Turris OS 7.1.3 is out now!

Dear Turris users,

we just released Turris OS 7.1.3! It is a fix-up release, so you can expect it within three days. There are some small changes to reForis interface, but mainly it is about dynamic firewall and its integration into nftables. There were some conditions where it wouldn’t start properly. But we also extended the integration to allow you to add ip addresses to a whitelist to never get blocked by Dynamic firewall. You can do so by adding the section similar to the following one into /etc/config/sentinel:

config dynfw 'dynfw'
        option enabled '1'
        list whitelist '217.31.192.84'
        list whitelist '2001:1488:ac15:ff80::/64'

As always, if you encounter any issues, please let us know.

My Omnia running as an AP got it already so far so good. Main Omnia router scheduled for 48h more to wait.

TO 2016, HBS branch, 2 GB, 2x WiFi, HaaS, RIPE Atlas, Sentinel, lxc, SSD (logs etc), simple config, all seems OK.

The following happened on my Turris 1.x router. Is it okay?
2:20am
Updates
• reForis: Update to version 3.2.1
New Features
• dynfw: Add option to whitelist IP addresses
Bug Fixes
• updater-fixes: Automatically change manually installed iptables based packages to nftables based variant

3:30am
Updates
• reForis: Update to version 3.2.0
Bug Fixes
• miniupnpd: Fix dependencies on firewall
• uboot-tools: More robust handling of U-Boot during update
• user-notify: Adjust notification to to make them less likely to end up in spam

3:30am
Změny provedené updaterem v 2025-01-08T02:29:31+00:00
• Balíček resolver-conf byl ponížen z verze 0.0.5-50 na verzi 0.0.5-49
• Přeinstalován balíček base-files z verze 1517-7.1.3-r20343+130-4e1d1b7df0 na verzi 1517-7.1.2-r20343+130-4e1d1b7df0
• Balíček fix-updater-v65.0-alternatives-update byl ponížen z verze 1-64 na verzi 1-63
• Balíček turris-version byl ponížen z verze 7.1.3 na verzi 7.1.2
• Nainstalován balíček libip6tc verze 1.8.7-7
• Nainstalován balíček libip4tc verze 1.8.7-7
• Nainstalován balíček xtables-legacy verze 1.8.7-7
• Nainstalován balíček iptables-zz-legacy verze 1.8.7-7
• Přeinstalován balíček reforis z verze 3.2.1-3.10-1 na verzi 3.2.0-3.10-1
• Nainstalován balíček kmod-nf-ipt6 verze 5.15.148-1-10c74a3fc1b7f960ec7b51f92267b9ed
• Nainstalován balíček kmod-ip6tables verze 5.15.148-1-10c74a3fc1b7f960ec7b51f92267b9ed
• Nainstalován balíček ip6tables-zz-legacy verze 1.8.7-7
• Balíček sentinel-firewall-nftables byl ponížen z verze 0.1.5-34 na verzi 0.1.4-32
• Balíček sentinel-dynfw-cert byl ponížen z verze 0.1.5-34 na verzi 0.1.4-32
• Balíček libdynfw byl ponížen z verze 1.3.1-1 na verzi 1.3.0-10
• Balíček sentinel-dynfw-c-client-nftables byl ponížen z verze 1.3.1-1 na verzi 1.3.0-10
• Přeinstalován balíček reforis-l10n-cs z verze 3.2.1-3.10-1 na verzi 3.2.0-3.10-1
• Přeinstalován balíček reforis-l10n-de z verze 3.2.1-3.10-1 na verzi 3.2.0-3.10-1
• Odstraněn balíček iptables-nft verze 1.8.7-7
• Odstraněn balíček fix-iptables-to-nftables-packages verze 1-64

So my second Omnia running as Router got an update it deleted nicely iptables-zz-legacy and kept iptables-nft I no longer get warnings that legacy iptables detected in mwan3 service. I guess the script fix-iptables-to-nftables-packages did that. Thanks

