Turris OS 7.2 is out!

Dear Turris users,

we just released Turris OS 7.2 into hbs. The main new feature of this release is port forwarding now available in reForis. This is the last feature release in 7.x branch, the next big release will be Turris OS 9.0. We know that the port forwarding is still a little rough around the edges, we will improve on top of that, but not at the moment. Full release notes are as follows:

New Features
• reforis: Port forwarding integrated into WebUI
• reforis: Add link to the documentation
• diagnostics: Add mwan3, watchcat and nftables information to help debugging LTE/5G
• serial-sound: New package to play sounds over the serial

Updates
• 5g-kit: More robust and simpler setup
• common-passwords: Update to the latest list of the passwords
• python-twisted: update to version 24.7.0 (fixes CVE-2024-41671 and CVE-2024-41810)
• reforis: updated translations and dependencies

As always, if you encounter any issues, don’t hesitate to let us know. This release will fully rollout within seven days.

One of my Omnias just updated. It went okish:

[...]
INFO:Running postinst of base-files
setting up led wan
setting up led pci1
setting up led pci2
setting up led pci3
+ uci set 'updater.turris=turris'
+ uci set 'updater.turris.mode=branch'
+ uci set 'updater.turris.branch=hbs'
+ sed -i 's|https://repo\.turris\.cz/.*/\([^/]*\)/packages/|https://repo\.turris\.cz/hbs/\1/packages/|' /etc/opkg/distfeeds.conf
+ uci commit updater.turris
+ set +x
uci: Parse error (invalid command) at line 29, byte 1
INFO:Running postinst of turris-auth
[...]

Probabbly some syntax error somewhere in the scripts. When I am back home I will try to find offending line.

TO 2016, HBS branch, 2 GB, SSD 256 GB (logs etc.), 2x WiFi, HaaS, RIPE Atlas, Sentinel, lxc (test), simple config, all seems OK except as described below:

During update, there were again a lot of error messages “SSL:openssl library version is outdated and has reached end-of-life.”

Checking Turris Omnia status after update to version 7.2.0 (HBS) I noticed that in reForis overview there is “Threat Detection” Disabled (which was not so when I opened reForis last time). Clicking on frame heading displayed “License Agreement”; after checking of consent and saving changes nothing changed “Threat Detection” remained Disabled!

Thus I rebooted TO hoping things will go better. Unfortunately this was not the case.

On reForis overview page there is still “Threat Detection” Disabled.

On reForis Overview there are on Sentinel state window all parts marked as running.

On License Agreement page the Terms of Participation is “Accepted”.

Where could be problem? What went wrong?

If needed, I can send diagnosis (saved now).

Late edit: Isn’t it by a chance somehow connected with my trouble regarding HaaS/Sentinel: What happened to HaaS?

I got notifications from two of my routers by now.

One with usual Update notification, asking for my approval to apply the pending updates.

Another one is sending me error messages:

Error notifications
===================
Updater execution failed:
INFO:Target Turris OS: 7.2.0
line not found
ERROR:
inconsistent: Requested package reforis-data-collection-plugin that is not available.
line not found
line not found
line not found
line not found

I have the same issue with threat detection disabled.

I have the same issue:

 Requested package reforis-data-collection-plugin that is not available.

It’s listed in /etc/updater/conf.d/opkg-auto.lua so I guess it was installed as a dependency.

I have some forwarding rules set, such as

config redirect
	option name 'vpn2'
	option target 'DNAT'
	list proto 'udp'
	option src 'wan'
	option src_ip '78.80.16.0/20'
	option src_dport '12345'
	option dest 'lan'
	option dest_ip '192.168.1.3'

I can see them correctly listed on http://192.168.1.1/reforis/network-settings/port-forwarding
But when I click three dots > Edit, I get

Oops! Something went wrong:
TypeError: port is undefined

and then I can click anything in the menu, the error page will not disappear, until I press F5. Yes I don’t specify dest_port because it is not required when port is not changed. Please make it work with such scenario too.

Transmission daemon doesn’t work.

root@turris:~# logread -fe transmission
Jun  6 13:33:55 turris transmission: Starting with 1031744000 virt mem
Jun  6 13:33:55 turris transmission-daemon[8130]: jail: failed to load libpreload-seccomp.so
Jun  6 13:33:55 turris transmission-daemon[8130]: [2025-06-06 13:33:55.517] utils.cc:125: Couldn't read '/mnt/sda3/data/.transmission-daemon/settings.json': Permission denied (13)
Jun  6 13:33:55 turris transmission-daemon[8130]: [2025-06-06 13:33:55.517] ERR transmission-daemon Error loading config file -- exiting. (daemon/daemon.cc:914)
Jun  6 13:33:55 turris procd: Instance transmission::instance1 s in a crash loop 7 crashes, 0 seconds since last crash
^C

I’ve been discussing this problem with mr. Žák in ticket #1614408 and he worte that the fix will be in TOS 7.2. Maybe you forgot to add his fix to TOS 7.2?!

