Unable to update system

Carl55 · February 6, 2025, 9:36pm

We have a lot of Servers running Freepbx 16.0.40.11 and we are unable to update with system update for about 2 weeks… the error is : Unable to run ‘yum check-updates’, can’t check for updates

if I try to run this command via SSH…
there is the error…
Loaded plugins: fastestmirror, versionlock
Loading mirror speeds from cached hostfile
http://sng7.com/os/7.8/os/x86_64/repodata/repomd.xml: [Errno 14] curl#7 - “Failed to connect to 2606:4700:130:436c:6f75:6466:6c61:7265: Network is unreachable”
Trying other mirror.

Is there something wrong with the update server ?
Thank you

slobera · February 6, 2025, 10:06pm

It’s odd, looks like it’s trying to connect to an ipv6 ip.
Can you ping sng7.com from the cli and see if it resolves correctly?

jfinstrom · February 7, 2025, 2:44am

When I worked at Sangoma years ago they had no external IPv6 addresses and there was no planned compatibility. You will probably need to enable ipv4 or use a 6to4 proxy… That said I do believe they moved their infrastructure behind cloudflare and that should ™ handle this

Carl55 · February 7, 2025, 12:38pm

Thank you all for your responses.
here’s what the ping on the cli does…
ping sng7 .com
PING sng7 . com (172.64.80.1) 56(84) bytes of data.
and it doesn’t ping at all… ???

shahin · February 7, 2025, 12:41pm

Your Ping command is wrong…
Try

$ ping sng7.com
PING sng7.com (172.67.205.241): 56 data bytes
64 bytes from 172.67.205.241: icmp_seq=0 ttl=60 time=10.820 ms
64 bytes from 172.67.205.241: icmp_seq=1 ttl=60 time=7.754 ms
^C
--- sng7.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 7.754/9.287/10.820/1.533 ms

And check dig command…

$ dig sng7.com
; <<>> DiG 9.10.6 <<>> sng7.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40282
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sng7.com.			IN	A

;; ANSWER SECTION:
sng7.com.		188	IN	A	104.21.22.170
sng7.com.		188	IN	A	172.67.205.241

;; Query time: 5 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Feb 07 12:42:08 GMT 2025
;; MSG SIZE  rcvd: 69

BlazeStudios · February 7, 2025, 1:02pm

Both ping and dig will default to either IPv4 or A records. If the system has IPv6 enabled then the system is most likely preferring it over IPv4 when attempting to reach the mirrors.

root@fpbx17-dev:/var/www/html/admin# ping -6 sng7.com
PING sng7.com(2606:4700:3036::6815:16aa (2606:4700:3036::6815:16aa)) 56 data bytes
64 bytes from 2606:4700:3036::6815:16aa (2606:4700:3036::6815:16aa): icmp_seq=1 ttl=58 time=1.06 ms
64 bytes from 2606:4700:3036::6815:16aa (2606:4700:3036::6815:16aa): icmp_seq=2 ttl=58 time=1.09 ms
^C
--- sng7.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.059/1.076/1.093/0.017 ms

root@fpbx17-dev:/var/www/html/admin# dig AAAA sng7.com

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> AAAA sng7.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9168
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;sng7.com.                      IN      AAAA

;; ANSWER SECTION:
sng7.com.               292     IN      AAAA    2606:4700:3036::6815:16aa
sng7.com.               292     IN      AAAA    2606:4700:3036::ac43:cdf1

;; Query time: 0 msec
;; SERVER: 108.61.10.10#53(108.61.10.10) (UDP)
;; WHEN: Fri Feb 07 12:59:49 UTC 2025
;; MSG SIZE  rcvd: 93

Carl55 · February 7, 2025, 1:08pm

and the dig result:

Carl55 · February 7, 2025, 1:08pm

heres the ping command result:

shahin · February 7, 2025, 1:57pm

Thanks fro sharing Tom, I think if i enable IPv6 from router will get same result as yours.
But for now selected to be disable. ( personal choose )

shahin · February 7, 2025, 2:00pm

Do you have any Ping restrictions for Outbound ? what about,
ping 8.8.8.8
and
ping google.com

slobera · February 7, 2025, 2:05pm

@Carl55 go ahead and open a case in https://help.sangoma.com/community/s/create-a-support-ticket

Give me the case number and I will work with you on that.

BlazeStudios · February 7, 2025, 2:41pm

Why does there need to be a support ticket for this?

Also, has no one else noticed that @Carl55’s DNS resolution doesn’t match what is actually in the sng7.com results?

A record results

sng7.com.               300     IN      A       172.67.205.241
sng7.com.               300     IN      A       104.21.22.170

AAAA record results

sng7.com.               292     IN      AAAA    2606:4700:3036::6815:16aa
sng7.com.               292     IN      AAAA    2606:4700:3036::ac43:cdf1

The IPv6 IP resolved by @Carl55’s system: 2606:4700:130:436c:6f75:6466:6c61:7265
The IPv4 IP resolved by @Carl55’s system: 172.64.80.1

Now I have no problem pinging either of those IPs that fail for @Carl55 from various servers and my own home network (IPv6 and IPv4).

@slobera so a simple question, are the two IPs being attempted by @Carl55 actual IPs used by Sangoma? Also, why is this particular system returning those IPs when resolving sng7.com that don’t exist in the sng7.com zone file?

slobera · February 7, 2025, 2:45pm

The ip it’s resolving it’s from Cloudflare, you can try to do the following @Carl55

nano /etc/hosts
Add this line: 172.67.205.241 sng7.com
Retry

BlazeStudios · February 7, 2025, 2:48pm

Correct and it still doesn’t answer the question. Would this IP be used for any services Sangoma is using, even if provided by Cloudflare?

slobera · February 7, 2025, 2:51pm

I am not sure if Sangoma is using (or was) that ip for any service, I can ask to the IT guys, not sure why the system would be resolving that ip though.

That’s why I offer to work with him on a case.
He is not using a “known” dns server, it could be something in his dns resolving that ip (not sure why)

Can you try to use dig but with 8.8.8.8 ?

dig @8.8.8.8 sng7.com A

Carl55 · February 7, 2025, 3:00pm

it work !!!
thank you !

slobera · February 7, 2025, 3:02pm

So probably something is wrong on your DNS, just as a test, can you please run this command?

dig @8.8.8.8 sng7.com A

BlazeStudios · February 7, 2025, 3:05pm

Yes because none of the SNG7 I manage resolve to that IP. They all resolve to one of the IPv4 (they only have IPv4) addresses in the zone file.

You mean a public DNS server? Some of the systems I tested from don’t use public DNS services.

Exactly, which is where the troubleshooting should be focused. What DNS servers are in use by the system and can they be tested from the outside to validate.

Modifying /etc/hosts will negate the system using DNS servers for the lookup since it was resolved locally.

slobera · February 7, 2025, 3:09pm

Yeah, so the dig screenshot he shared was using this ip as the resolver: 10.80.0.30 (probably his router, but i have no idea which dns is being used from there)

The /etc/hosts it’s just a workaround
Probably the best idea is to configure /etc/resolv.conf and remove 10.80.0.30 as their DNS and use a public dns server instead (unless they are forcing in their router to use a specific dns)

shahin · February 7, 2025, 3:13pm

I never liked to edit relolve.conf or hosts,. For me this is not a fix the core DNS issue just hiding or walk around ( temporarily fix. ) Tomorrow gonna have for another issue for DNS…