i wanted to set up the let’s encrypt like in the Documentation described (for connecting to Foris and LuCI via https and later also nextcloud propably), but since i’m complete new in this stuff i maybe did something wrong
so first i use Windows with PuTTY and WinSCP for SSH and File transfer to the Router.
The Problem i have is that i can’t see anyithing in /root with WinSCP and when i try to create the frist File i always get “permission denied”
is there a way to copy the Files from the Documentation to the Router, so i dont have to type everything manualy in (to avoid mistakes). i saw that you can Download the files and was wondering if this is possible to upload them with this command i found
You can copy from the Documentation page directly into vi editor. It is just few pieces of text. Vi is not much user friendly for the first attemtp but give it few mintues with some tutorial and you’re done.
So i created now the Two Files and want to start the get_acme.sh an then this comes up
but when i look with vi i find the add.80 and the files has everything in it o.O
root@turris:~# /root/.acme.sh/get_acme.sh
cat: can't open 'add80.gw': No such file or directory
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[2] (newzone) has no device, network, subnet or extra opti ons
Warning: Section @zone[2] (newzone) has no device, network, subnet or extra opti ons
* Clearing IPv4 filter table
* Clearing IPv4 nat table
* Clearing IPv4 mangle table
* Clearing IPv4 raw table
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule #7
* Rule #8
* Rule 'vpn_turris_rule'
* Forward 'lan' -> 'wan'
* Forward 'vpn_turris' -> 'lan'
* Forward 'lan' -> 'vpn_turris'
* Forward 'vpn_turris' -> 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Populating IPv4 raw table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Clearing IPv6 filter table
* Clearing IPv6 mangle table
* Clearing IPv6 raw table
* Populating IPv6 filter table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule #7
* Rule #8
* Rule 'vpn_turris_rule'
* Forward 'lan' -> 'wan'
* Forward 'vpn_turris' -> 'lan'
* Forward 'lan' -> 'vpn_turris'
* Forward 'vpn_turris' -> 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Populating IPv6 raw table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/usr/share/firewall/turris'
! Skipping due to path error: No such file or directory
* Running script '/etc/firewall.d/with_reload/firewall.include.sh'
* Running script '/usr/share/miniupnpd/firewall.include'
/root/.acme.sh/get_acme.sh: line 17: can't open DOMAIN: no such file
/root/.acme.sh/get_acme.sh: line 20: can't open DOMAIN: no such file
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @zone[2] (newzone) has no device, network, subnet or extra opti ons
Warning: Section @zone[2] (newzone) has no device, network, subnet or extra opti ons
* Clearing IPv4 filter table
* Clearing IPv4 nat table
* Clearing IPv4 mangle table
* Clearing IPv4 raw table
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule #7
* Rule #8
* Rule 'vpn_turris_rule'
* Forward 'lan' -> 'wan'
* Forward 'vpn_turris' -> 'lan'
* Forward 'lan' -> 'vpn_turris'
* Forward 'vpn_turris' -> 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Populating IPv4 raw table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Clearing IPv6 filter table
* Clearing IPv6 mangle table
* Clearing IPv6 raw table
* Populating IPv6 filter table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule #7
* Rule #8
* Rule 'vpn_turris_rule'
* Forward 'lan' -> 'wan'
* Forward 'vpn_turris' -> 'lan'
* Forward 'lan' -> 'vpn_turris'
* Forward 'vpn_turris' -> 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Populating IPv6 raw table
* Zone 'lan'
* Zone 'wan'
* Zone 'newzone'
* Zone 'vpn_turris'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/usr/share/firewall/turris'
! Skipping due to path error: No such file or directory
* Running script '/etc/firewall.d/with_reload/firewall.include.sh'
* Running script '/usr/share/miniupnpd/firewall.include'
Well, to be fully honest I suggest you to stop play the Turris command line and study a bit general Linux knowledge. Until you break your unit.
Turris is nice and robust device even for not skilled user but jsut in case you stay in UI. Otherwise the knowledge is needed.
In general you should study at least the basics of linux command line. How it works, what is the logic, basic commands.
Eg. this one looks fine: http://linuxcommand.org/
I followed the instructions at: Turris Documentation everything seems to be working correctly, until I try to access Foris or Luci, then I just get:
This site can’t be reached
192.168.1.1 refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
I’m using a ddns service (noip.com).
Just to check, is the following correct?