I think the update broke some things. I think I lost natpmpc and libnatpmp as well as some port forwards. Is this normal? If not I should raise a issue on gitlab, right?
Thanks for reading my noob questions

For Omnia and Turris 1.1 all good.

finally retried updating my Omnia to TOS7. (upgrade to 7.0 had to be rollbacked because it totally broke my router funtionality)

Upgrade to TOS 7.1.3 seems to be a lot smoother. Except it broke the whole TOS WebUI. That is reforis, luci, pakon. From the log :

ERROR:Failed operations:
turris-bootstrap-theme/postinst: Traceback (most recent call last):
  File "/usr/bin/turris-auth-server", line 5, in <module>
    from turris_auth.server.__main__ import main
  File "/usr/lib/python3.10/site-packages/turris_auth/server/__init__.py", line 3, in <module>
  File "/usr/lib/python3.10/site-packages/turris_auth/server/wsgi.py", line 12, in <module>
ModuleNotFoundError: No module named 'flup'
2025-01-22 15:00:58: (../src/configfile.c.2515) command "turris-auth-server --lighttpd-config --luci-login" exited non-zero: 1
2025-01-22 15:00:58: (../src/configfile.c.2244) source: /etc/lighttpd/conf.d/50-turris-auth.conf line: 2 pos: 0 parser failed somehow near here: (EOL)
2025-01-22 15:00:58: (../src/configfile.c.2244) source: /etc/lighttpd/lighttpd.conf line: 39 pos: 0 parser failed somehow near here: (EOL)
lighttpd.conf validation failed

turris-webapps/postinst: Traceback (most recent call last):
  File "/usr/bin/turris-auth-server", line 5, in <module>
    from turris_auth.server.__main__ import main
  File "/usr/lib/python3.10/site-packages/turris_auth/server/__init__.py", line 3, in <module>
  File "/usr/lib/python3.10/site-packages/turris_auth/server/wsgi.py", line 12, in <module>
ModuleNotFoundError: No module named 'flup'
2025-01-22 15:01:09: (../src/configfile.c.2515) command "turris-auth-server --lighttpd-config --luci-login" exited non-zero: 1
2025-01-22 15:01:09: (../src/configfile.c.2244) source: /etc/lighttpd/conf.d/50-turris-auth.conf line: 2 pos: 0 parser failed somehow near here: (EOL)
2025-01-22 15:01:09: (../src/configfile.c.2244) source: /etc/lighttpd/lighttpd.conf line: 39 pos: 0 parser failed somehow near here: (EOL)
lighttpd.conf validation failed

turris-auth/postinst: Traceback (most recent call last):
  File "/usr/bin/turris-auth-server", line 5, in <module>
    from turris_auth.server.__main__ import main
  File "/usr/lib/python3.10/site-packages/turris_auth/server/__init__.py", line 3, in <module>
  File "/usr/lib/python3.10/site-packages/turris_auth/server/wsgi.py", line 12, in <module>
ModuleNotFoundError: No module named 'flup'
2025-01-22 15:01:00: (../src/configfile.c.2515) command "turris-auth-server --lighttpd-config --luci-login" exited non-zero: 1
2025-01-22 15:01:00: (../src/configfile.c.2244) source: /etc/lighttpd/conf.d/50-turris-auth.conf line: 2 pos: 0 parser failed somehow near here: (EOL)
2025-01-22 15:01:00: (../src/configfile.c.2244) source: /etc/lighttpd/lighttpd.conf line: 39 pos: 0 parser failed somehow near here: (EOL)
lighttpd.conf validation failed

sentinel-firewall-nftables/postinst: Unable to parse nftables JSON output: Failed to parse JSON string: unexpected end of data
The rendered ruleset contains errors, not doing firewall restart.
The fw4 firewall does not appear to be loaded.

