Re: [pfSense] IPSec phase2 network match clarification
Maybe it can be useful for others: basically the solution was using on pfsense side the larges possibile 10.128.0.0/16 network offered from the remote peer (checkpoint). I did not understand well IKEv2 traffic selectors. See https://wiki.strongswan.org/issues/2484 Enrico. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] haproxy Update
Hi there, i updated HAProxa from Version 1.7.9 to 1.8 via GUI. Afer upgrade haproxy seems not redirecting anymore. Are they known issues with upgrading to version 1.8? Cheers Daniel ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] haproxy Update
Hi, nope no mail notification is prepared. Just some simple http frontend and backends with SSL. Nothing special. I will spend more time in several days to see exactly what happen. Am 04.12.17, 13:04 schrieb "PiBa" : Hi Daniel, Is it consuming 100% of a cpu? Do you have mail alerts configured if so then disable those until 1.8.1 is made available. (it is released upstream.) Regards, PiBa-NL Op 4-12-2017 om 11:47 schreef Daniel: > Hi there, > > > > i updated HAProxa from Version 1.7.9 to 1.8 via GUI. > > Afer upgrade haproxy seems not redirecting anymore. > > Are they known issues with upgrading to version 1.8? > > > > Cheers > > > > Daniel > > > > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] single pfsense to ha conversion
I don't think it would qualify as "simple" since it involves setting up an additional interface on each as well as the CARP virtual IPs. If you're asking about linking your old router to a new router, the routers have to use the same hardware interface (NIC) names in order to sync firewall states (em0 to igb0 won't sync). -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Saturday, December 2, 2017 11:04 AM To: pfSense Support and Discussion Mailing List Subject: [pfSense] single pfsense to ha conversion Hi List, I just bought two pieces of sg-8860 netgate devices and planning to convert old unit to ha solution. Is there simple way to convert units to ha with a bit editing xml backup? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] single pfsense to ha conversion
Well. is that really so hard? thinking to add carp ip addresses and switching them to main addresses by editing xml backup and then restoring it to firewall.. I have same hardware (3* sg-8860). one for backup.. Eero 4.12.2017 17.49 "Steve Yates" kirjoitti: > I don't think it would qualify as "simple" since it involves setting up an > additional interface on each as well as the CARP virtual IPs. > > If you're asking about linking your old router to a new router, the > routers have to use the same hardware interface (NIC) names in order to > sync firewall states (em0 to igb0 won't sync). > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Saturday, December 2, 2017 11:04 AM > To: pfSense Support and Discussion Mailing List > Subject: [pfSense] single pfsense to ha conversion > > Hi List, > > I just bought two pieces of sg-8860 netgate devices and planning to convert > old unit to ha solution. > > Is there simple way to convert units to ha with a bit editing xml backup? > > -- > Eero > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] single pfsense to ha conversion
On Dec 4, 2017, at 8:11 AM, Eero Volotinen wrote: > > Well. is that really so hard? > > thinking to add carp ip addresses and switching them to main addresses by > editing xml backup and then restoring it to firewall.. > > I have same hardware (3* sg-8860). one for backup.. It depends on how complicated your setup is. If there were lots of interfaces and physical interface name changes, I might edit the configuration to change the interface names and the interface addresses (many people use .2 for the primary, .3 for the secondary, and .1 for the CARP VIP, for instance) but after that I would use the GUI to make the HASYNC interface, VIPs and configure HA. I would not try to configure the secondary that way. I would configure it from scratch and let the configuration for everything exceopt the interfaces, etc sync over. > > Eero > > 4.12.2017 17.49 "Steve Yates" kirjoitti: > >> I don't think it would qualify as "simple" since it involves setting up an >> additional interface on each as well as the CARP virtual IPs. >> >> If you're asking about linking your old router to a new router, the >> routers have to use the same hardware interface (NIC) names in order to >> sync firewall states (em0 to igb0 won't sync). >> >> -- >> >> Steve Yates >> ITS, Inc. >> >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >> Volotinen >> Sent: Saturday, December 2, 2017 11:04 AM >> To: pfSense Support and Discussion Mailing List >> Subject: [pfSense] single pfsense to ha conversion >> >> Hi List, >> >> I just bought two pieces of sg-8860 netgate devices and planning to convert >> old unit to ha solution. >> >> Is there simple way to convert units to ha with a bit editing xml backup? >> >> -- >> Eero >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] single pfsense to ha conversion
