Fetching changelog information, please wait... fetch: transfer timed out

[fxsaddict]

small lan (pcs linuxmint or win, mac, microservers ubuntu/linuxmint - ufw no ipv6,  managed switch -no ipv6, wifi) -> firewall (no ipv6 in initial setup-> box internet provider (no ipv6).

The initial setup was made without ipv6.

No change was made recently (without exception regular update)

If somebody tells me where I can can double check the config, i will...

Other  facts:

system logfiles bakend
2022-08-10T08:16:46   Error   configd.py   [d5095e33-7fea-4571-bb7e-c463be8a315e] Script action failed with Command 'pkg update -q && pkg rquery -U "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 482, in execute subprocess.check_call(script_command, env=self.config_environment, shell=True, File "/usr/local/lib/python3.9/subprocess.py", line 373, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command 'pkg update -q && pkg rquery -U "%n|||%v|||%c|||%sh|||0|||0|||%L|||%R|||%o" ' returned non-zero exit status 1.   
2022-08-10T07:56:30   Error   configd.py   Timeout (120) executing : firmware remote   
2022-08-10T01:50:22   Error   configd.py   [677b51f3-0277-4d8d-a4ce-d568a1b36010] Script action stderr returned "b'pkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/meta.txz: No address record\npkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.pkg: No address record\npkg: https://pkg.opnsense.org/FreeBSD:13:amd64/22.7/latest/packagesite.txz'"

system logfiles general
2022-08-11T00:22:32   Error   opnsense   /usr/local/etc/rc.newwanip: On (IP address: 192.168.2.131) (interface: WAN[wan]) (real interface: igb1).   
2022-08-11T00:22:32   Error   opnsense   /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb1'   
2022-08-11T00:22:32   Error   dhclient   unknown dhcp option value 0x7d   
2022-08-11T00:19:42   Error   send_heartbeat.py   connection error sending heartbeat to https://opnsense.emergingthreats.net/api/v1/telemetry

[SCSi]

I have updated a handful of firewalls to 22.1 and two to 22.7 and I have never seen this problem.

The key issue seems to revolve around IPv6 connectivity in my opinion. I have working IPv6 everywhere.

Do your setups possibly have no IPv6 routing? The error messages look like the OPNsense tries to communicate via IPv6 for "reasons" without having a proper IPv6 uplink.

HTH,
Patrick

I think you figured out what was wrong.  I'm on a ipv4 network only (no ipv6). 

Since the upgrade remote syslog stopped working (Syslog connection failed; fd='33', server='AF_INET(ip.v4.addy.here:514)', error='Operation timed out (60)', time_reopen='60')

Behind the OPNSense I can hit the syslog port fine on TCP and UDP.

NTP gives no active peers.  I havent changed any settings with those 2 service since the upgrade.


Edit: On my install at home on a VM + full ipv6, the upgrade went flawlessly and everything works.

[fbantgat7]

I don't think this is an IPv4 Vs IPv6 problem, at least this is not the problem with my apu box.  I tried again today, clean install of 22.7 and loaded up the 22.1 config.  After booting I tried an update and it hangs for ever, unable to connect to the server over https, although I can ping pkg.opnsense.org from the router and a PC on the LAN.

Code Select Expand

~ $ ping -c 3 pkg.opnsense.org
PING pkg.opnsense.org(2001:1af8:4f00:a005:5:: (2001:1af8:4f00:a005:5::)) 56 data bytes
64 bytes from 2001:1af8:4f00:a005:5:: (2001:1af8:4f00:a005:5::): icmp_seq=1 ttl=55 time=23.2 ms
64 bytes from 2001:1af8:4f00:a005:5:: (2001:1af8:4f00:a005:5::): icmp_seq=2 ttl=55 time=23.1 ms
64 bytes from 2001:1af8:4f00:a005:5:: (2001:1af8:4f00:a005:5::): icmp_seq=3 ttl=55 time=23.5 ms

--- pkg.opnsense.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 23.064/23.263/23.506/0.183 ms

Code Select Expand

~ $ ping -4 -c 3 pkg.opnsense.org
PING  (89.149.211.205) 56(84) bytes of data.
64 bytes from 89.149.211.205 (89.149.211.205): icmp_seq=1 ttl=57 time=24.4 ms
64 bytes from 89.149.211.205 (89.149.211.205): icmp_seq=2 ttl=57 time=25.6 ms
64 bytes from 89.149.211.205 (89.149.211.205): icmp_seq=3 ttl=57 time=25.6 ms

