Strange issue updating packages

Started by securitypedant, June 13, 2024, 05:40:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 13, 2024, 05:40:05 AM Last Edit: June 13, 2024, 05:44:12 AM by securitypedant
I have the following setup, I followed this guide because I intend to install ZenArmour.
https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

Version: OPNsense 24.1.8-amd64

Two interfaces in bridge mode:
LAN (opt1)   
   device: re0
   link type: none
WAN (opt2)
    device: re1
    link type: none
Bridge (opt3)
    device: bridge0
    link type: static
    IPv4: 192.168.1.2/23
    Routes: 192.168.0.0/23

Network topography is...
Internet > Arris modem > Unifi USG Lite gateway > OPNsense device > Unifi Switch connected to the rest of my local network

Bridge is working great, all traffic from my network is passing over the bridge without issue. Now I wanted to install ZenArmour, but when I go to System > Firmware > Status and Check for updates, it fails with the error "Could not find the repository on the selected mirror."

Updates log shows...
Quote***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 24.1.8 at Thu Jun 13 03:33:08 UTC 2024
Fetching changelog information, please wait... fetch: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/sets/changelog.txz: Network is unreachable
Updating OPNsense repository catalogue...
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/meta.txz: Network is unreachable
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.pkg: Network is unreachable
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/24.1/latest/packagesite.txz: Network is unreachable
Unable to update repository OPNsense
Error updating repositories!
pkg: Repository OPNsense has a wrong packagesite, need to re-create database
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.
***DONE***

I figured somehow DNS wasn't working, so I went to Interfaces > Diagnostics > DNS Lookup and entered "pkg.opnsense.org". I got the following reply.

Response
Type   Answer   Server   Query time
A   pkg.opnsense.org. 900 IN A 89.149.222.99   192.168.1.4   28 msec
AAAA   pkg.opnsense.org. 900 IN AAAA 2001:1af8:5300:a010:1::1   192.168.1.4   27 msec

So DNS seems to be working fine, that's my local DNS server that's external to the OPNsense device that forwards requests onto my Cloudflare DNS resolvers.

I resolved "pkg.opnsense.org" to 89.149.222.99 on another device and attempted to ping it from Interfaces > Diagnostics > Ping

All packets failed, with the error "sendto: No route to host".

If I ping any address on my 192.168.1.0 network, those pings do work.

I looked at the "IPv4 gateway rules" option on the Bridge interface, but it just says "Disabled". I don't see a way to specify the default route.

Any ideas what's going on? The bridge is working, but the OS doesn't seem to know a valid route to the internet.
June 13, 2024, 05:52:46 AM #1
Fixed it!

I had to go System > Gateways > Configuration.

Add a new gateway with the following settings.

QuoteName: Internet gateway
Interface: Bridge
Address Family: IPv4
IP Address: 192.168.1.1
Upstream Gateway: Enabled

This fixed the issue.
Print
Go Up Pages1
User actions