Currently I have uptime more than 4 days and it works fine. I had no more issues with Mox. Hard to say what happened with SDIO Wifi right after the update.
I am still wondering why foris-controller uses so much CPU and sometimes also kresd.
1 Like
No problems here either. One of the lighttpd configs got replaced, moving my https port from :8443 to :443, but other than that, nothing to report.
Btw, since I’m trying to keep haproxy up-to-date, this is a rather welcome update. Having to build in a openwrt-23.05 based branch with downgraded musl, openssl and a few others was a pain - doing so in the 22.03 branch with up-to-date feeds (only had to revert the commit moving libpcre2 to base in 23.05) is way better. Thanks 
The Tor version from 22.03 started to be obsolete. I’ve asked for backporting a new version into 22.03 and @Pepe was lightning-fast to do the backport: tor: Version 4.7.10 in 22.03 is considered insecure by the network · Issue #23546 · openwrt/packages · GitHub . So I guess the next RC should contain the newer Tor release, am I right? Is there an RC planned in a foreseeable future?
We just released a new RC with several additional fixes, mainly:
- fixed Knot Resolver 6
- fixed default LXC configuration
- updated and fixed Squid
- fixes for StrongSwan
- fixed hostname page in reForis
We still have a few things to go through before rolling it out as stable, but you can check those fixes in the meantime.
Thank you for all your help and all the feedback, we really appreciate it!
5 Likes
Both Knot resolvers, 5 and 6, are still broken in TOS7 in that sense that as soon as you enable the dns64 module, the first query crashes the resolver. I wonder how this is even possible.
Other thing I noticed, in TOS6, I use ethtool -m eth2 to monitor signal level and temperature of the SFP module:
root@omnia:~# ethtool --version
ethtool version 5.10
root@omnia:~# ethtool -m eth2
Identifier : 0x03 (SFP)
Extended identifier : 0x04 (GBIC/SFP defined by 2-wire interface ID)
Connector : 0x07 (LC)
Transceiver codes : 0x00 0x00 0x00 0x00 0x22 0x00 0x01 0x00 0x00
Transceiver type : FC: intermediate distance (I)
Transceiver type : FC: Longwave laser (LC)
Transceiver type : FC: Single Mode (SM)
Encoding : 0x01 (8B/10B)
BR, Nominal : 1300MBd
Rate identifier : 0x00 (unspecified)
Length (SMF,km) : 10km
Length (SMF) : 10000m
Length (50um) : 0m
Length (62.5um) : 0m
Length (Copper) : 0m
Length (OM3) : 0m
Laser wavelength : 1310nm
Vendor name : FS
Vendor OUI : 00:00:00
Vendor PN : SFP-GE-BX
Vendor rev : A0
Option values : 0x00 0x1a
Option : RX_LOS implemented
Option : TX_FAULT implemented
Option : TX_DISABLE implemented
BR margin, max : 0%
BR margin, min : 0%
Vendor SN : F2130219099
Date code : 220922
Optical diagnostics support : Yes
Laser bias current : 13.600 mA
Laser output power : 0.2533 mW / -5.96 dBm
Receiver signal average optical power : 0.0937 mW / -10.28 dBm
Module temperature : 47.60 degrees C / 117.68 degrees F
Module voltage : 3.2285 V
Alarm/warning flags implemented : Yes
Laser bias current high alarm : Off
Laser bias current low alarm : Off
Laser bias current high warning : Off
Laser bias current low warning : Off
Laser output power high alarm : Off
Laser output power low alarm : Off
Laser output power high warning : Off
Laser output power low warning : Off
Module temperature high alarm : Off
Module temperature low alarm : Off
Module temperature high warning : Off
Module temperature low warning : Off
Module voltage high alarm : Off
Module voltage low alarm : Off
Module voltage high warning : Off
Module voltage low warning : Off
Laser rx power high alarm : Off
Laser rx power low alarm : Off
Laser rx power high warning : Off
Laser rx power low warning : Off
Laser bias current high alarm threshold : 100.000 mA
Laser bias current low alarm threshold : 1.000 mA
Laser bias current high warning threshold : 90.000 mA
Laser bias current low warning threshold : 2.000 mA
Laser output power high alarm threshold : 0.6310 mW / -2.00 dBm
Laser output power low alarm threshold : 0.1000 mW / -10.00 dBm
Laser output power high warning threshold : 0.5012 mW / -3.00 dBm
