Cannot install pbr package on TOS 7.0

Hello,

I have an issue installing pbr package, it seem I have a conflict with vpn-policy-routing. But, I already uninstalled that package.

Below the error:

Collected errors:
 * check_conflicts_for: The following packages conflict with pbr:
 * check_conflicts_for: 	vpn-policy-routing * 
 * opkg_install_cmd: Cannot install package pbr.

Turris version:

NAME="TurrisOS"
VERSION="7.0.0"
ID="turrisos"
ID_LIKE="lede openwrt"
PRETTY_NAME="TurrisOS 7.0.0"
VERSION_ID="7.0.0"
HOME_URL="https://www.turris.cz/"
BUG_URL="https://gitlab.nic.cz/groups/turris/-/issues/"
SUPPORT_URL="https://www.turris.cz/support/"
BUILD_ID="r20300+124-3547565f24"
OPENWRT_BOARD="mvebu/cortexa9"
OPENWRT_ARCH="arm_cortex-a9_vfpv3-d16"
OPENWRT_TAINTS="busybox"
OPENWRT_DEVICE_MANUFACTURER="CZ.NIC"
OPENWRT_DEVICE_MANUFACTURER_URL="https://www.turris.cz/"
OPENWRT_DEVICE_PRODUCT="Turris Omnia"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="TurrisOS 7.0.0 3547565f245479dc1643ea66828fb55635d49051"

Any idea ?

Try pbr-iptables instead. Turris 7.0 still uses iptables while the underlying Openwrt 22.03 switched to nftables.

I gave a try to pbr-iptables but I got the same error:

Collected errors:
 * check_conflicts_for: The following packages conflict with pbr-iptables:
 * check_conflicts_for: 	vpn-policy-routing * 
 * opkg_install_cmd: Cannot install package pbr-iptables.

The thing is I uninstalled vpn-policy-routing and I tried to find some left-over like the following:

$ find / -name -xdev "vpn-policy*"
$ grep -rnHi policy /etc

Nothing found…

Does someone have any idea about uninstalling properly vpn-policy-routing ?

That’s right, as noted here (‘We are still keeping iptables’).

But when pbr-iptables are installed - the luci-app-pbr can’t be because it does take as dependency the newest PBR (info: pbr (20.49 KiB) Not installed) and that is in conflict with the pbr-iptables already installed.

So only manual config in /etc/config/pbr is possible so far.

While in it, on latest HBS, did install pbr-iptables.

After config edited for some host, from LuCI the start/restart throw:

Failed to execute "/etc/init.d/pbr restart" action: Command failed

and if

/etc/init.d/pbr start
ERROR: iptables binary cannot be found!

Fresh install, source is from Turris default repos, not manual import from developer.

So probably it won’t work from scratch even if you get rid of previous solution.

Before factory reset however I did somehow run PRB from stangry repo on HBT.

Don’t know yet, what is wrong now.


While in LuCi all seems OK, in reForis the notification informing me about uninstalling packages - as waiting for confirmation (because have stopped for few days automatic updates).

After approval:

Updater execution failed:
WARN:Couldn't read the status file: [string "backend"]:1226: [string "backend"]:278: attempt to concatenate local 'pkg_name' (a nil value)
INFO:Target Turris OS: 7.0.2
WARN:Request not satisfied to install package: luci-i18n-pbr-cs
WARN:Request not satisfied to install package: luci-i18n-pbr-en
WARN:Request not satisfied to install package: luci-i18n-pbr-de
WARN:Requested package reforis-librespeed-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package reforis-diagnostics-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package reforis-snapshots-plugin-l10n-de that is missing, ignoring as requested.
line not found
line not found
line not found
ERROR:
[string "backend"]:1226: [string "backend"]:278: attempt to concatenate local 'pkg_name' (a nil value)

Just installing&uninstalling pbr and luci app companion maybe helped me into this fail.

Rollback few snapshots needed unless after triggering manual update process won’t throw this error.

Also it caused connection loss.

It seems it was a mistake to buy the Turris Omnia.

Well, it’s possible to install just OpenWRT - it’s still great HW, especially the used ones are good price/performance option.

use forum search. topic is discussed very often and there is a workaround

The workaround is for VPN policy - there is PBR for iptables - that is what I would like to install.

Did search forum - you talking probably about this - if changes performed for PBR it does not install the “luci-app-pbr”.

After pkgupdate: INFO:Queue install of pbr-iptables/turris-hbt-packages/1.1.1-7

The vpn-policy.lua file in /etc/updater/conf.d/ is as:

for Omnia

Repository('turris-hbt-packages', 'https://repo.turris.cz/hbs/omnia/packages/packages/', {
        priority = 40,
        ocsp = false,
        pubkey = "file:///etc/updater/keys/release.pub"
})

Repository('turris-hbt-luci', 'https://repo.turris.cz/hbs/omnia/packages/luci/', {
        priority = 40,
        ocsp = false,
        pubkey = "file:///etc/updater/keys/release.pub"
})

Install("pbr-iptables", {repository = {'turris-hbt-packages'}})
Install("luci-app-pbr", {repository = {'turris-hbt-luci'}})

for Turris 1.X:

Repository('turris-652-packages', 'https://repo.turris.cz/archive/6.5.2/turris1x/packages/packages', {
        priority = 40,
        ocsp = false,
        pubkey = "file:///etc/updater/keys/release.pub"
})

Repository('turris-652-luci', 'https://repo.turris.cz/archive/6.5.2/turris1x/packages/luci', {
        priority = 40,
        ocsp = false,
        pubkey = "file:///etc/updater/keys/release.pub"
})

Install("vpn-policy-routing", {repository = {'turris-652-packages'}})
Install("luci-app-vpn-policy-routing", {repository = {'turris-652-luci'}})

Will try the VPN policy later on - and it’s working.

The PRB 1.1.7 in general requiring Fw4 Nft File Mode (docs : This mode is the only operating mode in version 1.1.7.)

Well Fw4 does need ‘nftables’ and that is not compatible with iptables thus.

A bit weird the ‘luci-app-pbr_1.1.1-7_all.ipk’ companion enforce this despite the iptables version is installed and on top of that it’s mainly UI/config shortcut - but it is what it is.