Fetching changelog information, please wait... fetch: transfer timed out

Started by Nadir22, August 08, 2022, 12:13:16 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
August 08, 2022, 12:13:16 PM Last Edit: August 08, 2022, 01:30:25 PM by Nadir22
Hello, upgraded from 22.1.10 to 22.7 and firmware updates no longer working
Default mirror can be pinged successfully

# /sbin/ping -4 -S '<WAN_IP>'  -c '3' 'pkg.opnsense.org'
PING pkg.opnsense.org (89.149.211.205) from <WAN_IP>: 56 data bytes
64 bytes from 89.149.211.205: icmp_seq=0 ttl=52 time=28.732 ms
64 bytes from 89.149.211.205: icmp_seq=1 ttl=52 time=28.761 ms
64 bytes from 89.149.211.205: icmp_seq=2 ttl=52 time=28.721 ms

--- pkg.opnsense.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 28.721/28.738/28.761/0.017 ms

checking for updates result in

***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7 (amd64/OpenSSL) at Mon Aug  8 12:07:33 CEST 2022
Fetching changelog information, please wait... fetch: transfer timed out
Updating OPNsense repository catalogue...

Any advice ?
August 08, 2022, 02:53:46 PM #1
Why not post the full connectivity audit. The fetch could still use IPv6 and fail.


Cheers,
Franco
August 08, 2022, 03:55:22 PM #2
Quote from: franco on August 08, 2022, 02:53:46 PM
Why not post the full connectivity audit. The fetch could still use IPv6 and fail.

I have no IPv6 connectivity and IPv6 is disabled in OPNsense
August 08, 2022, 05:19:04 PM #3
Please find below connectivity audit, it took lots of time because of the timeouts

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7 (amd64/OpenSSL) at Mon Aug  8 15:55:58 CEST 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Operation timed out
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/meta.txz: Operation timed out
repository SunnyValley has no meta file, using default settings
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.pkg: Operation timed out
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.txz: Operation timed out
Unable to update repository SunnyValley
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/meta.txz: Non-recoverable resolver failure
repository SunnyValley has no meta file, using default settings
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository SunnyValley
Error updating repositories!
***DONE***
August 10, 2022, 07:19:57 AM #4
I was investigating further this issue and after setting up a new server with 22.1.10 and imported the latest backup taken before upgrading to 22.7 everything is working fine on the same network.
The issue with 22.7 is still persisting so the upgrade from 22.1.10 to 22.7 is broken somewhere as there are no changes in the configuration and the network is the same.
Any help in sorting out this issue would be appreciated.
August 10, 2022, 08:13:15 AM #5
Quote from: Nadir22 on August 10, 2022, 07:19:57 AM
I was investigating further this issue and after setting up a new server with 22.1.10 and imported the latest backup taken before upgrading to 22.7 everything is working fine on the same network.
The issue with 22.7 is still persisting so the upgrade from 22.1.10 to 22.7 is broken somewhere as there are no changes in the configuration and the network is the same.
Any help in sorting out this issue would be appreciated.

Sorry, I had a bit of an issue understanding what you are saying here... are you saying that the restoration of the latest backup corrected the issue? Or are you saying that it failed to correct the issue?

Also, this seems to be pretty similar to what I described in https://forum.opnsense.org/index.php?topic=29776.0 ... did you have similar findings throughout the course of your investigation?
August 10, 2022, 08:24:48 AM #6
same situation as above.
before upgrading everything was ok
please help Mr Franco
thanks a lot for opnsense
best regerds


Code Select
upgraded from 22.1.10 to 22.7
***GOT REQUEST TO CHECK FOR UPDATES***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Wed Aug 10 07:54:30 CEST 2022
Fetching changelog information, please wait... fetch: transfer timed out
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: No address record
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: No address record
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: No address record
Unable to update repository OPNsense
Updating SunnyValley repository catalogue...
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/meta.txz: No address record
repository SunnyValley has no meta file, using default settings
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.pkg: No address record
pkg: https://updates.sunnyvalley.io/opnsense/FreeBSD:13:amd64/22.7/OpenSSL/latest/packagesite.txz: No address record
Unable to update repository SunnyValley
Error updating repositories!
pkg: Repository OPNsense cannot be opened. 'pkg update' required
Checking integrity... done (0 conflicting)
Your packages are up to date.

