If the ISP is NATing ipv4, i.e. same ip shared by different downstream clients prevent ping returns might be a security measure by the ISP. And with the wide ipv6 range NATing not being necessary such (ping return) measure would not be necessary.
Hi @viktor. On which of your routers notification do not work?
Can you please add a info about
- Device model (MOX/Omnia/Turris 1.x)
- Turris OS version (preferably from
/etc/os-releaseor/etc/openwrt_release) - Notification configuration: a Foris screenshot or
/etc/config/user_notify(but hide your e-mail address) - Content of
/etc/sentineldirectory (ls -la /etc/sentinel) -
certgen version (
sentinel-certgen --version)
thanks
Questions answered via PM.
Hello,
I installed beta 9 - 2 days ago on my mox classic and here are my observations :
- mox still doesnât reboot correctly from command reboot from command line - can help command nor-update before reboot command - it can help you with this
- openvpn server works fine, but some clients (typically iPhone) cannot connect without changing of compress parameters, client from Win 10 works fine
- haas proxy cannot start automatically - start has been enabled with /etc/init.d/haas-proxy enable , but⌠it still doesnât start automatically, I have to start this manually from ssh command line
- from time to time haas proxy shutdowns itself, it is needed to restart it manually from command line /etc/init.d/haas proxy restart
All others works properly⌠from my point of view is the most important problem with reboot, which has been described yet
I also find this in the kernel log :
[195770.504496] ath10k_pci 0000:02:00.0: SWBA overrun on vdev 0, skipped old beacon
[195770.606806] ath10k_pci 0000:02:00.0: SWBA overrun on vdev 0, skipped old beacon
[195770.709348] ath10k_pci 0000:02:00.0: SWBA overrun on vdev 0, skipped old beacon
and then [195773.438192] ath10k_pci 0000:02:00.0: Cannot communicate with firmware, attempting to fake crash and restart firmware.
Hi @roman-profiservis. openvpn plugin should not use compression at all. Would you please add more info what you needed to do/change?
Hi Vojtech,
in original (downloaded config from Mox in Forris web interface) is this parameter :
compress lzo
This works with PC - but doesnât work with my iphone. OpenVPN is created, but no data through VPN.
Try you change this parameter to
comp-lzo
⌠delete any older config from iphone and import this new config into iphone.
For me it works OK in PC and in iphone too.
Roman
thanks for details
- You can (and you should) have different client generated in your Turris for each of your VPN device
-
comp-lzois older and deprecated variant ofcompress lzoconfig. So it depends what application you use in your iPhone (or which OpenVPN implementation). - As I said, OpenVPN plugin should not use compress at all. You have probably set it up in some early beta or alfa TOS release where the compression was still present. You can remove the compression from
/etc/config/openvpnbut then you will need to regenerate and reconfigure all your devices
Hi,
yes, I am using âOpenVPN Connectâ client from Apple Store - this one is only free of charge.
Yes, I use maybe older config from Turris 1.0 from past - all config was copied from older Turris (blue , 1.x)
Every client has different config file - which is imported into device via .OPVN file.
So I would recommend you to reset the OpenVPN and configure it from scratch or at least remove the option compress line from config openvpn 'server_turris' in /etc/config/openvpn to disable the compression.
After I changed wan settings in Foris (PPPoE IPv4 to PPPoE IPv4+IPv6, my IP has not changed), I could not communicate with my Omnia through OpenVPN until I rebooted the device.
But after reboot I lost all my records from Pakon for last 24 hours.
I have this some problem.
How did you reboot the device? Was it a clean reboot from web or command line interface?
It was a clean reboot from Foris.
Hi , is it possible to add âfactory resetâ to luci or foris? With this beta testing that might come in very handy 
thank you.
As vojtech wrote, compression for OpenVPN should be disabled as it is insecure: https://community.openvpn.net/openvpn/wiki/VORACLE this also resolves https://community.openvpn.net/openvpn/ticket/1126 regarding iOS devices.
Today I rebooted from Foris and Iâve lost Pakon data for last 24h again. (Omnia 4.0 b9)
Pakon backs up daily at 02:05 ( and compresses the backup at 10:05 and 18:05). If the router restarts before that time on that day, the database for that day will be lost. See Cron: /etc/cron.d/pakon
This is to avoid overwriting eMMC memory (or other storage) often.
How is it possible that Iâve lost data for the last 24h (Pakon list was almost empty, there were records only for last minute there) and not from 2:05 to the time of restart?
Omnia should backup Pakon database before restart to avoid data loss.
@RomanHK is right, Pakon DB runs in memory do not wear Omnia flash drive and it is stored to persistent flash regularly.
However, dump of the database is also part of âstopâ action of the service (init script) and so it should save the current data during regular reboot. If some data is lost during clean reboot, something does not work as expected. I will file an issue and assign it to a pakon maintainer to look after it.