Turris OS 7.1.2 is in RC now!

Dear Turris users,

we just released Turris OS 7.1.2 into hbt. We fixed an issue in nor-update that could break your setup and we also added proper dependencies to miniupnpd so it should now install the correct variant of the daemon. It also contains new version of reForis that polishes the UI even more.

Full release notes are as follows:

:pushpin: Updates

  • reForis: Update to version 3.2.0

:bug: Bug Fixes

  • miniupnpd: Fix dependencies on firewall
  • uboot-tools: More robust handling of U-Boot during update
  • user-notify: Adjust notification to to make them less likely to end up in spam

Should be pretty small fixup release and if everything goes well, we will release it on Monday.

2 Likes

When will be the U-Boot update for Omnia stable?

1 Like

Its open source compile your own with just the version number bumped up if its what you care about or submit issue if there is something to be fixed

MOX classic, HBK branch, .5 GB, 2x WiFi, simple config. All seems OK.

And what about this problem? Solved?

Well you didnt provide any info what is wrong besides “No internet please fix”.

After update can you login to the router and if “there is Internet there” or is it just on the clients. Try pinging IP address intead of DNS name from the router and client. To kind of scope down what might be wrong. Also your default gateway. Provide info what kind of connection do you have.

2 Likes

Turris Omnia 2020 HBT All seems O.K.

I did get the MCU upgrade notification again.

Thanks

Well I am not the only one with this problem after 7.1 update. I tried various ways to solve this but without any success.

I wrote in next posts in that thread, that Omnia thinks everything is ok, including speedmeter, but devices on LAN or WiFi get no internet.

Quoting you:

So you basically tried not much. Try the things I proposed. I am almost certain that “there is internet” on you router after update just not on the clients for some unknown reason. Debug log from updater might be helpful. Might shade a light what went wrong in your case.

2 Likes

Hmm, paging in librespeed results, nice =)

7.1.1→ 7.1.2 RC1 update okay. No noticeable cable/wifi/internet interruption. Restart was not needed.


Turris Omnia 2017, 1 GB RAM, dead eMMC, system running from mSATA SSD, original wifi cards, UBoot 2022.10. Storage plugin enabled, LXC containers, tor relay, USB HDD shared over samba4 and minidlna, Syncthing, SQM, Hardwario gateway + MQTT IoT bridge, OpenVPN, PPtP VPN, Strongswan IKEv2 VPN, morce.


I did not get the MCU upgrade notification this time…

I have tried enough to get to know, that problem was in that update. Few others ended up with rollback as me.
I have even try to compare backup files 7.0.3 and 7.1.0 (such as network, dhcp, etc), but have found nothing.

AFAIK those were mainly people with broken Unbound on Turris 1.x. That doesn’t sound related really. (and it should work now)

1 Like

I have just tried (hbs) and it is still broken. Again have to revert back to 7.0.3. I can try it tomorrow and check something if you guide me what to search for.
Librespeed OK, connection test OK, but no internet for devices.


Couldn’t it be this in your case? Turris OS 7.1 is out! - #115 by elvenbone

1 Like

No, this setting is the same as on 7.0.3 = 6,192.168.1.1

7.1.0 backup files (pretty same as on 7.0.3):

DHCP


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option port '0'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	list dhcp_option '6,192.168.1.1'
	option force '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guest_turris'
	option interface 'guest_turris'
	option ignore '0'
	option start '100'
	option limit '150'
	option leasetime '3600'
	option dhcpv6 'server'
	option ra 'server'
	list dhcp_option '6,10.111.222.1'

config host
	option dns '1'
	option ip '192.168.1.3'
	list mac 'xxxxxxxxxx'
	option name 'LXC-jdownloader'

config host
	option mac 'xxxxxxxxxxxx'
	option name 'Turris-2'
	option dns '1'
	option ip '192.168.1.2'

NETWORK


config interface 'loopback'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option device 'lo'

config globals 'globals'
	option ula_prefix 'fdb0:9547:3c19::/48'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option device 'br-lan'

config interface 'wan'
	option proto 'dhcp'
	option ipv6 '0'
	option device 'eth2'

config interface 'guest_turris'
	option enabled '1'
	option proto 'static'
	option ipaddr '10.111.222.1'
	option netmask '255.255.255.0'
	option ip6assign '64'
	option device 'br-guest-turris'

config interface 'wan6'
	option proto 'none'
	option device '@wan'

config device 'br_lan'
	option name 'br-lan'
	option bridge_empty '1'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	option type 'bridge'

config device 'br_guest_turris'
	option bridge_empty '1'
	option type 'bridge'
	option name 'br-guest-turris'

config interface 'wg0'
	option proto 'wireguard'
	option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	list addresses '10.0.10.0/24'
	option listen_port '1194'

