Hi all
I’m using a Turris Omina running TOS3. The device is behind a firewall and not connected directly to the internet. All ports are configured in Switch mode and tagged with some VLANs.
Could anybody give me some hints how to configure this in TOS5, while I’m planing to migrate.
Thanks
There was a change in DSA switch driver and your TOS3.x config wont work. You would have to choose HBD experimental branch where there is fix for an introduced bug. [Omnia] kernel's bridge FDB not reconciling switch's ATU (#165) · Issues · Turris / Turris OS / Turris Build · GitLab
Also for now there is no luci (gui) support and you would have to setup everything from CLI.
Edit:
I would suggest to stay on TOS3.x untill the fix reaches HBK and there hopefully should be some LUCI support at that time from openwrt.
I got more VLANs and I hope for the same.
Some work was already merged in OpenWRT 21.02 master https://github.com/openwrt/luci/pull/4307 but its still not production ready.
your TOS3.x config wont work.
Well, the migration script should take care of it.
I would suggest to stay on TOS3.x untill the fix reaches HBK and there hopefully should be some LUCI support at that time from openwrt.
Please, don’t discourage users from using migration. Because from your post, it looks like all users would need to have the fix, which is not true.
Here is an article on how you can configure VLANs:
If you need more, then don’t hesitate to reach our technical support department, which is available on tech.support@turris.cz.
This does not answer : will my configuration work or not ?
Ansd the documentation does not teach me anything, it lacks many things : how can I choose which vlan is sent untagged (pvid/native vlan) on a port ? How can I select which vlans are sent on which ports ?
How are bridges managed with the vlans ?
With only this doc, I would believe that my today’s configuration is no more possible (I have several vlans on LAN side, but also a vlan bridged between WAN and LAN. But native vlan is different on WAN and LAN side)
And I cannot afford a broken router, for which I would have to find many pages in order to understand what broke,
So how can i be SURE that nothing will break when upgrading, or is there a rollback procedure somewhere, which can be executed without internet acces ?
I looked more in depth to available documentation : there is nothing about bridging either. With today’s documentation I would not buy a turris, because it seems to be unable to do what I need. I just hope it is
not the case, the regression would be very bad.
In the mean time, I won’t upgrade : I would not be able to configure a working router for me from scratch.
I migrated all my Turris Omnia routers back in March this year. I can’t remember if manual adjustments to my VLAN configurations where needed. Probably.
But I remember that I was surprised how well it went. I was prepared for a few hours of trial and error of configuration changes, but everything was running after less then a half hour.
I am not prepared, I cannot risk a break without documentation allowing me to repair.
Is there some testing tool I could use to check before, or is there a way to rollback to TOS 3 ?
The only way for me to upgrade with acceotable risks seems to be
Sorry, once at step 2 I do not need step 3 anymore and my Turris is then an expensive useless brick.
As far as I can tell, it should be possible to roll-back if you save the eMMC state before you attempt the upgrade. But even then things can go pear-shaped, like the eMMC failing at the most inopportune moment…
Well, that certainly is a way forward, if you really can not live with a bit of down-time.
Nope, “brick” is the term for a device that has been rendered non-functional, in your case it might have become superfluous, because the other device has taken over the omnia’s functionality to your satisfaction… Now, even today, a router that offers as much as an omnia is still quite pricy, while a deice for option 1) might be gotten for considerable less than 100EUR (if you are willing to buy second hand probably easily less then 50 EUR).
But your network, your decision. And given that you are not using the omnia as your firewall (IIUC) then sticking to TOS3 seems like a risk you might be willing to accept*. But if all you use the omnia for is as a manageable switch, maybe look at this thread over in the OpenWrt forum, for running OpenWrt on multi-port switches.
Now, without any implies offer to help you getting your configuration implemented under TOS5, I do not believe that a few VLANs will pose an unsurmountable hurdle to configure… It might make some sense though to wait for TOS being based on OpenWrt 20.21, which might include the LuCI GUI for DSA-based switch-ports.
I agree with @moeller0. The HBD branch is based on OpenWrt 20.21 and has the DSA gui, but as there was a change in the configuration of network devices, we need to make necessary changes in reForis so it takes some time to push the HBD branch to HBS.
@edavid Can you paste some details about your VLAN configuration?
Sorry I do not understand what you are speaking o. Note that TOS documentation does not even mention openwrt, and abbreviations like HDB or HBS are mysterious to me.
The onlly thing I understand is “wait”, so How can I prevent automaidc upgrade (since tos3-to4 package was automatically added)
Can you paste your VLAN configuration?
I’ll do this tonight
Here it is :
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config interface 'lan'
option force_link '1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.40.1'
option _orig_ifname 'eth0 eth2 wlan0 radio1.network1'
option _orig_bridge 'true'
option ifname 'eth0 eth2'
option ip6prefix '2a01:e0a:2b7:70e3::/64'
option ip6addr '2a01:e0a:2b7:70e3::1/64'
option auto '0'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option peerdns '0'
option dns '163.172.114.52'
config interface 'wan6'
option ifname '@wan'
option _orig_ifname '@wan'
option _orig_bridge 'false'
option proto 'static'
option ip6gw 'fe80::224:d4ff:fea4:412c'
option ip6addr '2a01:e0a:2b7:70e0::2/64'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '5'
config interface 'guest_turris'
option enabled '0'
option type 'bridge'
option ifname 'guest_turris_0 guest_turris_1'
option proto 'static'
option ipaddr '10.111.222.1'
option netmask '255.255.255.0'
option bridge_empty '1'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '10'
option ports '0 1 2 3 4 5t'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '20'
option ports '4t 5t'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '100'
option ports '4t 5t'
config interface 'FbxTV'
option type 'bridge'
option proto 'none'
option auto '1'
option delegate '0'
option _orig_ifname 'eth0.100 eth1.100'
option _orig_bridge 'true'
option ifname 'eth0.100 eth1.100 eth2.100'
config interface 'ISOLES'
option type 'bridge'
option proto 'static'
option ifname 'eth0.20 eth2.20'
option ipaddr '192.168.200.254'
option netmask '255.255.255.0'
option ip6addr '2a01:e0a:2b7:70e2::1/64'
option ip6gw '2a01:e0a:2b7:70e2::1'
option ip6prefix '2a01:e0a:2b7:70e2::/64'
config interface 'INTERNE'
option type 'bridge'
option _orig_ifname 'eth0.10 eth2.10'
option _orig_bridge 'true'
option proto 'static'
option netmask '255.255.255.0'
option ip6addr '2a01:e0a:2b7:70e1::1/64'
option ip6gw '2a01:e0a:2b7:70e1::1'
option ip6prefix '2a01:e0a:2b7:70e1::/64'
option ipaddr '192.168.1.254'
option ifname 'eth0.10 eth2.10'
config route6
option interface 'wan6'
option target '::/0'
option gateway 'fe80::224:d4ff:fea4:412c'HI Pierre,
I have just successfully finished migration from 3.x to 5.x.
I had around 10 virtual interfaces with VLANs of course.
I just had to do one change - more info here: Optional migration from Turris OS 3.x for advanced users - #140 by Comodore125
As I said there I do not understand where you had to type this ‘set’ command, and for which interfaces.
Are they bridged togeteher on a switch or independant subinterfaces ?
Hi Edavid,
I have replied in the original post.
Regarding your second question, bridging is separate abstraction from VLAN interface.