turris-snapshots-web/postinst: Traceback (most recent call last):
  File "/usr/bin/turris-auth-server", line 5, in <module>
    from turris_auth.server.__main__ import main
  File "/usr/lib/python3.10/site-packages/turris_auth/server/__init__.py", line 3, in <module>
  File "/usr/lib/python3.10/site-packages/turris_auth/server/wsgi.py", line 12, in <module>
ModuleNotFoundError: No module named 'flup'
2025-01-22 15:01:15: (../src/configfile.c.2515) command "turris-auth-server --lighttpd-config --luci-login" exited non-zero: 1
2025-01-22 15:01:15: (../src/configfile.c.2244) source: /etc/lighttpd/conf.d/50-turris-auth.conf line: 2 pos: 0 parser failed somehow near here: (EOL)
2025-01-22 15:01:15: (../src/configfile.c.2244) source: /etc/lighttpd/lighttpd.conf line: 39 pos: 0 parser failed somehow near here: (EOL)
lighttpd.conf validation failed

turris-diagnostics-web/postinst: Traceback (most recent call last):
  File "/usr/bin/turris-auth-server", line 5, in <module>
    from turris_auth.server.__main__ import main
  File "/usr/lib/python3.10/site-packages/turris_auth/server/__init__.py", line 3, in <module>
  File "/usr/lib/python3.10/site-packages/turris_auth/server/wsgi.py", line 12, in <module>
ModuleNotFoundError: No module named 'flup'
2025-01-22 15:01:18: (../src/configfile.c.2515) command "turris-auth-server --lighttpd-config --luci-login" exited non-zero: 1
2025-01-22 15:01:18: (../src/configfile.c.2244) source: /etc/lighttpd/conf.d/50-turris-auth.conf line: 2 pos: 0 parser failed somehow near here: (EOL)
2025-01-22 15:01:18: (../src/configfile.c.2244) source: /etc/lighttpd/lighttpd.conf line: 39 pos: 0 parser failed somehow near here: (EOL)
lighttpd.conf validation failed

reforis-l10n-de/postinst: Traceback (most recent call last):
  File "/usr/bin/turris-auth-server", line 5, in <module>
    from turris_auth.server.__main__ import main
  File "/usr/lib/python3.10/site-packages/turris_auth/server/__init__.py", line 3, in <module>
  File "/usr/lib/python3.10/site-packages/turris_auth/server/wsgi.py", line 12, in <module>
ModuleNotFoundError: No module named 'flup'
2025-01-22 15:02:36: (../src/configfile.c.2515) command "turris-auth-server --lighttpd-config --luci-login" exited non-zero: 1
2025-01-22 15:02:36: (../src/configfile.c.2244) source: /etc/lighttpd/conf.d/50-turris-auth.conf line: 2 pos: 0 parser failed somehow near here: (EOL)
2025-01-22 15:02:36: (../src/configfile.c.2244) source: /etc/lighttpd/lighttpd.conf line: 39 pos: 0 parser failed somehow near here: (EOL)
lighttpd.conf validation failed


WARN:Restart your device to apply all changes.

Managed to fix the WebUI. Apparently the upgrade forgot to install the package python3-flup. but why? In any case if someone else has that problem, fix it with ssh-ing into omnia and run:

opkg update
opkg install python3-flup
opkg install --force-reinstall turris-bootstrap-theme turris-webapps turris-auth turris-snapshots-web turris-diagnostics-web reforis-l10n-de

Looking at the output of pkgupdate, there also seems to be something wrong with sentinel-firewall-nftables:

sentinel-firewall-nftables/postinst: Unable to parse nftables JSON output: Failed to parse JSON string: unexpected end of data
The rendered ruleset contains errors, not doing firewall restart.
The fw4 firewall does not appear to be loaded.

Hi,

does this

config dynfw 'dynfw'
        option enabled '1'
        list whitelist '217.31.192.84'

also apply to “Experimental Client”?

Thx,
Vienna

This topic was automatically closed after 20 days. New replies are no longer allowed.