well. my plan was to add first carp vip addresses to old configuration with gui and then switching them to main addresses using search and replace. and then just restore config to main firewall and use config sync to replicate it to secondary.. -- Eero 2017-12-04 18:41 GMT+02:00 Chris L : > On Dec 4, 2017, at 8:11 AM, Eero Volotinen wrote: > > > > Well. is that really so hard? > > > > thinking to add carp ip addresses and switching them to main addresses by > > editing xml backup and then restoring it to firewall.. > > > > I have same hardware (3* sg-8860). one for backup.. > > It depends on how complicated your setup is. > > If there were lots of interfaces and physical interface name changes, I > might edit the configuration to change the interface names and the > interface addresses (many people use .2 for the primary, .3 for the > secondary, and .1 for the CARP VIP, for instance) but after that I would > use the GUI to make the HASYNC interface, VIPs and configure HA. > > I would not try to configure the secondary that way. I would configure it > from scratch and let the configuration for everything exceopt the > interfaces, etc sync over. > > > > > Eero > > > > 4.12.2017 17.49 "Steve Yates" kirjoitti: > > > >> I don't think it would qualify as "simple" since it involves setting up > an > >> additional interface on each as well as the CARP virtual IPs. > >> > >> If you're asking about linking your old router to a new router, the > >> routers have to use the same hardware interface (NIC) names in order to > >> sync firewall states (em0 to igb0 won't sync). > >> > >> -- > >> > >> Steve Yates > >> ITS, Inc. > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotinen > >> Sent: Saturday, December 2, 2017 11:04 AM > >> To: pfSense Support and Discussion Mailing List > > >> Subject: [pfSense] single pfsense to ha conversion > >> > >> Hi List, > >> > >> I just bought two pieces of sg-8860 netgate devices and planning to > convert > >> old unit to ha solution. > >> > >> Is there simple way to convert units to ha with a bit editing xml > backup? > >> > >> -- > >> Eero > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] single pfsense to ha conversion
> On Dec 4, 2017, at 9:07 AM, Eero Volotinen wrote: > > well. my plan was to add first carp vip addresses to old configuration with > gui and then > switching them to main addresses using search and replace. > > and then just restore config to main firewall and use config sync to > replicate it to secondary.. > > I guess do whatever feels right then. > -- > Eero > > 2017-12-04 18:41 GMT+02:00 Chris L : > >> On Dec 4, 2017, at 8:11 AM, Eero Volotinen wrote: >>> >>> Well. is that really so hard? >>> >>> thinking to add carp ip addresses and switching them to main addresses by >>> editing xml backup and then restoring it to firewall.. >>> >>> I have same hardware (3* sg-8860). one for backup.. >> >> It depends on how complicated your setup is. >> >> If there were lots of interfaces and physical interface name changes, I >> might edit the configuration to change the interface names and the >> interface addresses (many people use .2 for the primary, .3 for the >> secondary, and .1 for the CARP VIP, for instance) but after that I would >> use the GUI to make the HASYNC interface, VIPs and configure HA. >> >> I would not try to configure the secondary that way. I would configure it >> from scratch and let the configuration for everything exceopt the >> interfaces, etc sync over. >> >>> >>> Eero >>> >>> 4.12.2017 17.49 "Steve Yates" kirjoitti: >>> I don't think it would qualify as "simple" since it involves setting up >> an additional interface on each as well as the CARP virtual IPs. If you're asking about linking your old router to a new router, the routers have to use the same hardware interface (NIC) names in order to sync firewall states (em0 to igb0 won't sync). -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Saturday, December 2, 2017 11:04 AM To: pfSense Support and Discussion Mailing List >> Subject: [pfSense] single pfsense to ha conversion Hi List, I just bought two pieces of sg-8860 netgate devices and planning to >> convert old unit to ha solution. Is there simple way to convert units to ha with a bit editing xml >> backup? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold >>> ___ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
