Automatic updates not working through NAT?


When i connect the router behind a firewall with NAT i get an error message from the updater on boot.

Updater failed:
unreachable: /tmp/crl.pem: No such file or directory

I can manually download the crl.pem using get-api-crl and i have verified full dual stack connectivity. Tried disabling the IPv6 and changing DNS settings, but same result.

If i put the router on a static public IP outside the firewall it seem to work fine. I get no error message on boot, but i don’t know how to verify the update.

Is this working as intended? To me it looks like the router has issues getting the crl.pem when behind NAT, but on the other hand the “get-api-crl” works…


I have a feeling, it is related to problems with Turris OS 3.6. I have seen this error message in Forris. When I have disabled and then re-enabled autoupdates, I got fixed Turris OS 3.6.1, and it is fine now.

Just disable automatic updates for good. It doesn’t do anything except break the router in new unexpected ways when you need to get work done.