config wireguard_wg0
	option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option route_allowed_ips '1'
	list allowed_ips '10.0.10.1/32'
	option persistent_keepalive '25'
	option description 'kkkkkk'

config wireguard_wg0
	option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option route_allowed_ips '1'
	list allowed_ips '10.0.10.2/32'
	option persistent_keepalive '25'
	option description 'OnePlus'

config wireguard_wg0
	option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option route_allowed_ips '1'
	list allowed_ips '10.0.10.3/32'
	option persistent_keepalive '25'
	option description 'VN7-592G'

config wireguard_wg0
	option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option route_allowed_ips '1'
	list allowed_ips '10.0.10.4/32'
	option persistent_keepalive '25'
	option description 'Nexus7_3G'

config interface 'site_a'
	option proto 'wireguard'
	option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option listen_port '51820'
	list addresses '10.10.10.1/32'

config wireguard_site_a
	option public_key 'Yxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	option description 'site_b'
	option persistent_keepalive '25'
	option endpoint_port '51820'
	option route_allowed_ips '1'
	option endpoint_host 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
	list allowed_ips '10.10.10.2/24'
	list allowed_ips '192.168.2.0/24'

FIREWALL


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option sentinel_dynfw '1'
	option sentinel_fwlogs '1'
	option haas_proxy '1'
	option sentinel_minipot '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone 'guest_turris'
	option enabled '1'
	option input 'REJECT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option name 'tr_guest'
	list network 'guest_turris'

config forwarding 'guest_turris_forward_wan'
	option enabled '1'
	option name 'guest to wan forward'
	option dest 'wan'
	option src 'tr_guest'

config rule 'guest_turris_dns_rule'
	option name 'guest dns rule'
	option proto 'tcpudp'
	option dest_port '53'
	option target 'ACCEPT'
	option src 'tr_guest'

config rule 'guest_turris_dhcp_rule'
	option name 'guest dhcp rule'
	option proto 'udp'
	option src_port '67-68'
	option dest_port '67-68'
	option target 'ACCEPT'
	option src 'tr_guest'

config rule 'guest_turris_Allow_DHCPv6'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '546-547'
	option dest_ip 'fe80::/10'
	option dest_port '546-547'
	option family 'ipv6'
	option target 'ACCEPT'
	option src 'tr_guest'

config rule 'guest_turris_Allow_MLD'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	option family 'ipv6'
	option target 'ACCEPT'
	option src 'tr_guest'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'

config rule 'guest_turris_Allow_ICMPv6_Input'
	option proto 'icmp'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'
	option src 'tr_guest'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'

config rule 'wan_ssh_turris_rule'
	option name 'wan_ssh_turris_rule'
	option enabled '0'
	option target 'ACCEPT'
	option dest_port '22'
	option proto 'tcp'
	option src 'wan'

config rule 'wan_http_turris_rule'
	option name 'wan_http_turris_rule'
	option enabled '0'
	option target 'ACCEPT'
	option dest_port '80'
	option proto 'tcp'
	option src 'wan'

config rule 'wan_https_turris_rule'
	option name 'wan_https_turris_rule'
	option enabled '0'
	option target 'ACCEPT'
	option dest_port '443'
	option proto 'tcp'
	option src 'wan'

config zone
	option name 'wg'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'

config forwarding
	option src 'wg'
	option dest 'wan'

config forwarding
	option src 'wan'
	option dest 'wg'

config forwarding
	option src 'lan'
	option dest 'wg'

config forwarding
	option src 'wg'
	option dest 'lan'

config rule
	option name 'Allow-Wireguard-Inbound'
	option target 'ACCEPT'
	option src '*'
	option proto 'udp'
	option dest_port '1194'

config zone
	option name 'wg'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	list network 'wg0'

config forwarding
	option src 'wg'
	option dest 'wan'

config forwarding
	option src 'wg'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'wg'

config forwarding
	option src 'wan'
	option dest 'wg'

config redirect
	list proto 'udp'
	option name 'wg'
	option src 'wan'
	option target 'DNAT'
	option dest 'VPN'
	option dest_ip '10.10.10.1/32'
	option dest_port '51820'
	option src_dport '51820'

config zone
	option name 'VPN'
	option input 'ACCEPT'
	option forward 'REJECT'
	list network 'site_a'
	option output 'ACCEPT'

config forwarding
	option dest 'VPN'
	option src 'lan'

config forwarding
	option dest 'wan'
	option src 'VPN'

config include 'bcp38'
	option type 'script'
	option path '/usr/lib/bcp38/run.sh'

config include 'sentinel_firewall'
	option type 'script'
	option path '/usr/libexec/sentinel/firewall.sh'

Ping, traceroute or nslookup commands in Luci > Diagnostics are without any errors.

Is there something else to check?

Dear @miska,

when will eg. reforis 3.2.0 com to HBL - TOS 8?

Thx,
Vienna

After TOS 9 comes to HBL.