Menu

pfSense: “Unable to check for updates”

May 6, 2014 |  by  |  Computer Stuff, Doku    , , , , , ,

What to do if pfSense says that it is unable to check for updates.

The situation was:

  • pfSense was throwing the error message “Unable to check for updates” at the dashboard and at the “Auto Update”-tab.
  • traffic to and from the internet was passing through my pfSense-box
  • DNS-resolution was working for hosts at the LAN-interface

pfSense - Updater SettingsThe first thing which wasn’t correctly configured was the “Updater Settings” under “firmware” – “Updater Settings”-tab. I needed to select the “Firmware Branch” with the drop-down labeled “Default Auto Update URLs”. In my case it’s “pfSense amd64 stable updates (current architecture)” which automatically populates the “Base URL” in the “Firmware Auto Update URL”-section and also ticks “Use an unofficial server for firmware upgrades” (btw. why unofficial?).

After that, the situation was the same as above, only that I now had the Base URL “http://updates.pfsense.org/_updaters/amd64” in the Update URL text box. In the pfSense-diagnostics my pfSense-box was able to ping and traceroute “updates.pfsense.org”. I’ve been able to resolve and browse that URL from a PC behind the LAN-interface but pfSense was still complaining that it is “Unable to check for updates” at the dashboard and at the “Auto Update”-tab.

pfSense WAN-interface settingsThen I have corrected another issue at the WAN-interface configuration. Since my pfSense-box is sitting between a FritzBox and my local networks, I have unticked “Block private networks” since my gateway is in a private IP-address-range (10.0.0.X/24). I still wonder why my setup was working initially because as I understand this option, it should have blocked traffic from all private IP-ranges. I also have unticked “Block bogon networks” because (in my case) the source will allways be my FritzBox in 10.0.0.X/24.

pfSense DNS-Forwarder settingsThe root of the problem was hiding in the settings for the DNS-forwarder under “Services” – “DNS-Forwarder”. Since the option “Strict Interface Binding” was selected, I had to select “localhost” under “Interfaces” for that my pfSense-box was able to resolve “updates.pfsense.org”. After that change everything was working fine and I’ve been able to run the “Auto Updater” successfully.

 

3 Comments


  1. Thanks for this article! This fixed one of my pfsense installations which stopped showing the auto-update status after I set up DNSforwarder. Without realizing it, I had checked LAN/LANipv6 which made the auto-updater stop working. Checking ALL interfaces made this work again.

    • Thank you for your comment, glad to help you, you are very welcome! =)

      You might want to check if you now offer DNS on your WAN-Interface too, which might expose your DNS-server to the internet.

  2. Had a problem with the updater not working on a CARP slave and found I accidentally set the net bits to /1 on the WAN. Fixed a lot of annoyances when I corrected that. ;-p

Leave a Reply

Comment moderation is enabled, no need to resubmit any comments posted.