Networking

pfSense CE has broken package manager on Azure

How to fix a broken package manager on pfSense CE running in Azure

Jamie Booth

2 min read

The Scenario

I was trying to save some money by replacing my Azure VPN Gateways with a free alternative. I saw the pfSense Plus VM in the marketplace, but they wanted ~$35/mo + Azure compute costs to run it. That's $10/mo more expensive than the VPN gateway without compute factored in. I started looking at how I could run the Community Edition (free) on Azure. There are several good tutorials on doing this and I won't cover it here.

The issue

What I want to address today is a "quirk" with the package manager when you run the VM on Azure. The issue presents as the update manager being blank and the package manager generating an error. If you try to manually run the commands or check the logs, you see this error:

cp: /usr/local/etc/pkg/repos/pfSense.conf: No such file or directory

It seems that something in the package wrapper script provided by Netgate wipes out the config. I won't speculate on why it does this, but Netgate says pfSense Plus has "enhancements" for Azure.

The fix

To fix the issue if you have a broken pfSense CE install in Azure, run the commands below:

cp /usr/local/share/pfSense/pkg/repos/pfSense-repo.conf /usr/local/etc/pfSense/pkg/repos/pfSense-repo-2.7.2.conf
cp /usr/local/share/pfSense/pkg/repos/pfSense-repo.conf.default /usr/local/etc/pfSense/pkg/repos/pfSense-repo-2.7.2.default
cp /usr/local/share/pfSense/pkg/repos/pfSense-repo.descr /usr/local/etc/pfSense/pkg/repos/pfSense-repo-2.7.2.descr
echo '2.7.2' > /usr/local/etc/pfSense/pkg/repos/pfSense-repo-2.7.2.name

mv /usr/local/sbin/pfSense-repoc /usr/local/sbin/pfSense-repoc.orig
mv /usr/local/sbin/pfSense-repoc-static /usr/local/sbin/pfSense-repoc.oric-static.orig

touch /usr/local/sbin/pfSense-repoc
chmod +x /usr/local/sbin/pfSense-repoc
cp /usr/local/sbin/pfSense-repoc /usr/local/sbin/pfSense-repoc-static

You can run these commands individually from Diagnostics->Command Prompt section of the WebConfigurator. It basically disables the pfSense-reproc script that seems to cause the issue and restores the repo config.

Source

The script above comes from this post on the Netgate forums. All credit goes to the commenter in that thread who figured this out.

“Branch” dropdown empty, /usr/local/etc/pfSense/pkg/repos/ empty - 2.7.2 CE
Narrowed it down to pfSense-repoc and pfSense-repoc-static deleting the content of /usr/local/etc/pfSense/pkg/repos/ whenever it’s run. The command doesn’t d…
Netgate ForumMcNubblet