Turris OS 3.7 out now! Guest wi-fi, syslog-ng and more included

adorjanig · June 26, 2017, 10:18pm

Thanks for the infos.

I would prefer independent startup scripts (as with stock OpenWRT) for each DNS resolver, so I can choose precisely what I want. I use a mixed DNSmasq + Unbound setup: DNSmasq for DHCP everywhere and resolving on my internal networks, then it forwards DNS requests to Unbound. Unbound listens on the guest wifi interface and acts as a standalone resolver for both DNSmasq and guest clients.

The point is that this way the router can work independently of my ISP, and possibly compromised guest devices (e.g. unpatched Android devices of the kids’ friends) cannot map out my internal networks.

czbird · June 26, 2017, 11:22pm

Hmm, today, I had a call from home that wifi was off. When I went there, 5GHz SSID was missing and 2.4 GHz one said Wrong password to correct password. I received mail notification about the update, so I had a suspicion. Reboot fixed it, thankfully.

rguerra · June 27, 2017, 6:57am

I too get the same error. Specifically, I get the following when I manually run the updater…

$ opkg update
$ updater.sh

WARN:Script revision-specific not found, but ignoring its absence as requested
WARN:Script serial-specific not found, but ignoring its absence as requested
DIE:
inconsistent: Package luci-ssl requires package libustream-polarssl that is not available.

What’s strange, is that if try to install the package…it seems it is already installed…

opkg install libustream-polarssl

Package libustream-polarssl (2015-07-09-c2d73c22618e8ee444e8d346695eca908ecb72d3) installed in root is up to date.

What are the steps to resolve the issue so that update can proceed?

Darei · June 27, 2017, 7:20am

Second restart solved problem, but I have new one. I use VPN (first setup was on 3.6.x FW) and everything works fine. When I connect today to my TO, trought VPN, and turn on Guest WiFi in Forris WiFi section, WEB was stop responding, so I can not connect to Forris (and LuCi). VPN looks connected, but no service was accessed (my NAS, RPi, …). Reconnect VPN didn’t solve problem, SSH not working too. I am not home, so I can not unplug my TO from power and force restart.

maurer · June 27, 2017, 7:54am

i also had the same issue and solved it with
opkg remove libustream-polarssl

rguerra · June 27, 2017, 8:44am

I tried opkg remove libustream-polarssl, and then running update again… and still have an issue. I get the following error now:

WARN:Script revision-specific not found, but ignoring its absence as requested
WARN:Script serial-specific not found, but ignoring its absence as requested
DIE:
inconsistent: Package uhttpd-mod-tls requires package libustream-polarssl that is not available.

As well, I think I am starting to get the dreaded segmentation fault error again when I try to install new packages

maurer · June 27, 2017, 8:58am

opkg remove uhttpd-mod-tls

Nick87 · June 27, 2017, 9:33am

I have the same error being:
inconsistent: Requested package transmission-web that is not available.

prezes_kk · June 27, 2017, 10:58am

I have the same problem. But after remove this package and re run updater.sh I have another issue:

Error notifications

Updater failed:
inconsistent: Package luci-ssl requires package libustream-polarssl that is not available.

Pepe · June 27, 2017, 11:00am

This same happened in Czech section.
Somebody from Turris team said that package luci-ssl is not tested and supported for now.
Now you can remove it. This dependency should be fixed in 3.7.1

kixorz · June 27, 2017, 1:37pm

What does the “experimental support for graphics cards” entail? Can we have more details on that?

Update:
I found something in the sources, it’s DisplayLink USB graphics card support.

3ullit · June 28, 2017, 12:23pm

Since the update I can’t connect to subaru-community.com First i thought it is a problem on their side, but isup.me says it’s up and when I try to connect from my mobile connection I can reach the site. Any idea what causes this problem? Up til now it’s only this one homepage.

Name resolution doesn’t seem to be the problem, as a ping directs me to 193.138.215.112 what is the correct IP, but I can’t get an answer, all packets are lost If I insert that IP directly into the browser it also times out.

Edit: when I try the ping feature of LuCI i get the error:
ping: sendto: Operation not permitted

but only for the aforementioned url, no problem with, e.g., google.com

Edit2: before the rainbow cron-job starts everything works as it’s supposed to do, afterwards I have the described problems with that single website…

fsteff · June 29, 2017, 12:43pm

In the last two days, I’ve had 8 email notifications from my Turris Omnia, with the following text:

##### Error notifications #####
Updater failed:
inconsistent: Requested package transmission-web that is not available.

Is there anything I can do to resolve it, or will I just have to wait for the package to become available?

cynerd · June 28, 2017, 6:17am

You might want to add archive repository for time being (if you don’t want to remove transmission-web). https://www.turris.cz/doc/en/howto/downgrade_packages#downgrading_selected_packages Adding archive repository should be enough. For Turris Omnia you should add following to file /etc/updater/user.lua:

Repository 'turris-archive' 'https://api.turris.cz/openwrt-repo/archive/omnia/3.6.5/packages' {
	subdirs = {'base', 'turrispackages', 'lucics', 'packages', 'routing', 'management', 'telephony', 'printing'},
	priority = 40,
	ca = "file:///etc/ssl/updater.pem",
	crl = "file:///tmp/crl.pem",
	ocsp = false,
	pubkey = "file:///etc/updater/keys/release.pub"
}

We are sorry for inconvenience, but it seems that OpenWRT build system skipped build of transmission-web package. We hope that we will re-release it in one of the following fixup releases.

