DNS resolving self-test doesn't work [Partially solved]

Why 443/9000? I wrote, it doesnt work for me even from http port…

@Pepe I just tried to obscure my ip like that. Normally there is some valid ip address here.

I also checked with the latest version of check_connection from gitlab:
https://gitlab.labs.nic.cz/turris/openwrt/raw/test/package/base-files/files/sbin/check_connection
Same result. Everything ends up with an error message.

root@turris:~# check_connection
Pinging 37.109.128.xx … FAILED
IPv4 Gateway: FAILED
IPv4: FAILED
IPv6 Gateway: FAILED
IPv6: FAILED
DNS: FAILED
DNSSEC: FAILED

Ok there is a progress. I’ve deleted the exception for self signed cert. And I tried to connect like this first:
https://192.168.13.37:9443/foris/config/ (in my case) and I successfully added exception for port 9443 and then same story for default ssl port https://192.168.13.37/foris/config/. And after that I am no longer “stuck at loading” via HTTPS when I try to test connection.

@Jirka @guinhas @honzakrivohlavy you should all try that solution I marked as well.

But still I do get this error in every case. So is it a DNS problem then? @vcunat ?

The test seems to show worse breakage than just DNS.

@vcunat You might be just right.

I just checked with my other modem that acts like a small router; connecting via DHCP and ‘double NAT’. And when I check_connection on it it’s fine. Everything works except IPv6 but that’s fine I just get IPv4 from ISP.

Test_ok1067×552 35.2 KB

I will try to check some more and update here…

Here is topic where I explain my -strange someone might say- way to access the Internets.

EDIT: Yup I just checked it seems like an error comes from a (not yet!)-supported protocol. I thought it’s related to that, that my WAN was set on different interface name but if it’s on wan it’s the same problem.

config interface 'wan'
option ifname 'wan'
[...]
option proto 'ncm'
[...]

Turris 3.9.6, DNS check still doesnt work on some conditions.

Please note, this is unrelated to the HTTPS / certificate!

My configuration:

config interface 'wan'
	option ifname 'eth1'
	option proto 'static'
	option ipaddr '<public_IP>' #public IP
        ...

config interface 'lan'
	option ifname 'eth0 eth2'
	option force_link '1'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.0.5.1'
	option ip6assign '64'

config interface 'wifi'
	option proto 'static'
	option ipaddr '10.0.6.1'
	option netmask '255.255.255.0'
	option delegate '0'       #no IPv6

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '24h'
	list dhcp_option '6,10.0.5.1'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list dhcp_option '6,<public_IP>'

config dhcp 'wifi'
	option interface 'wifi'
	option start '100'
	option limit '150'
	option leasetime '4h'
	list dhcp_option '6,10.0.6.1'

config zone
	option name 'lan'
	list network 'lan'
	list network 'vpn0'
	list network 'wifi'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

DNS check works on (both HTTP&HTTPS):

• 10.0.5.1/foris from WIFI network
• <public_IP>/foris from LAN network

GET
http://10.0.5.1:9080/ [HTTP/1.1 101 Switching Protocols 9ms]
“WS registering for: dns” foris.min.js:1:3262
“WS message received: {“result”: true, “subscriptions”: [“dns”]}”

resp.

GET
https://10.0.5.1:9443/ [HTTP/1.1 101 Switching Protocols 43ms]
“WS registering for: dns” foris.min.js:1:3262
“WS message received: {“result”: true, “subscriptions”: [“dns”]}” foris.min.js:1:3347

DNS check doesnt work for (both HTTP&HTTPS):

• 10.0.5.1/foris from LAN network

GET 
http://10.0.5.1:9080/ [2ms]
"WS error occured:[object Event]" foris.min.js:1:3500
"WS connection closed." foris.min.js:1:3559
Pale Moon nemůže navázat spojení se serverem ws://10.0.5.1:9080/. foris.min.js:1:0

resp.

GET
https://10.0.5.1:9443/ [31ms]
“WS error occured:[object Event]” foris.min.js:1:3500
“WS connection closed.” foris.min.js:1:3559
Pale Moon nemůže navázat spojení se serverem wss://10.0.5.1:9443/. foris.min.js:1:0

P.S.:

It would be good to make ports customizable, as I think it could interfere with some user application(s) (?). I think I am not only one, who has configured other port for HTTPS in lighttp configuration, for example…

In case of automatic way, I am little bit afraid, as lighttp could be stopped/not-used, or not used for Foris, or configured other way; in that case websocket ports would be taken without reason, and most importantly, user could not be aware of this at all, when he will plan his custom applications / firewall rules.