miska
December 6, 2024, 2:19pm
1
Dear Turris users,
we just released Turris OS 7.1.2 into hbt
. We fixed an issue in nor-update
that could break your setup and we also added proper dependencies to miniupnpd
so it should now install the correct variant of the daemon. It also contains new version of reForis that polishes the UI even more.
Full release notes are as follows:
Updates
reForis: Update to version 3.2.0
Bug Fixes
miniupnpd: Fix dependencies on firewall
uboot-tools: More robust handling of U-Boot during update
user-notify: Adjust notification to to make them less likely to end up in spam
Should be pretty small fixup release and if everything goes well, we will release it on Monday.
2 Likes
viktor
December 6, 2024, 2:22pm
3
When will be the U-Boot update for Omnia stable?
1 Like
Its open source compile your own with just the version number bumped up if its what you care about or submit issue if there is something to be fixed
jada4p
December 6, 2024, 2:52pm
5
MOX classic, HBK branch, .5 GB, 2x WiFi, simple config. All seems OK.
And what about this problem? Solved?
So…
Omnia from Indiegogo. No internet for any of devices on the network, but connection test in reForis is fully OK, including test in DNS section.
Update went on 26 november according to snapshots page (no notifications about that in reForis) and today 29. november, no internet. I have tried to change DNS provider and turn on/off DNSSEC, but nothing helped. Only rollback to 7.03 helped.
Very strange. Please fix it.
Well you didnt provide any info what is wrong besides “No internet please fix”.
After update can you login to the router and if “there is Internet there” or is it just on the clients. Try pinging IP address intead of DNS name from the router and client. To kind of scope down what might be wrong. Also your default gateway. Provide info what kind of connection do you have.
2 Likes
d0s1s
December 6, 2024, 8:42pm
8
Turris Omnia 2020 HBT All seems O.K.
I did get the MCU upgrade notification again.
Thanks
Well I am not the only one with this problem after 7.1 update. I tried various ways to solve this but without any success.
I wrote in next posts in that thread, that Omnia thinks everything is ok, including speedmeter, but devices on LAN or WiFi get no internet.
Quoting you:
So you basically tried not much. Try the things I proposed. I am almost certain that “there is internet” on you router after update just not on the clients for some unknown reason. Debug log from updater might be helpful. Might shade a light what went wrong in your case.
2 Likes
peci1
December 6, 2024, 9:56pm
11
Hmm, paging in librespeed results, nice =)
peci1
December 6, 2024, 10:20pm
12
7.1.1→ 7.1.2 RC1 update okay. No noticeable cable/wifi/internet interruption. Restart was not needed.
Turris Omnia 2017, 1 GB RAM, dead eMMC, system running from mSATA SSD, original wifi cards, UBoot 2022.10. Storage plugin enabled, LXC containers, tor relay, USB HDD shared over samba4 and minidlna, Syncthing, SQM, Hardwario gateway + MQTT IoT bridge, OpenVPN, PPtP VPN, Strongswan IKEv2 VPN, morce.
I did not get the MCU upgrade notification this time…
I have tried enough to get to know, that problem was in that update. Few others ended up with rollback as me.
I have even try to compare backup files 7.0.3 and 7.1.0 (such as network, dhcp, etc), but have found nothing.
vcunat
December 7, 2024, 8:30pm
14
AFAIK those were mainly people with broken Unbound on Turris 1.x. That doesn’t sound related really. (and it should work now)
1 Like
I have just tried (hbs) and it is still broken. Again have to revert back to 7.0.3. I can try it tomorrow and check something if you guide me what to search for.
Librespeed OK, connection test OK, but no internet for devices.
