:
no entries nor selected checkbox "Use System Nameservers"
2.2 Services: Unbound DNS: DNS over TLS:
no entries nor selected checkbox "Use System Nameservers"

3. Interfaces: Diagnostics: DNS Lookup for pkg.opnsense.org:
A | pkg.opnsense.org. 155 IN A 89.149.222.99   | 9.9.9.9 | 6 msec
March 11, 2024, 12:50:11 PM #3
You mentioned seeing DNS resolution issues?  Where was that?

What happens if you run a Connectivity Audit under System: Firmware?
March 11, 2024, 01:24:37 PM #4
> The history page for the firmware shows the wrong installed version 24.1. Instead the main page of opnsense shows version information:
> OPNsense 24.1_1-amd64

Which is still a correct version 24.1 ;)

Looks like another pkg process is stuck, but probably because it cannot reach the update server.

You can kill the stuck process(es) using:

# killall pkg && killall pkg-static

And test connectivity with:

# pkg update -f


Cheers,
Franco
March 11, 2024, 02:00:09 PM #5
The DNS resolution issues appear under Interfaces -> Diagnostic -> Ping - see attached picture. Checking a website's name is not possible.

It takes a long time to load Firmware Status page.
After clicking on "Connectivity Audit" a page change to the update tab occured and it was written, that the system is waiting for another process to finish.
Will have to wait to get into running diagnostics.


The results are:

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 24.1_1 at Mon Mar 11 13:36:07 CET 2024
Checking connectivity for host: pkg.opnsense.org -> 89.149.222.99
PING 89.149.222.99 (89.149.222.99): 1500 data bytes

--- 89.149.222.99 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/24.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/meta.txz: Operation timed out
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:5300:a010:1::1
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/24.1
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***
March 13, 2024, 08:03:34 AM #6
Here we go on the terminal:

> Which is still a correct version 24.1 ;)

You are right. I thought that version OPNsense 24.1_1 is the first point release after the final 24.1 release. But maybe I am wrong.

> Looks like another pkg process is stuck, but probably because it cannot reach the update server.
> You can kill the stuck process(es) using:
> # killall pkg && killall pkg-static

The systems told me, that there is no active process: "No matching processes were found."

> And test connectivity with:
># pkg update -f

Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/meta.txz: Operation timed out
pkg: Repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Error updating repositories!


Checking OS-Version with the help of "pkg query %v pam_opnsense" returns version 24.1; uname -mrs will give me "13.2-RELEASE-p9 amd64"


Found the possibility setting the Firmware Settings Flavour to"(other)" and insert text: "22.1/latest"
Changed it to "24.1/latest" but had also no luck. I think, this will work with correct DNS resolution, right?
March 13, 2024, 01:51:29 PM #7
Tried two commands in the terminal

1. drill pkg.opnsense.org
Output in attached picture.

2. host pkg.opnsense.org
Output:
pkg.opnsense.org has address 89.149.222.99
pkg.opnsense.org has IPv6 address 2001:1af8:5300:a010:1::1
April 20, 2024, 07:16:19 PM #8
The trouble was caused by two configured gateways due to network topology.
With the update to 24.1 it seems that the internal interface with their gateway was started before the external interface and so the default gateway for internet connections was the internal route.
Changing gateway priority and setting up a route solved the problem in the end.
Print
Go Up Pages1
User actions