---  ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 24.445/25.217/25.629/0.546 ms

Connecting over http works:

Code Select Expand

~ $ httping -c 3 -g http://pkg.opnsense.org
PING pkg.opnsense.org:80 (/):
connected to 89.149.211.205:80 (134 bytes), seq=0 time= 47.72 ms
connected to 89.149.211.205:80 (134 bytes), seq=1 time= 47.72 ms
connected to 89.149.211.205:80 (134 bytes), seq=2 time= 50.31 ms
--- http://pkg.opnsense.org/ ping statistics ---
3 connects, 3 ok, 0.00% failed, time 3147ms
round-trip min/avg/max = 47.7/48.6/50.3 ms

Code Select Expand

~ $ httping -6 -c 3 -g http://pkg.opnsense.org
PING pkg.opnsense.org:80 (/):
connected to [2001:1af8:4f00:a005:5::]:80 (134 bytes), seq=0 time= 55.21 ms
connected to [2001:1af8:4f00:a005:5::]:80 (134 bytes), seq=1 time= 54.93 ms
connected to [2001:1af8:4f00:a005:5::]:80 (134 bytes), seq=2 time= 50.28 ms
--- http://pkg.opnsense.org/ ping statistics ---
3 connects, 3 ok, 0.00% failed, time 3162ms
round-trip min/avg/max = 50.3/53.5/55.2 ms

Over https fails no matter how long I wait:

Code Select Expand

~ $ httping -c 3 -l -g https://pkg.opnsense.org
PING pkg.opnsense.org:443 (/):
^CGot signal 2


What could be causing this problem?

[Patrick M. Hausen]

tcpdump on WAN and look at the packets ...

[workswiththeweb]

Disabling gateway switching worked for me.

See my post in another thread here: https://forum.opnsense.org/index.php?topic=29776.msg143957#msg143957

[SCSi]

So more info:

1. ipv4 only, but gateway-switching disabled (it was enabled): it kept on erroring UNTIL a reboot.  After a reboot everything started working again.

So it looks like if you disable gateway-switching like previous posts said, you need to reboot.

[Mks]

Dear all,

I faced similar issues. I activated "Do not use the local DNS service as a nameserver for this system" and I worked. Switching back to the previous setting (Deactivated the setting again) and still fine.

br

[fbantgat7]

tcpdump on WAN and look at the packets ...

Thank you pmhausen.  I had some time today, so I looked into it with tcpdump and discovered it had to do with my MTU setting.  I should have thought of this sooner! ::)  I had set MTU 1508 on WAN so that I get 1500 on PPPoE.  This worked with 22.1.2, but not thereafter.  Leaving the WAN MTU setting empty in the Wizard meant I was able to connect to the update server, setting it to 1508 caused it to fail.

So I ran 'ifconfig igb0 mtu 1508' to set it on the port, restarted the WAN interface and it now works as expected.

PS. I had checked the gateway switching setting earlier which was also recommended, but I always had this disabled.

[schup]

None of the options worked for me
- Disabling gateway switching (wasn't on before but enabled and disabled with restarts after each change)
- Do not use the local DNS service as a nameserver for this system
- MTU is using default 1500

This breaks opensense update and Lets Encrypt certificate update.

Code Select Expand

# /sbin/ping -4 -c '3' 'example.com'
PING example.com (93.184.216.34): 56 data bytes

--- example.com ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

When I set the source for the ping it works

Code Select Expand


# /sbin/ping -4 -S '185.151.22.135'  -c '3' '93.184.216.34'
PING 93.184.216.34 (93.184.216.34) from 185.151.22.135: 56 data bytes
64 bytes from 93.184.216.34: icmp_seq=0 ttl=58 time=92.916 ms
64 bytes from 93.184.216.34: icmp_seq=1 ttl=58 time=92.944 ms
64 bytes from 93.184.216.34: icmp_seq=2 ttl=58 time=92.844 ms

--- 93.184.216.34 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 92.844/92.901/92.944/0.042 ms


Any ideas what I can do next?

[schup]

I finally have a fix for my problem.

Found it in topic "All traffic not bound to specific interface leaves firewall as 0.0.0.0" -> https://forum.opnsense.org/index.php?topic=29992.0