Laser output power low warning threshold : 0.1259 mW / -9.00 dBm
Module temperature high alarm threshold : 80.00 degrees C / 176.00 degrees F
Module temperature low alarm threshold : -10.00 degrees C / 14.00 degrees F
Module temperature high warning threshold : 75.00 degrees C / 167.00 degrees F
Module temperature low warning threshold : -5.00 degrees C / 23.00 degrees F
Module voltage high alarm threshold : 3.6300 V
Module voltage low alarm threshold : 2.9700 V
Module voltage high warning threshold : 3.4700 V
Module voltage low warning threshold : 3.1276 V
Laser rx power high alarm threshold : 0.6310 mW / -2.00 dBm
Laser rx power low alarm threshold : 0.0040 mW / -23.98 dBm
Laser rx power high warning threshold : 0.5012 mW / -3.00 dBm
Laser rx power low warning threshold : 0.0050 mW / -23.01 dBm
In TOS7, package ethtool contains only tiny version of the utility, providing only a hex dump:
root@omnia:/# ethtool --version
ethtool version 5.16 (pretty dumps disabled)
root@omnia:/# ethtool -m eth2
Offset Values
------ ------
0x0000: 03 04 07 00 00 00 00 22 00 01 00 01 0d 00 0a 64
0x0010: 00 00 00 00 46 53 20 20 20 20 20 20 20 20 20 20
0x0020: 20 20 20 20 00 00 00 00 53 46 50 2d 47 45 2d 42
0x0030: 58 20 20 20 20 20 20 20 41 30 20 20 05 1e 00 23
0x0040: 00 1a 00 00 46 32 31 33 30 32 31 39 30 39 39 20
0x0050: 20 20 20 20 32 32 30 39 32 32 20 20 68 f0 01 ce
0x0060: 2d 00 08 08 e2 1c af 06 e4 21 0f 86 cc e8 cc 18
0x0070: 1d a7 47 00 00 00 00 00 00 00 00 00 26 7b 6e 53
0x0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0100: 50 00 f6 00 4b 00 fb 00 8d cc 74 04 87 8c 7a 2c
0x0110: c3 50 01 f4 af c8 03 e8 18 a6 03 e8 13 94 04 eb
0x0120: 18 a6 00 28 13 94 00 32 00 00 00 00 00 00 00 00
0x0130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0140: 00 00 00 00 3f 80 00 00 00 00 00 00 01 00 00 00
0x0150: 01 00 00 00 01 00 00 00 01 00 00 00 00 00 00 41
0x0160: 2f 3e 7e 1d 1a 5e 09 e5 03 a3 ff ff ff ff 00 ff
0x0170: 00 00 ff ff 00 00 ff ff ff ff ff 00 00 00 00 00
0x0180: 49 50 55 49 41 47 35 52 41 42 31 30 2d 32 30 39
0x0190: 34 2d 30 32 56 30 32 20 01 00 46 00 00 00 00 d4
0x01a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x01b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa
0x01c0: 47 4c 43 2d 42 58 2d 55 20 20 20 20 20 20 20 20
0x01d0: 20 20 20 20 31 36 20 20 20 20 20 20 20 20 20 26
0x01e0: 1e 28 2e 2e 31 34 29 36 00 00 00 00 00 00 00 00
0x01f0: 00 00 00 00 00 66 00 00 ff c0 ff ff ff c0 ff ff
But what I find strange is that even if I replace the package with ethtool-full, I will still not get the signal level or temperature, only some static data like serial number:
root@omnia:/# ethtool --version
ethtool version 5.16
root@omnia:/# ethtool -m eth2
Identifier : 0x03 (SFP)
Extended identifier : 0x04 (GBIC/SFP defined by 2-wire interface ID)
Connector : 0x07 (LC)
Transceiver codes : 0x00 0x00 0x00 0x00 0x22 0x00 0x01 0x00 0x00
Transceiver type : FC: intermediate distance (I)
Transceiver type : FC: Longwave laser (LC)
Transceiver type : FC: Single Mode (SM)
Encoding : 0x01 (8B/10B)
BR, Nominal : 1300MBd
Rate identifier : 0x00 (unspecified)
Length (SMF,km) : 10km
Length (SMF) : 10000m
Length (50um) : 0m
Length (62.5um) : 0m
Length (Copper) : 0m
Length (OM3) : 0m
Laser wavelength : 1310nm
Vendor name : FS
Vendor OUI : 00:00:00
Vendor PN : SFP-GE-BX
Vendor rev : A0
Option values : 0x00 0x1a
Option : RX_LOS implemented
Option : TX_FAULT implemented
Option : TX_DISABLE implemented
BR margin, max : 0%
BR margin, min : 0%
Vendor SN : F2130219099
Date code : 220922
2 Likes
Connection dropped during update over WiFi
INFO:Running postinst of lighttpd-mod-openssl
INFO:Running postinst of luci-base
INFO:Running postinst of luci-mod-network
INFO:Running postinst of luci-mod-status
INFO:Running postinst of lighttpd-mod-auth
INFO:Running postinst of lighttpd-mod-authn_pam
INFO:Running postinst of lighttpd-mod-alias
INFO:Running postinst of lighttpd-mod-cgi
INFO:Running postinst of lighttpd-mod-fastcgi
INFO:Running postinst of wpad-openssl
client_loop: send disconnect: Broken pipe
but it seems to be fine after reboot.