Hi. I upgraded a production SG-2440 running pfSense 64-bit 2.3.5 to 2.4.2 using the web GUI. There were no packages installed. It appeared to update OK, and rebooted afterwards. However it came back as version 2.3.5 and now says it's on the latest version, despite going to the update page and re-saving. Choosing "Update from console" gives the following: "Updating pfSense-core repository catalogue... pkg-static: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory pkg-static: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_amd64-core/meta.txz: No address record repository pfSense-core has no meta file, using default settings pkg-static: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_amd64-core/packagesite.txz: No address record Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg-static: Repository pfSense load error: access repo file(/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory pkg-static: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_amd64-pfSense_factory-v2_4_2/meta.txz: No address record repository pfSense has no meta file, using default settings pkg-static: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_amd64-pfSense_factory-v2_4_2/packagesite.txz: No address record Unable to update repository pfSense Error updating repositories! If I run "pkg update -f" I get this error: Shared object "libssl.so.8" not found, required by "pkg" These commands give the same repository error messages as aobve: pkg-static update –f pkg-static upgrade –f I don't have physical access to the device. So far, ostensibly, it appears to be running OK; I'm VPNd in. Has anyone any ideas that might help please? Thanks -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
Can you ssh into device and drop to shell? Eero 2017-12-04 21:19 GMT+02:00 Pete Boyd : > Hi. I upgraded a production SG-2440 running pfSense 64-bit 2.3.5 to > 2.4.2 using the web GUI. There were no packages installed. It appeared > to update OK, and rebooted afterwards. However it came back as version > 2.3.5 and now says it's on the latest version, despite going to the > update page and re-saving. > > Choosing "Update from console" gives the following: > > "Updating pfSense-core repository catalogue... > > pkg-static: Repository pfSense-core load error: access repo > file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or > directory > > pkg-static: > https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_ > amd64-core/meta.txz: > No address record > repository pfSense-core has no meta file, using default settings > > pkg-static: > https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_ > amd64-core/packagesite.txz: > No address record > > Unable to update repository pfSense-core > > Updating pfSense repository catalogue... > > pkg-static: Repository pfSense load error: access repo > file(/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory > > pkg-static: > https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_ > amd64-pfSense_factory-v2_4_2/meta.txz: > No address record > repository pfSense has no meta file, using default settings > > pkg-static: > https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_ > amd64-pfSense_factory-v2_4_2/packagesite.txz: > No address record > > Unable to update repository pfSense > > Error updating repositories! > > If I run "pkg update -f" I get this error: > Shared object "libssl.so.8" not found, required by "pkg" > > These commands give the same repository error messages as aobve: > pkg-static update –f > pkg-static upgrade –f > > I don't have physical access to the device. > So far, ostensibly, it appears to be running OK; I'm VPNd in. > > Has anyone any ideas that might help please? > Thanks > > > -- > Pete Boyd > > Open Plan IT - http://openplanit.co.uk > The Golden Ear - http://thegoldenear.org > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
On 04/12/2017 19:52, Eero Volotinen wrote: > Can you ssh into device and drop to shell? Yes, that's where I've been trying the pkg-static commands. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
I got similar problems on my device :) reinstalled it with 2.4.2 and did restore from backup. Anyway, do you have strace or similar tools installed in the box? Eero 2017-12-04 21:57 GMT+02:00 Pete Boyd : > On 04/12/2017 19:52, Eero Volotinen wrote: > > Can you ssh into device and drop to shell? > > Yes, that's where I've been trying the pkg-static commands. > > > > -- > Pete Boyd > > Open Plan IT - http://openplanit.co.uk > The Golden Ear - http://thegoldenear.org > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
