Turris Omnia - HaaS has not been working for me for a long time now

I decided to open a seperate thread for this HaaS issue, since it seems unrelated to the other. For the last four months it has been defective/not working for me.

In the latest versions of reforis it should be a matter of setting up Sentinel, agreeing with the terms and entering your key to be identified correctly by the HaaS service. I’ve done that and everything has green checkmarks.

I used to get a fair amount of logins, but the last few months it just says zero. there is nothing logged.
I did read somewhere on this forum that it could be some Firewall rule problem, something that needs to be resolved by going into the advanced configuration.

Does anyone know how to check/resolve this?

1. I’ve already tried factory resetting the router a couple of times
2. I’ve flashed the latest recovery image to the router two times
3. I’ve deleted my device on the HaaS portal and created a new device with a new token.

Any help to get it working again is appreciated!

PS, I am aware of the recent outage due to maintenance, but this is not related to that.

Currently running:

ReForis version 1.1.2
Turris OS version 5.3.3
Turris OS branch HBS
Kernel version 4.14.254

Thanks in advance,
Gregory

You can check the specific firewall rule by

iptables -t nat -S|grep sentinel

or

iptables -t nat -S|grep 2525

Should look like below for HaaS

-A zone_wan_prerouting -p tcp -m tcp --dport 22 -m comment --comment "!sentinel: HaaS proxy port redirect" -j REDIRECT --to-ports 2525

Just an idea maybe it is from the token.
What about delete old device and register new device and get new token?

The output seems to be correct. I think it must be some bug or problem on the HaaS site? or maybe tied to my current account for HaaS.

output1592×159 39.1 KB

Yes, I have tried this, see my opening post.

Does everything else work with your router? No connectivity, DNS etc issues?

I have noticed this output just now in overview → Connection Test

Connection_Test640×667 22.2 KB

I am not sure what this indicates since SSH → check_connection reports no issues. So what does the gateway check indicate?

UPDATE: I tried to change my DNS resolver from DoT to normal ISP DNS but this doesn’t change ‘gateway connectivity’ status. Does it just mean it cannot connect to my ISP modem with an IP address? My connectivity seems fine overall.

It is gateway of your ISP.

Hi, I checked my haas statistics on web and I also didn’t have anything there since 12.12.2021 so I looked at reForis Sentinel tab to find out that one of agreement checkbox is unchecked?! Not sure how it happened but I’m pretty sure I didn’t do it.

HaaS is not working here on the TO2016 random after a reboot and/or update. Or it stops after to many phyton errors in the syslog.
Go to luci > > status > process and see if Haas is running. If not, go to luci > system > startup , scroll to HaaS, and press restart . That fixes almost always the problem.

For me, I’d say it is not clear if you have a public IPv4 address or not. You can try connecting to running honeypot on your router using your local network and from outside your local network.

Steps:

1. Honeypot as a Service is running on your router on port 2525, so you can try to connect to it to verify to ensure that it is indeed working. (ssh test@ipaddress -p 2525)

2. Try to connect from any public network to the SSH honeypot on your router by using the assigned IPv4 address to your router. If it does not work, then probably it is because you don’t have a public IPv4 address, or ports are filtered/blocked on the ISP side.

Same for me, since yesterday afternoon it stopped working properly after overflowing log with haas_proxy errors.
Unfortunately I had to stop service (at least until issues fixed) because I’m not able grep info from logs for other components since it doesn’t leave space.