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Wed Aug 10 08:22:32 CEST 2022
No IPv4 address could be found for host: pkg.opnsense.org
No IPv6 address could be found for host: pkg.opnsense.org
***DONE***

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Wed Aug 10 08:23:16 CEST 2022
>>> Check installed kernel version
Version 22.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
SunnyValley
OPNsense
>>> Check installed plugins
os-dnscrypt-proxy 1.12
os-dyndns 1.27_3
os-etpro-telemetry 1.6_1
os-intrusion-detection-content-snort-vrt 1.1_1
os-nextcloud-backup 1.0_1
os-sensei 1.11.4
os-sensei-updater 1.11
os-sunnyvalley 1.2_2
os-wireguard 1.11
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: .
beep-1.0_1 has no upstream equivalent
Checking packages: .
ca_root_nss-3.80 has no upstream equivalent
Checking packages: .
choparp-20150613 has no upstream equivalent
Checking packages: .
cpustats-0.1 has no upstream equivalent
Checking packages: .
dhcp6c-20200512_1 has no upstream equivalent
Checking packages: .
dnsmasq-2.86_4,1 has no upstream equivalent
Checking packages: .
dpinger-3.2 has no upstream equivalent
Checking packages: .
expiretable-0.6_2 has no upstream equivalent
Checking packages: .
filterlog-0.6 has no upstream equivalent
Checking packages: .
flock-2.37.2 has no upstream equivalent
Checking packages: .
flowd-0.9.1_3 has no upstream equivalent
Checking packages: .
hostapd-2.10_5 has no upstream equivalent
Checking packages: .
ifinfo-13.0 has no upstream equivalent
Checking packages: .
iftop-1.0.p4 has no upstream equivalent
Checking packages: .
isc-dhcp44-relay-4.4.2P1 has no upstream equivalent
Checking packages: .
isc-dhcp44-server-4.4.2P1_1 has no upstream equivalent
Checking packages: .
lighttpd-1.4.65 has no upstream equivalent
Checking packages: .
monit-5.32.0 has no upstream equivalent
Checking packages: .
mpd5-5.9_9 has no upstream equivalent
Checking packages: .
ntp-4.2.8p15_5 has no upstream equivalent
Checking packages: .
openssh-portable-8.9.p1_4,1 has no upstream equivalent
Checking packages: .
openssl-1.1.1q,1 has no upstream equivalent
Checking packages: .
openvpn-2.5.7 has no upstream equivalent
Checking packages: .
opnsense-22.7_4 has no upstream equivalent
Checking packages: .
opnsense-installer-22.1 has no upstream equivalent
Checking packages: .
opnsense-lang-22.7 has no upstream equivalent
Checking packages: .
opnsense-update-22.7 has no upstream equivalent
Checking packages: .
pam_opnsense-19.1.3 has no upstream equivalent
Checking packages: .
pftop-0.8 has no upstream equivalent
Checking packages: .
php80-ctype-8.0.20 has no upstream equivalent
Checking packages: .
php80-curl-8.0.20 has no upstream equivalent
Checking packages: .
php80-dom-8.0.20 has no upstream equivalent
Checking packages: .
php80-filter-8.0.20 has no upstream equivalent
Checking packages: .
php80-gettext-8.0.20 has no upstream equivalent
Checking packages: .
php80-google-api-php-client-2.4.0 has no upstream equivalent
Checking packages: .
php80-ldap-8.0.20 has no upstream equivalent
Checking packages: .
php80-pdo-8.0.20 has no upstream equivalent
Checking packages: .
php80-pecl-radius-1.4.0b1_2 has no upstream equivalent
Checking packages: .
php80-phalcon-5.0.0.r2 has no upstream equivalent
Checking packages: .
php80-phpseclib-2.0.37 has no upstream equivalent
Checking packages: .
php80-session-8.0.20 has no upstream equivalent
Checking packages: .
php80-simplexml-8.0.20 has no upstream equivalent
Checking packages: .
php80-sockets-8.0.20 has no upstream equivalent
Checking packages: .
php80-sqlite3-8.0.20 has no upstream equivalent
Checking packages: .
php80-xml-8.0.20 has no upstream equivalent
Checking packages: .
php80-zlib-8.0.20 has no upstream equivalent
Checking packages: .
pkg-1.17.5_1 has no upstream equivalent
Checking packages: .
py39-Jinja2-3.0.1 has no upstream equivalent
Checking packages: .
py39-dnspython-2.2.1_1,1 has no upstream equivalent
Checking packages: .
py39-netaddr-0.8.0 has no upstream equivalent
Checking packages: .
py39-requests-2.28.1 has no upstream equivalent
Checking packages: .
py39-sqlite3-3.9.13_7 has no upstream equivalent
Checking packages: .
py39-ujson-5.0.0 has no upstream equivalent
Checking packages: .
py39-vici-5.9.3 has no upstream equivalent
Checking packages: .
radvd-2.19_1 has no upstream equivalent
Checking packages: .
rrdtool-1.7.2_6 has no upstream equivalent
Checking packages: .
samplicator-1.3.8.r1_1 has no upstream equivalent
Checking packages: .
squid-4.15 has no upstream equivalent
Checking packages: .
strongswan-5.9.6_2 has no upstream equivalent
Checking packages: .
sudo-1.9.11p3 has no upstream equivalent
Checking packages: .
suricata-6.0.6 has no upstream equivalent
Checking packages: .
syslog-ng-3.37.1 has no upstream equivalent
Checking packages: .
unbound-1.16.1 has no upstream equivalent
Checking packages: .
wpa_supplicant-2.10_6 has no upstream equivalent
Checking packages: .
zip-3.0_1 has no upstream equivalent
***DONE***
August 10, 2022, 09:19:17 AM #7
Same for me.