That sounds like what I saw a couple of times now. If you ssh to the device and pick the option to update from its console menu, does it update there? Also see: https://forum.pfsense.org/index.php?topic=135078.msg739919#msg739919 ...in which I linked to: https://forum.pfsense.org/index.php?topic=125873.msg695386#msg695386 -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Pete Boyd Sent: Monday, December 4, 2017 1:19 PM To: pfSense Support and Discussion Mailing List Subject: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository Hi. I upgraded a production SG-2440 running pfSense 64-bit 2.3.5 to 2.4.2 using the web GUI. There were no packages installed. It appeared to update OK, and rebooted afterwards. However it came back as version 2.3.5 and now says it's on the latest version, despite going to the update page and re-saving. Choosing "Update from console" gives the following: "Updating pfSense-core repository catalogue... pkg-static: Repository pfSense-core load error: access repo file(/var/db/pkg/repo-pfSense-core.sqlite) failed: No such file or directory pkg-static: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_amd64-core/meta.txz: No address record repository pfSense-core has no meta file, using default settings pkg-static: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_amd64-core/packagesite.txz: No address record Unable to update repository pfSense-core Updating pfSense repository catalogue... pkg-static: Repository pfSense load error: access repo file(/var/db/pkg/repo-pfSense.sqlite) failed: No such file or directory pkg-static: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_amd64-pfSense_factory-v2_4_2/meta.txz: No address record repository pfSense has no meta file, using default settings pkg-static: https://firmware.netgate.com/pkg/pfSense_factory-v2_4_2_amd64-pfSense_factory-v2_4_2/packagesite.txz: No address record Unable to update repository pfSense Error updating repositories! If I run "pkg update -f" I get this error: Shared object "libssl.so.8" not found, required by "pkg" These commands give the same repository error messages as aobve: pkg-static update –f pkg-static upgrade –f I don't have physical access to the device. So far, ostensibly, it appears to be running OK; I'm VPNd in. Has anyone any ideas that might help please? Thanks -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
strace isn't installed, no packages are installed. Ideally I'd like to recover this to 2.3.5 or 2.4.2 if possible. I'd like to not have to do a fresh install and restore of config if possible, though I can get local people brought in to do that, or have it posted to me. People on site can draft in the spare pfSense PC if need be tomorrow. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
It might be possible to transfer static version of strace to box via ssh. this might a bit tricky, but .. -- Eero 2017-12-04 22:11 GMT+02:00 Pete Boyd : > strace isn't installed, no packages are installed. > > Ideally I'd like to recover this to 2.3.5 or 2.4.2 if possible. > I'd like to not have to do a fresh install and restore of config if > possible, though I can get local people brought in to do that, or have > it posted to me. > People on site can draft in the spare pfSense PC if need be tomorrow. > > > > -- > Pete Boyd > > Open Plan IT - http://openplanit.co.uk > The Golden Ear - http://thegoldenear.org > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
On 04/12/2017 20:11, Steve Yates wrote: > If you ssh to the device and pick the option to update from its console menu, > does it update there? No, those package repository errors are what I'm seeing when doing that. I tried the swapping to different repositories in the GUI, trying update from console, back and forth, as described in the page you linked to, but that hasn't helped, each time it has the same repository errors. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
uname -a says this is FreeBSD 11.1-RELEASE-p4 RELENG_2_4 -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
The "no address record" error is interesting... Do you have functional DNS from the CLI? -Adam On December 4, 2017 2:29:09 PM CST, Pete Boyd wrote: >On 04/12/2017 20:11, Steve Yates wrote: >> If you ssh to the device and pick the option to update from its >console menu, does it update there? > >No, those package repository errors are what I'm seeing when doing >that. > >I tried the swapping to different repositories in the GUI, trying >update >from console, back and forth, as described in the page you linked to, >but that hasn't helped, each time it has the same repository errors. > > > >-- >Pete Boyd > >Open Plan IT - http://openplanit.co.uk >The Golden Ear - http://thegoldenear.org >___ >pfSense mailing list >https://lists.pfsense.org/mailman/listinfo/list >Support the project with Gold! https://pfsense.org/gold -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