peci1
December 7, 2024, 10:43pm
16
1 Like
No, this setting is the same as on 7.0.3 = 6,192.168.1.1
7.1.0 backup files (pretty same as on 7.0.3):
DHCP
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option port '0'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,192.168.1.1'
option force '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest_turris'
option interface 'guest_turris'
option ignore '0'
option start '100'
option limit '150'
option leasetime '3600'
option dhcpv6 'server'
option ra 'server'
list dhcp_option '6,10.111.222.1'
config host
option dns '1'
option ip '192.168.1.3'
list mac 'xxxxxxxxxx'
option name 'LXC-jdownloader'
config host
option mac 'xxxxxxxxxxxx'
option name 'Turris-2'
option dns '1'
option ip '192.168.1.2'
NETWORK
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fdb0:9547:3c19::/48'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option device 'br-lan'
config interface 'wan'
option proto 'dhcp'
option ipv6 '0'
option device 'eth2'
config interface 'guest_turris'
option enabled '1'
option proto 'static'
option ipaddr '10.111.222.1'
option netmask '255.255.255.0'
option ip6assign '64'
option device 'br-guest-turris'
config interface 'wan6'
option proto 'none'
option device '@wan'
config device 'br_lan'
option name 'br-lan'
option bridge_empty '1'
list ports 'lan0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option type 'bridge'
config device 'br_guest_turris'
option bridge_empty '1'
option type 'bridge'
option name 'br-guest-turris'
config interface 'wg0'
option proto 'wireguard'
option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
list addresses '10.0.10.0/24'
option listen_port '1194'
config wireguard_wg0
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option route_allowed_ips '1'
list allowed_ips '10.0.10.1/32'
option persistent_keepalive '25'
option description 'kkkkkk'
config wireguard_wg0
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option route_allowed_ips '1'
list allowed_ips '10.0.10.2/32'
option persistent_keepalive '25'
option description 'OnePlus'
config wireguard_wg0
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option route_allowed_ips '1'
list allowed_ips '10.0.10.3/32'
option persistent_keepalive '25'
option description 'VN7-592G'
config wireguard_wg0
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option route_allowed_ips '1'
list allowed_ips '10.0.10.4/32'
option persistent_keepalive '25'
option description 'Nexus7_3G'
config interface 'site_a'
option proto 'wireguard'
option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option listen_port '51820'
list addresses '10.10.10.1/32'
config wireguard_site_a
option public_key 'Yxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option description 'site_b'
option persistent_keepalive '25'
option endpoint_port '51820'
option route_allowed_ips '1'
option endpoint_host 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '10.10.10.2/24'
list allowed_ips '192.168.2.0/24'
FIREWALL
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option sentinel_dynfw '1'
option sentinel_fwlogs '1'
option haas_proxy '1'
option sentinel_minipot '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone 'guest_turris'
option enabled '1'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
option name 'tr_guest'
list network 'guest_turris'
config forwarding 'guest_turris_forward_wan'
option enabled '1'
option name 'guest to wan forward'
option dest 'wan'
option src 'tr_guest'
config rule 'guest_turris_dns_rule'
option name 'guest dns rule'
option proto 'tcpudp'
option dest_port '53'
option target 'ACCEPT'
option src 'tr_guest'
config rule 'guest_turris_dhcp_rule'
option name 'guest dhcp rule'
option proto 'udp'
option src_port '67-68'
option dest_port '67-68'
option target 'ACCEPT'
option src 'tr_guest'
config rule 'guest_turris_Allow_DHCPv6'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '546-547'
option dest_ip 'fe80::/10'
option dest_port '546-547'
option family 'ipv6'
option target 'ACCEPT'
option src 'tr_guest'
config rule 'guest_turris_Allow_MLD'
option proto 'icmp'
option src_ip 'fe80::/10'
option family 'ipv6'
option target 'ACCEPT'
option src 'tr_guest'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
config rule 'guest_turris_Allow_ICMPv6_Input'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option src 'tr_guest'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
config rule 'wan_ssh_turris_rule'
option name 'wan_ssh_turris_rule'
option enabled '0'
option target 'ACCEPT'
option dest_port '22'
option proto 'tcp'
option src 'wan'
config rule 'wan_http_turris_rule'
option name 'wan_http_turris_rule'
option enabled '0'
option target 'ACCEPT'
option dest_port '80'
option proto 'tcp'
option src 'wan'
config rule 'wan_https_turris_rule'
option name 'wan_https_turris_rule'
option enabled '0'
option target 'ACCEPT'
option dest_port '443'
option proto 'tcp'
option src 'wan'
config zone
option name 'wg'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
config forwarding
option src 'wg'
option dest 'wan'
config forwarding
option src 'wan'
option dest 'wg'
config forwarding
option src 'lan'
option dest 'wg'
config forwarding
option src 'wg'
option dest 'lan'
config rule
option name 'Allow-Wireguard-Inbound'
option target 'ACCEPT'
option src '*'
option proto 'udp'
option dest_port '1194'
config zone
option name 'wg'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
list network 'wg0'
config forwarding
option src 'wg'
option dest 'wan'
config forwarding
option src 'wg'
option dest 'lan'
config forwarding
option src 'lan'
option dest 'wg'
config forwarding
option src 'wan'
option dest 'wg'
config redirect
list proto 'udp'
option name 'wg'
option src 'wan'
option target 'DNAT'
option dest 'VPN'
option dest_ip '10.10.10.1/32'
option dest_port '51820'
option src_dport '51820'
config zone
option name 'VPN'
option input 'ACCEPT'
option forward 'REJECT'
list network 'site_a'
option output 'ACCEPT'
config forwarding
option dest 'VPN'
option src 'lan'
config forwarding
option dest 'wan'
option src 'VPN'
config include 'bcp38'
option type 'script'
option path '/usr/lib/bcp38/run.sh'
config include 'sentinel_firewall'
option type 'script'
option path '/usr/libexec/sentinel/firewall.sh'
Ping, traceroute or nslookup commands in Luci > Diagnostics are without any errors.
Is there something else to check?
Vienna
December 8, 2024, 7:20am
18
Dear @miska ,
when will eg. reforis 3.2.0 com to HBL - TOS 8?
Thx,
Vienna
viktor
December 8, 2024, 10:56pm
19
After TOS 9 comes to HBL.