From a browser https://pkg.opnsense.org/FreeBSD:13:amd64/22.7 works fine.

Code Select

***GOT REQUEST TO AUDIT CONNECTIVITY***
Currently running OPNsense 22.7_4 (amd64/OpenSSL) at Tue Aug  9 17:11:20 CEST 2022
Checking connectivity for host: pkg.opnsense.org -> 89.149.211.205
PING 89.149.211.205 (89.149.211.205): 1500 data bytes

--- 89.149.211.205 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
Checking connectivity for repository (IPv4): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Operation timed out
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Operation timed out
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Operation timed out
Unable to update repository OPNsense
Error updating repositories!
Checking connectivity for host: pkg.opnsense.org -> 2001:1af8:4f00:a005:5::
ping: UDP connect: No route to host
Checking connectivity for repository (IPv6): https://pkg.opnsense.org/FreeBSD:13:amd64/22.7
Updating OPNsense repository catalogue...
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: Non-recoverable resolver failure
repository OPNsense has no meta file, using default settings
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: Non-recoverable resolver failure
pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz: Non-recoverable resolver failure
Unable to update repository OPNsense
Error updating repositories!
***DONE***


ping from OpnSense box isn't working, from a PC connecting through this box it does work however.
Code Select

# /sbin/ping -4 -c '3' 'pkg.opnsense.org'
PING pkg.opnsense.org (89.149.211.205): 56 data bytes

--- pkg.opnsense.org ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
August 10, 2022, 10:04:56 AM #8 Last Edit: August 10, 2022, 10:38:07 AM by fxsaddict
other hints:

# /sbin/ping -4 -c '3' 'google.com'
ping: cannot resolve google.com: Host name lookup failure

# /sbin/ping -4 -c '3' 'pkg.opnsense.org'
ping: cannot resolve pkg.opnsense.org: Host name lookup failure

# /sbin/ping -4 -c '3' '89.149.211.205'
PING 89.149.211.205 (89.149.211.205): 56 data bytes

--- 89.149.211.205 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

behind the firewall, ping seems ok

# /sbin/ping -4 -c '3' '192.168.x0.y0y'
PING 192.168.x0.y0y (192.168.x0.y0y): 56 data bytes
64 bytes from 192.168.x0.y0y: icmp_seq=0 ttl=255 time=0.321 ms
64 bytes from 192.168.x0.y0y: icmp_seq=1 ttl=255 time=0.436 ms
64 bytes from 192.168.x0.y0y: icmp_seq=2 ttl=255 time=0.448 ms

--- 192.168.x0.y0y ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.321/0.402/0.448/0.057 ms

inside lan, dmz, ... we can reach everything

August 10, 2022, 10:36:20 AM #9 Last Edit: August 10, 2022, 10:44:34 AM by fbantgat7
I have what appears to be a similar problem, but had noticed this behaviour since 22.1.4 on an apu4 router.  I was hoping 22.7 would have resolved it, but it is still there.  This has made me stick with 22.1.2_2 which works fine without any such problem.

There seems to be some connectivity problem specifically over https.  Most https websites, e.g. https://forum.opnsense.org time out.  Same with happens with any attempt to run an opnsense update after initial installation.  I can ping the domains I am attempting to connect to, but cannot connect over https due to timeouts.  Starting with a basic configuration and looking at the live firewall logs, there are no indications of default rules causing blocking on the affected websites.  I don't think I have a DNS issue, because names can be resolved.  Some https websites can connect, but with huge latency.  This is what I got from a PC on the LAN as I was trying to get 22.7 to work with a website which did NOT time out:
Code Select
~ $ httping -l -g https://www.bbc.co.uk/
PING www.bbc.co.uk:443 (/):
connected to 212.58.233.254:443 (3592 bytes), seq=0 time=3414.96 ms
connected to 212.58.233.254:443 (3592 bytes), seq=1 time=3429.68 ms
connected to 212.58.237.254:443 (3593 bytes), seq=2 time=3411.07 ms
--- https://www.bbc.co.uk/ ping statistics ---
3 connects, 3 ok, 0.00% failed, time 12257ms
round-trip min/avg/max = 3411.1/3418.6/3429.7 ms
Code Select
~ $ ping -c 4 212.58.233.254
PING 212.58.233.254 (212.58.233.254) 56(84) bytes of data.
64 bytes from 212.58.233.254: icmp_seq=1 ttl=54 time=17.7 ms
64 bytes from 212.58.233.254: icmp_seq=2 ttl=54 time=16.8 ms