I can confirm that Hostname page has been fixed in reForis.
Logs - some strange things
Feb 27 18:29:18 turris procd: /etc/rc.d/S99start-indicator: Command failed: ubus call service signal { "name": "rainbow-animator", "signal": 10 } (Not found)
Feb 27 18:29:19 turris procd: /etc/rc.d/S99start-indicator: Command failed: ubus call service signal { "name": "rainbow-animator", "signal": 12 } (Not found)
rainbow probably does not make sense on Mox as it has only red LED.
I recommend doing this kind of updates in “screen” so when the connection drops it still finishes the update and you can come back to it using “screen -x”
1 Like
Or just clicking the update button in reforis and watching the log
1 Like
7.0.0 RC1 → 7.0.0 RC2 update okay. No noticeable cable/wifi/internet interruption (wifi had to reconnect, but it was pretty fast). Restart was not needed.
kresd5 worked after update, and I chose kresd6 afterwards. It also works.
After the update, PPtP VPN server was still broken as after update to RC1. I digged deeper and indeed it was because of this error:
Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.8, this is 2.4.9`
As a workaround, I’ve set /etc/config/pptpd option logwtmp from 1 to 0. To actually fix it, you’ll have to rebuild package pptpd against the newer ppp-mod-pptp.
What was a bit weird is that I did not get any notification about the update being finished.
Turris Omnia 2017, 1 GB RAM, dead eMMC, system running from mSATA SSD, original wifi cards, UBoot 2022.10. Storage plugin enabled, LXC containers, tor relay, USB HDD shared over samba4 and minidlna, Syncthing, SQM, Hardwario gateway + MQTT IoT bridge, OpenVPN, PPtP VPN, Strongswan IKEv2 VPN, morce.
1 Like
Updated today without major issues.
As mentioned, It took like 15 mins to update. Cable network didn’t disconnected, but internet connection dropped for a few.
Lxc containers are up and running, but docker service is not starting, and the logs are pointing to something related to iptables:
Mar 1 02:04:11 turris dockerd-init: Unable to get physical device for interface wan
Mar 1 02:04:12 turris dockerd[15442]: time="2024-02-29T23:04:12-03:00" level=warning msg="containerd config version `1` has been deprecated and will be removed in containerd v2.0, please switch to version `2`, see https://github.com/containerd/containerd/blob/main/docs/PLUGINS.md#version-header"
Mar 1 02:04:12 turris dockerd[15442]: time="2024-02-29T23:04:12.283431464-03:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured"
Mar 1 02:04:12 turris dockerd[15442]: time="2024-02-29T23:04:12.284802731-03:00" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured"
Mar 1 02:04:12 turris dockerd[15442]: time="2024-02-29T23:04:12.289180075-03:00" level=error msg="failed to initialize a tracing processor \"otlp\"" error="no OpenTelemetry endpoint: skip plugin"
Mar 1 02:04:13 turris dockerd[15442]: time="2024-02-29T23:04:13.022960462-03:00" level=warning msg="Could not load necessary modules for IPSEC rules: protocol not supported"
Mar 1 02:04:14 turris dockerd[15442]: time="2024-02-29T23:04:14.144056658-03:00" level=warning msg="grpc: addrConn.createTransport failed to connect to {unix:///var/run/docker/containerd/containerd.sock <nil> 0 <nil>}. Err :connection error: desc = \"transport: Error while dialing dial unix:///var/run/docker/containerd/containerd.sock: timeout\". Reconnecting..." module=grpc
Mar 1 02:04:14 turris dockerd[15442]: failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Failed to Setup IP tables: Unable to enable NAT rule: (iptables failed: iptables --wait -t nat -I POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE: iptables v1.8.7 (nf_tables): CHAIN_ADD failed (No such file or directory): chain POSTROUTING
Mar 1 02:04:14 turris dockerd[15442]: (exit status 4))
1 Like
I believe I encountered the same problem when using TOS7.0 long time ago. The problem probabbly exists because in OpenWRT 22.03 they switched to nftables so adapted docker acordingly but TOS7.0 still uses iptables instead of nft.
