Bug #3612: Packages through proxy doesn't work since change to HTTPS - pfSense - pfSense bugtracker

Custom queries

2.4.5-p1 - Resolved/Closed
2.5.0 - Resolved/Closed
2.5.1 - Resolved/Closed
2.5.2 - Resolved/Closed
2.6.0 - Resolved/Closed
2.7.0 - Resolved/Closed
2.7.1 - All Open Issues
2.7.1 - Resolved/Closed
2.7.2 - Resolved/Closed
2.8.0 - All Open Bugs
2.8.0 - All Open Features
2.8.0 - All Open Issues
2.8.0 - All Open Regressions
2.8.0 - Feedback
2.8.0 - Needs Attention
2.8.0 - New/Confirmed
2.8.0 - Pull Requests
2.8.0 - Regressions affecting 2.7.0
2.8.0 - Resolved/Closed
21.02.2/2.5.1 - Resolved/Closed
21.05 Plus - All Closed Issues
21.05.1 Plus Target - All Closed Issues
21.05.1 Target - All Closed Issues
22.01 Plus - All Closed Issues
22.01 Target - All Closed Issues
22.05 Plus - All Closed Issues
22.05 Target - All Closed Issues
23.01 Plus - All Closed Issues
23.01 Target - All Closed Issues
23.05 Plus - All Closed Issues
23.05 Target - All Closed Issues
23.05.1 Plus - All Closed Issues
23.05.1 Target - All Closed Issues
23.09 Plus - All Closed Issues
23.09 Target - All Closed Issues
23.09.1 Plus - All Closed Issues
23.09.1 Target - All Closed Issues
24.03 Plus - All Closed Issues
24.03 Target - All Closed Issues
24.07 Plus - All Closed Issues
24.07 Plus - All Open Issues
24.07 Plus - Feedback Issues
24.07 Plus - Needs Attention/Work
24.07 Plus - New/Confirmed/In Progress Issues
24.07 Plus - Pull Request Review
24.07 Plus - Waiting on Merge
24.07 Target - All Closed Issues
24.07 Target - All Open Issues
All Open Issues assigned to Me
All Open Pull Requests
Any Target - All Open Regressions
Any Target - Feedback Issues
CE-Next - All Closed Issues (Move to specific target)
CE-Next - All Open Issues
CE-Next - Feedback (Likely needs target changed)
New Issues by Category - Future Target
New Issues by Category - No Target
New Issues by Category - No Target+Future
No Target - All Open Issues (Base Only)
No Target - New Issues (Base Only)
No Target - New Issues (Base and Packages)
Release Notes - Plus Target Version (DO NOT EDIT)
Release Notes - Target Version (DO NOT EDIT)

Actions

Copy link

Bug #3612

closed

Packages through proxy doesn't work since change to HTTPS

Added by Chris Buechler about 10 years ago. Updated over 9 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Renato Botelho

Category:

Package System

Target version:

2.2

Start date:

04/20/2014

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.1.x

Affected Architecture:

Description

Since changing from HTTP to HTTPS for packages, it seems connectivity doesn't work if via a proxy. Multiple reports here:
https://forum.pfsense.org/index.php?topic=75265.0;topicseen

I haven't had a chance to test it yet myself via proxy. It reportedly does work just changing HTTPS to HTTP in globals.inc for packages.pfsense.org.

History
Notes
Property changes

Actions

Copy link

Updated by Chris Buechler about 10 years ago

Affected Version set to 2.1.x

Actions

Copy link

Updated by tall tree almost 10 years ago

I have just upgraded from 2.1 to 2.1.3 and now have this issue too. pfSense is configured to use an external proxy server in System: Advanced: Miscellaneous. The Proxy URL is of the form http://proxy.lan and the proxy port is set to 3128, the local squid proxy. That worked fine in 2.1 for both pfsense updates (I used it to upgrade to 2.1.3) and package lists and installation. Now I can still see the pfSense version update status on the System Information widget. But the Available Packages page gives this message:
Unable to communicate with https://packages.pfsense.org. Please verify DNS and interface configuration, and that pfSense has functional Internet connectivity.

Checking the logs on the squid proxy server, I see the following log for the pfSense version update status check:

1400767651.268      0 192.168.1.1 TCP_MEM_HIT/200 389 GET http://updates.pfsense.org/_updaters/amd64/version - NONE/- application/octet-stream

Checking for available packages shows the following proxy logs:

1400767664.876      0 192.168.1.1 NONE/501 2052 POST NONE://packages.pfsense.org:443/xmlrpc.php - NONE/- text/html
1400767667.873      0 192.168.1.1 NONE/501 2053 POST NONE://packages.pfsense.org:443/xmlrpc.php - NONE/- text/html

The thing that stands out for me there is the protocol type of NONE. I can't recall what all the squid log fields are, but surely the NONE:// should be https:// ??

Actions

Copy link

Updated by tall tree almost 10 years ago

I made the change to /etc/inc/globals.inc mentioned in the Bug Description and can successfully see the Available Packages. These are the squid proxy logs from that session:

1400768708.590      0 192.168.1.1 TCP_MEM_HIT/200 389 GET http://updates.pfsense.org/_updaters/amd64/version - NONE/- application/octet-stream
1400768777.921      0 192.168.1.1 NONE/501 2052 POST NONE://packages.pfsense.org:443/xmlrpc.php - NONE/- text/html
1400768780.982      0 192.168.1.1 NONE/501 2053 POST NONE://packages.pfsense.org:443/xmlrpc.php - NONE/- text/html
1400769199.880    512 192.168.1.1 TCP_MISS/200 1834 POST http://packages.pfsense.org/xmlrpc.php - DIRECT/208.123.73.88 text/html

I then went on to re-install nmap successfully. Here are the logs:

1400769501.671    516 192.168.1.1 TCP_MISS/200 2611 POST http://packages.pfsense.org/xmlrpc.php - DIRECT/208.123.73.88 text/html
1400769502.875   1195 192.168.1.1 TCP_MISS/200 11227 CONNECT packages.pfsense.org:443 - DIRECT/208.123.73.88 -
1400769511.064   7838 192.168.1.1 TCP_MISS/200 6083396 CONNECT files.pfsense.org:443 - DIRECT/208.123.73.81 -

And there we see that I've downloaded the package via https anyway.

Actions

Copy link