This is the result when connecting with 22.1.2_2:
Code Select
~ $ httping -l -g https://www.bbc.co.uk/
PING www.bbc.co.uk:443 (/):
connected to 212.58.233.252:443 (3592 bytes), seq=0 time= 73.40 ms
connected to 212.58.233.252:443 (3592 bytes), seq=1 time= 71.60 ms
--- https://www.bbc.co.uk/ ping statistics ---
2 connects, 2 ok, 0.00% failed, time 2099ms
round-trip min/avg/max = 71.6/72.5/73.4 ms
Code Select
~ $ ping -c 4 212.58.237.252
PING 212.58.237.252 (212.58.237.252) 56(84) bytes of data.
64 bytes from 212.58.237.252: icmp_seq=1 ttl=55 time=16.7 ms
64 bytes from 212.58.237.252: icmp_seq=2 ttl=55 time=17.2 ms
--- 212.58.237.252 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 16.690/16.963/17.237/0.273 ms
If you need particular logs to help troubleshoot this, please let me know how/where I could get them - I'm new on opnsense.
August 10, 2022, 07:19:05 PM #10 Last Edit: August 10, 2022, 07:23:26 PM by fxsaddict
is it normal i see 22.7.1, 22.7 (installed) with changelog instead of 22.7_4 ?
is it discrepancy?

Lobby.dashboard
Versions   OPNsense 22.7_4-amd64
FreeBSD 13.1-RELEASE
OpenSSL 1.1.1q 5 Jul 2022
Updates   Click to view pending updates.
CPU type   Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz (4 cores, 8 threads)
Memory usage  18 % ( 2953/16244 MB )
Disk usage 1% / [ufs] (4.2G/424G)

System:Firmware:status
Type   opnsense   
Version   22.7_4   
Architecture   amd64   
Flavour   OpenSSL   
Commit   909dcabd5   
Mirror   https://pkg.opnsense.org/FreeBSD:13:amd64/22.7   
Repositories   OPNsense, SunnyValley   
Updated on   Wed Aug 10 00:21:08 CEST 2022   
Checked on   Wed Aug 10 10:48:45 CEST 2022

System:Firmware: changelog
Version   Date   
22.7.1   2022-08-09   
22.7 (installed)   2022-07-28   
22.1.10   2022-07-07
August 11, 2022, 02:55:45 AM #11
Also getting the exact same problem.  Protectli VP2410 - 4 Port Intel.  Previous responded ping tests fail, timeouts when updating with 3 different mirrors.
August 11, 2022, 08:54:36 AM #12
Quote from: cpower on August 10, 2022, 08:13:15 AM
Quote from: Nadir22 on August 10, 2022, 07:19:57 AM
I was investigating further this issue and after setting up a new server with 22.1.10 and imported the latest backup taken before upgrading to 22.7 everything is working fine on the same network.
The issue with 22.7 is still persisting so the upgrade from 22.1.10 to 22.7 is broken somewhere as there are no changes in the configuration and the network is the same.
Any help in sorting out this issue would be appreciated.

Sorry, I had a bit of an issue understanding what you are saying here... are you saying that the restoration of the latest backup corrected the issue? Or are you saying that it failed to correct the issue?

Also, this seems to be pretty similar to what I described in https://forum.opnsense.org/index.php?topic=29776.0 ... did you have similar findings throughout the course of your investigation?

I was just saying that I installed a new 22.1.10 server and restored the latest backup of the 22.1.10 taken just before upgrading the other node to 22.7 and everything is working fine with updates, so the issue reported here is caused by the upgrade to 22.7
August 11, 2022, 08:59:04 AM #13
Quote from: SCSi on August 11, 2022, 02:55:45 AM
Also getting the exact same problem.  Protectli VP2410 - 4 Port Intel.  Previous responded ping tests fail, timeouts when updating with 3 different mirrors.

The upgrade to 22.7 is definitely broken, probably something has been corrected in newer 22.7 updates however I am unable to move forward after upgrading to 22.7, the newer updates can't be installed anymore because all mirrors are unreachable.
August 11, 2022, 09:42:40 AM #14
I have updated a handful of firewalls to 22.1 and two to 22.7 and I have never seen this problem.

The key issue seems to revolve around IPv6 connectivity in my opinion. I have working IPv6 everywhere.

Do your setups possibly have no IPv6 routing? The error messages look like the OPNsense tries to communicate via IPv6 for "reasons" without having a proper IPv6 uplink.

HTH,
Patrick
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1 2
User actions