is dns (nameresolution) working correctly? Eero 4.12.2017 22.29 "Pete Boyd" kirjoitti: > On 04/12/2017 20:11, Steve Yates wrote: > > If you ssh to the device and pick the option to update from its console > menu, does it update there? > > No, those package repository errors are what I'm seeing when doing that. > > I tried the swapping to different repositories in the GUI, trying update > from console, back and forth, as described in the page you linked to, > but that hasn't helped, each time it has the same repository errors. > > > > -- > Pete Boyd > > Open Plan IT - http://openplanit.co.uk > The Golden Ear - http://thegoldenear.org > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
On 04/12/2017 20:39, Adam Thompson wrote: > Do you have functional DNS from the CLI? No, I can't ping google.com or localdomain names. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
Well, that explains why the rest isn't working. Fix DNS and you problems will (hopefully) go away. -Adam On December 4, 2017 2:41:25 PM CST, Pete Boyd wrote: >On 04/12/2017 20:39, Adam Thompson wrote: >> Do you have functional DNS from the CLI? > >No, I can't ping google.com or localdomain names. > > > >-- >Pete Boyd > >Open Plan IT - http://openplanit.co.uk >The Golden Ear - http://thegoldenear.org -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
Great, thank you. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
well. for temporary fix, try hardcoding needed hostnames in /etc/hosts and check also that your firewall rules allow access to dns server 53/udp and tcp. Eero 4.12.2017 22.41 "Pete Boyd" kirjoitti: > On 04/12/2017 20:39, Adam Thompson wrote: > > Do you have functional DNS from the CLI? > > No, I can't ping google.com or localdomain names. > > > > -- > Pete Boyd > > Open Plan IT - http://openplanit.co.uk > The Golden Ear - http://thegoldenear.org > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
Ah, I misread your message, sorry. Per the other posters, check to see if your DNS resolver or forwarder service is running. At one point I had DNS stop working during an upgrade and it caused problems. I want to say it was when updating the second (primary) router, because the DNS on the other took its 2 seconds to time out after every request. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Pete Boyd Sent: Monday, December 4, 2017 2:29 PM To: list@lists.pfsense.org Subject: Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository On 04/12/2017 20:11, Steve Yates wrote: > If you ssh to the device and pick the option to update from its console menu, > does it update there? No, those package repository errors are what I'm seeing when doing that. I tried the swapping to different repositories in the GUI, trying update from console, back and forth, as described in the page you linked to, but that hasn't helped, each time it has the same repository errors. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
On 04/12/2017 20:48, Eero Volotinen wrote: > well. for temporary fix, try hardcoding needed hostnames in /etc/hosts and > check also that your firewall rules allow access to dns server 53/udp and > tcp. Thanks for your help, everyone. I have to do something else for a while but will get back to this a bit later. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
I'm not sure where to look for a DNS Forwarder issue. I tried restarting the service. I looked in firewall rules for WAN. I changed DNS servers in System > General Setup to Google Public DNS. I tried turning this off: DNS Server Override [ ] Allow DNS server list to be overridden by DHCP/PPP on WAN I tried enabling this: Disable DNS Forwarder [*] Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall I turned the latter 2 back. I rebooted, and it didn't come back. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
well. ssh into box and cat /etc/resolv.conf to see nameserver addresses. if it contains 127.0.0.1 entry, then it is using dnsmasq/unbound or similar dns cache. I think it is under services tab.. Eero 4.12.2017 23.56 "Pete Boyd" kirjoitti: > I'm not sure where to look for a DNS Forwarder issue. > I tried restarting the service. > I looked in firewall rules for WAN. > I changed DNS servers in System > General Setup to Google Public DNS. > > I tried turning this off: > DNS Server Override [ ] Allow DNS server list to be overridden by > DHCP/PPP on WAN > > I tried enabling this: > Disable DNS Forwarder [*] Do not use the DNS Forwarder/DNS Resolver as a > DNS server for the firewall > > I turned the latter 2 back. I rebooted, and it didn't come back. > > > > > -- > Pete Boyd > > Open Plan IT - http://openplanit.co.uk > The Golden Ear - http://thegoldenear.org > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository
On 04/12/2017 22:08, Eero Volotinen wrote: > well. ssh into box and cat /etc/resolv.conf to see nameserver addresses. if > it contains 127.0.0.1 entry, then it is using dnsmasq/unbound or similar > dns cache. Thanks for your help. If it comes back after people on site power cycle it tomorrow then I'll check that. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