Hi, i just noticed that my devices had updated to 7.2.0. In the reforis start screen i see now Thread Detection: Disabled, this certainly was enabled before the last change. I have 3 of these devices and they all show the same issue. Is this something known or am i missing something here?

thanks…

Matthias

I just saw new possibility to get notifications from Omnia via ntfy.sh. but I guess you guys ignore the fact that ntfy.sh might use authentication to post.

Tried with ?auth=token and I get Unknown API Error. curl -X POST -d test URL?auth=token works and I use it for other services.

Ok I know what’s the problem. I think: Debug console of the browser says:

400 - Bad Request
Error:

Remote Exception: Incorrect input. {'module': 'router_notifications', 'kind': 'request', 'action': 'create', 'data': {'msg': 'If you see this message, your notification settings seem to be correct. Have a nice day! 😊', 'severity': 'test', 'immediate': True}}
Extra:

{"module": "router_notifications", "action": "create", "kind": "request", "data": {"msg": "If you see this message, your notification settings seem to be correct. Have a nice day! \ud83d\ude0a", "severity": "test", "immediate": true}}
Trace:

Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/foris_controller/message_router.py", line 91, in process_message File "/usr/lib/python3.10/site-packages/foris_controller/message_router.py", line 40, in wrapper File "/usr/lib/python3.10/site-packages/foris_controller/message_router.py", line 76, in validate File "/usr/lib/python3.10/site-packages/foris_schema/validator.py", line 282, in validate File "/usr/lib/python3.10/site-packages/jsonschema/validators.py", line 314, in validate jsonschema.exceptions.ValidationError: 'test' is not one of ['news', 'restart', 'error', 'update'] Failed validating 'enum' in schema['properties']['data']['properties']['severity']: {'enum': ['news', 'restart', 'error', 'update']} On instance['data']['severity']: 'test' 

So seems like you made an enum missing test

So its here if it’s the script used src/scripts/notifier · master · Turris / User notifications · GitLab
But I guess reforis controller is missing it somewhere in the possible enum’s. validator…cannot find it on gitlab

EDIT:
So I guess the problem only appears when doing a test from reforis and should work normally when some other notification is triggered…EDIT2: Yup confirmed it works besides test notification even with ?auth=token

I found this problem already in hbd.
The error is the permissions in the file /etc/init.d/transmission.
Jail only has access to the download folder

Sentinel Overview is fine, About shows different information

image936×300 18.8 KB

image1089×217 13.5 KB

Hi , my reForis is broken, I can login but going to packages gives an error.
How can I update the OS to 7.2.0 via command line interface?

Simply run command
pkgupdate
from command line

same here…and the sentinel data & view works, but the data there is already almost zero.
Since basically november 2024. Same with HaaS. Basically stopped working after TOS 7.

image1630×604 30.6 KB

I can help you with this one and fix this in upstream, if you will give me more details or you might want to send pull request to the OpenWrt packages repository. There might be indeed missing syscalls, you can check it by using /etc/init.d/transmission trace and as adding new syscalls does not require something to compile, you can add it basically on your own. Also, I thought that someone already suggested to try disable jail here. Maybe not. That’s a pity. Nothing more what I can do here about it.

My Omnia router has been running faultlessly for many years. But after it autoupdated to 7.2.0 I was not able to connect to the network at all (‘Network is unreachable’), so had to rollback to 7.1.4 which works fine. (My Omnia router is from March 2017 if that may explain why I’m having this problem).
I have tried updating 3-4 times more via re-Foris, and also ssh-ing into the router and running pkgupdate, but with the same result each time (losing network connection).
So for the time being I have had to disable autoupdating, and stick with 7.1.4.

Updated to 7.2.0 . IG Omnia - No Issues. Multiple VLAN Setup. Did restart as well. No issues anywhere. Threath detection is disabled but I have too expensive public IP adresses that I dont use it anyway.

Hi, thanks for the help.
however pkgupdate fails to update:

INFO:Queue upgrade of reforis-diagnostics-plugin/turrispackages/3.2.1-3.10-1[3.2.0-3.10-1]
INFO:Queue removal of reforis-data-collection-plugin
Press return to continue, CTRL+C to abort

INFO:Downloading packages
line not found
line not found
line not found
DIE:
[string “utils”]:175: [string “utils”]:169: mkdir ‘/usr/share/updater/download/’ failed: Read-only file system
Aborted

could anyone give me a hint please? thanks

I’m affraid it could be more difficult.

First of all - which OS version are you updating from? If you skipped some previous versions, updating couldn’t be able to run succesfully.

Best way would be to ask support for help, I’m affraid.