In add80.gw <TURRIS_IP> is 192.168.1.1
In get_acme.sh and renew_acme.sh is xxx.ddns.net where xxx.ddns.net is my domain?
Below is the ouput if runnung get_acme.sh:=, you can see I get a couple of warnings / errors
root@turris:/etc/lighttpd# /root/.acme.sh/get_acme.sh
Warning: Unable to locate ipset utility, disabling ipset support
* Clearing IPv4 filter table
* Clearing IPv4 nat table
* Clearing IPv4 mangle table
* Clearing IPv4 raw table
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule #7
* Rule #8
* Redirect 'Turris Lets encrypt'
* Forward 'lan' -> 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Redirect 'Turris Lets encrypt'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 raw table
* Zone 'lan'
* Zone 'wan'
* Clearing IPv6 filter table
* Clearing IPv6 mangle table
* Clearing IPv6 raw table
* Populating IPv6 filter table
* Zone 'lan'
* Zone 'wan'
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule #7
* Rule #8
* Forward 'lan' -> 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 raw table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/usr/share/firewall/turris'
! Skipping due to path error: No such file or directory
* Running script '/etc/firewall.d/with_reload/firewall.include.sh'
* Running script '/usr/share/miniupnpd/firewall.include'
[Sat May 26 09:16:57 BST 2018] Domains not changed.
[Sat May 26 09:16:57 BST 2018] Skip, Next renewal time is: Wed Jul 25 07:12:37 UTC 2018
[Sat May 26 09:16:57 BST 2018] Add '--force' to force to renew.
[Sat May 26 09:16:57 BST 2018] Installing cert to:/etc/lighttpd/host.crt
[Sat May 26 09:16:57 BST 2018] Installing key to:/etc/lighttpd/host.key
[Sat May 26 09:16:57 BST 2018] Installing full chain to:/etc/lighttpd/fullchain.crt
[Sat May 26 09:16:57 BST 2018] Run reload cmd: cat /etc/lighttpd/host.crt /etc/lighttpd/host.key > /etc/lighttpd/hostkey.pem
[Sat May 26 09:16:57 BST 2018] Reload success
Warning: Unable to locate ipset utility, disabling ipset support
* Clearing IPv4 filter table
* Clearing IPv4 nat table
* Clearing IPv4 mangle table
* Clearing IPv4 raw table
* Populating IPv4 filter table
* Zone 'lan'
* Zone 'wan'
* Rule 'Allow-DHCP-Renew'
* Rule 'Allow-Ping'
* Rule 'Allow-IGMP'
* Rule #7
* Rule #8
* Forward 'lan' -> 'wan'
* Populating IPv4 nat table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv4 raw table
* Zone 'lan'
* Zone 'wan'
* Clearing IPv6 filter table
* Clearing IPv6 mangle table
* Clearing IPv6 raw table
* Populating IPv6 filter table
* Zone 'lan'
* Zone 'wan'
* Rule 'Allow-DHCPv6'
* Rule 'Allow-MLD'
* Rule 'Allow-ICMPv6-Input'
* Rule 'Allow-ICMPv6-Forward'
* Rule #7
* Rule #8
* Forward 'lan' -> 'wan'
* Populating IPv6 mangle table
* Zone 'lan'
* Zone 'wan'
* Populating IPv6 raw table
* Zone 'lan'
* Zone 'wan'
* Set tcp_ecn to off
* Set tcp_syncookies to on
* Set tcp_window_scaling to on
* Running script '/usr/share/firewall/turris'
! Skipping due to path error: No such file or directory
* Running script '/etc/firewall.d/with_reload/firewall.include.sh'
* Running script '/usr/share/miniupnpd/firewall.include'
Any help much appreciated. I’m not new to linux, but it seems I’m just butting up again issues with everything I try to do with this router!
It is logical that your broswer complains. You will have to allow and exception there.
With the Let’s Encrypt script you generated certitiface for the <DOMAIN> value in acme.sh, so the xxx.ddns.net
But in local network you are access the local IP 192.168.1.1 which is not corresponding to the DNS name stored in certificate. Local IP’s cannot be put in certificates (with Let’s Encrypt or public certification authorities).
So you have two options - access the router over internet even from home or put in hosts file a record point xxx.ddns.net to the local IP.
It sound like you’re suggesting that the certificate is causing my problem. However the error that chrome is reporting does not seem like a certificate error to me. I would have said that it seems more like the router isn’t listening on port 80 any more, or the firewall is blocking it…