Edit: Sorry I missed new ocsp switch. Add it and it should I hope work.

fsteff · June 29, 2017, 11:42am

Thanks.
I made the changes yesterday, and eagerly awaited the update.

This morning I got the following (Lots of lines omitted):

##### Update notifications #####
 • Installed version git-17.125.68803-99f44f6-2 of package luci-app-transmission
 • Installed version git-17.125.68803-99f44f6-2 of package luci-i18n-transmission-cs
 • Installed version git-17.125.68803-99f44f6-2 of package luci-i18n-transmission-en
##### Error notifications #####
Updater failed:
 • unreachable: https://api.turris.cz/openwrt-repo/archive/omnia/3.6.5/packages/telephony/Packages.gz: No OCSP response received
 • unreachable: https://api.turris.cz/openwrt-repo/archive/omnia/3.6.5/packages/routing/Packages.gz: No OCSP response received
 • unreachable: https://api.turris.cz/openwrt-repo/archive/omnia/3.6.5/packages/printing/Packages.gz: No OCSP response received

So it seems like one step forward, but also a step backward?

cynerd · June 29, 2017, 4:30pm

In such case you might want to try traceroute (https://linux.die.net/man/8/traceroute).

3ullit · June 29, 2017, 5:49pm

That gives the output:

1traceroute: sendto: Operation not permitted

(The 1 is not there by mistake)

The 193.138.215.112 is by the way the correct IP, that sentence wasn’t supposed to be a question.

Pepe · June 29, 2017, 6:16pm

I just tried it on older Turris and same problem. (But I’m not regular visitor. Just tried your issue)
In Chrome it says:" ERR_CONNECTION_TIMED_OUT" and I tried it on cellular data and there it works.

root@turris:~# traceroute subaru-community.com
traceroute to subaru-community.com (193.138.215.112), 30 hops max, 38 byte packets
1traceroute: sendto: Operation not permitted

root@turris:~# dig subaru-community.com

; <<>> DiG 9.9.8-P4 <<>> subaru-community.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34223
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 8192
;; QUESTION SECTION:
;subaru-community.com. IN A

;; ANSWER SECTION:
subaru-community.com. 86400 IN A 193.138.215.112

;; AUTHORITY SECTION:
subaru-community.com. 86400 IN NS ns2.bboxbbs.ch.
subaru-community.com. 86400 IN NS ns1.bboxbbs.ch.

;; Query time: 137 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 29 20:17:48 CEST 2017
;; MSG SIZE rcvd: 111

and I tried it with Google DNS:

root@turris:~# dig subaru-community.com @8.8.8.8

; <<>> DiG 9.9.8-P4 <<>> subaru-community.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18432
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;subaru-community.com. IN A

;; ANSWER SECTION:
subaru-community.com. 38654 IN A 193.138.215.112

;; Query time: 23 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jun 29 20:18:11 CEST 2017
;; MSG SIZE rcvd: 65

I tried traceroute on my NAS and after first hope (which is router) it shows only **** until 30 same on Windows 10.

//EDIT: I’ve just try it only with UPC modem (w/o Turris) and it works.

3ullit · June 29, 2017, 6:31pm

So it’s not an isulated issue on my part where maybe I damaged a config, thank you very much!

Could you maybe restart your router and as soon as you have a connection try to reach the homepage? Because right after the reboot it works for me, only after the rainbow cron-job (ca. 1 Min after restart) is finished the first time (and my LEDs change color) I can’t reach the homepage anymore …

X-dark · June 29, 2017, 8:21pm

Here is the relevant part of a strace of a tracroute to subaru-community.com on the omnia:

setsockopt(4, SOL_IP, IP_TTL, [1], 4)   = 0
sendto(4, "\1\1\0\0\0\0\0\0\0\0", 10, 0, {sa_family=AF_INET, sin_port=htons(33435), sin_addr=inet_addr("193.138.215.112")}, 16) = -1 EPERM (Operation not permitted)
write(2, "traceroute: sendto: Operation no"..., 44traceroute: sendto: Operation not permitted
) = 44
exit_group(1)                           = ?
+++ exited with 1 +++