Maybe some iptables-legacy package would help or there is patch needed for TOS until they switch to nftables as in OpenWRT. @eliaspolicena you should anyway file in an issue on gitlab and/or try installing iptables-legacy.
Try to use nftables instead.
cat /etc/updater/conf.d/opkg-auto.lua
Install("firewall4")
Package("firewall", { virtual = true })
pkgupdate
reboot
It works for me without any issue.
1 Like
Like that Sentinel and minipots won’t work 
Just found in logs
Mar 2 12:13:35 turris updater-supervisor: Traceback (most recent call last):
File "/usr/bin/updater-supervisor", line 33, in <module>
sys.exit(load_entry_point('svupdater==1.5.6', 'console_scripts', 'updater-supervisor')())
File "/usr/lib/python3.10/site-packages/svupdater/__main__.py", line 109, in main
File "/usr/lib/python3.10/site-packages/svupdater/_supervisor.py", line 146, in run
File "/usr/lib/python3.10/site-packages/svupdater/notify.py", line 77, in changes
File "/usr/lib/python3.10/site-packages/packaging/version.py", line 54, in parse
File "/usr/lib/python3.10/site-packages/packaging/version.py", line 200, in __init__
packaging.version.InvalidVersion: Invalid version: '2022-01-16-cff80b4f-21.3'
But I have
root@turris:~# opkg list | grep cff80b4f
hostapd-common - 2022-01-16-cff80b4f-22.3
wpad-openssl - 2022-01-16-cff80b4f-22.3
I would try snapshot and pkgupdate --reinstall-all first
The cause is very unclear so far and might reach well beyond dns64. Thanks!
I was able at least to avoid the immediate crash by a simple patch to the installed /usr/lib/knot-resolver/kres_modules/dns64.lua:
@@ -56,4 +56,4 @@ end
-- Currently the implementation is lazy and kills it all if any AAAA is excluded.
-local function do_exclude_prefixes(qry)
- local rrsel = qry.request.answ_selected
+local function do_exclude_prefixes(qry, req)
+ local rrsel = req.answ_selected
for i = 0, tonumber(rrsel.len) - 1 do
@@ -96,3 +96,3 @@ function M.layer.consume(state, req, pkt)
and qry.flags.RESOLVED and not qry.flags.CNAME and qry.parent == nil
- and pkt:rcode() == kres.rcode.NOERROR and do_exclude_prefixes(qry) then
+ and pkt:rcode() == kres.rcode.NOERROR and do_exclude_prefixes(qry, req) then
-- Start a *marked* corresponding A sub-query.
3 Likes
@eliaspolicena network: firewall, firewall4, iptables: switch to legacy mode (!702) · Merge requests · Turris / Turris OS / Turris Build · GitLab take a look here
Regarding the ethtool issue, it seems to be an upstream issue related to change from ioctl to netlink backend for reading transciever data. I just tested compiling ethtool-full 6.6 from the Openwrt master branch and it can again measure all signal levels without issue.
Perhaps it would be a good idea to backport newer ethtool into TOS7 and replace variant ethtool with ethtool-full as this utility is really helpful especially in cases when you are offline and cannot easily install new packages.
6 Likes
Tried, waited few days and still not fixed.
Erorr slighlty different.
Mar 7 11:11:29 turris updater-supervisor: Traceback (most recent call last):
File "/usr/bin/updater-supervisor", line 33, in <module>
sys.exit(load_entry_point('svupdater==1.5.6', 'console_scripts', 'updater-supervisor')())
File "/usr/lib/python3.10/site-packages/svupdater/__main__.py", line 109, in main
File "/usr/lib/python3.10/site-packages/svupdater/_supervisor.py", line 146, in run
File "/usr/lib/python3.10/site-packages/svupdater/notify.py", line 77, in changes
File "/usr/lib/python3.10/site-packages/packaging/version.py", line 54, in parse
File "/usr/lib/python3.10/site-packages/packaging/version.py", line 200, in __init__
packaging.version.InvalidVersion: Invalid version: '5.15.148-1-ac3950207e90faa9d8a5b1c624fa87c0'