Turris OS 3.10.5 in RC!

release

#1

Dear Turris users,

we just pushed Turris OS 3.10.5 into RC. Why so fast? There were reports that updated DHCPv6 client can cause some issues with some misconfigured DHCPv6 servers. We are trying to address that by updating the client to the newer upstream version and disabling some features by default. Apart from that we added few more minor things and polishing that we didn’t managed to get into 3.10.4. Release notes are as follows:

  • kernel, odhcpv6, twisted, openssh: update
  • ca-certificates: package for ca bundle
  • base: enable TCP fast open
  • haas-proxy: more robust CPU usage limits
  • odhcpv6: disable unicast support (caused problems in some networks), can be enabled in /etc/config/network

As always, if you encounter any issues please let us know. We are also highly interested whether this will resolve DHCPv6 issues, so we are interested in your feedback regarding that as well.


#2

#3

Will we see an update to Wireguard from https://gitlab.labs.nic.cz/turris/openwrt/commits/dev-pepe
or is it too late for this release?


#4

Most probably it won’t get to 3.10.5. The good thing about it is that it builds, but I’ll need to test it.
Once it’d be ready I’ll let you know in the issue about updating wireguard, which we have in our Gitlab, and also in this thread:


#5

FTR, I’ve been building WG myself with the SDK in repo.turris.cz and the source from OpenWRT/LEDE and using it for many months without issues.


#6

A post was split to a new topic: OpenVPN: VORACLE attack


#7

I can confirm that the odhcp6c update likely fixes the init7 issue - I’m seeing renew messages go out to ff02::1:2 and getting answered, where before they went to the unicast address, never to be heard from again.
I can’t answer as to whether the update correctly inserts the “noserverunicast” option into /etc/config/network, since I already had that in there pre-update.

(Footnote: It would be great if there was a proper option that adds -v to the odhcp6c commandline - impact is fairly minor, it adds log messages whenever it issues/receives a message. This makes troubleshooting issues a tad easier)


#8

I still have the same output as from updating from 3.10.3. Described here Turris OS 3.10.4 released! . Updater hangs but I do get update message in foris and version is shown correctly
root@turris:~# cat /etc/turris-version
3.10.5


#9

#10