Unreachable: https://repo.turris.cz/omnia/lists/base.lua


#21

root@turris:~# pkgupdate
line not found
line not found
line not found
ERROR:
unreachable: https:// repo.turris.cz/omnia/lists/base.lua: Operation timed out after 30000 milliseconds with 0 out of 0 bytes received

root@turris:~# vi /etc/hosts
root@turris:~# cat /etc/hosts
127.0.0.1 localhost
217.31.192.69 repo.turris.cz

root@turris:~# pkgupdate
WARN:Requested package foris-pakon-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package luci-i18n-ddns-en that is missing, ignoring as requested.

i think that proves my theory. But i’d rather not have a fixed hosts entry for repo.turris.cz

i hope support can fix this, because i dont know how to solve this problem correctly.


#22

same error rspoerri. how do I update the router?


#24

That’s not a solution. First, you should suggest enable/disable forwarding to see if it works to avoid any ISP issues, but it will really help us if they can send us diagnostics to see if there’s anything wrong.


#25

Do you mean enable/disable DNS forwarding? maybe. Then I would try other DNS servers.


#26

Yeah, I think it is an IPv6 routing issue. And lack of happy eyeballs.

root@turris:~# ping6 repo.turris.cz
PING repo.turris.cz (2001:1488:ac15:ff80::69): 56 data bytes
^C
--- repo.turris.cz ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
root@turris:~# ping repo.turris.cz
PING repo.turris.cz (217.31.192.69): 56 data bytes
64 bytes from 217.31.192.69: seq=0 ttl=51 time=174.450 ms
64 bytes from 217.31.192.69: seq=1 ttl=51 time=174.426 ms
64 bytes from 217.31.192.69: seq=2 ttl=51 time=174.328 ms
^C
--- repo.turris.cz ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 174.328/174.401/174.450 ms
root@turris:~# wget https://repo.turris.cz/omnia/lists/base.lua
--2019-04-01 09:07:51-- https://repo.turris.cz/omnia/lists/base.lua
Resolving repo.turris.cz... 2001:1488:ac15:ff80::69, 217.31.192.69
Connecting to repo.turris.cz|2001:1488:ac15:ff80::69|:443... failed: Operation timed out.
Connecting to repo.turris.cz|217.31.192.69|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9237 (9.0K)
Saving to: 'base.lua'

base.lua 100%[===================>] 9.02K --.-KB/s in 0s

2019-04-01 09:09:59 (106 MB/s) - 'base.lua' saved [9237/9237]

root@turris:~# rm base.lua
root@turris:~# traceroute6 repo.turris.cz
traceroute to repo.turris.cz (2001:1488:ac15:ff80::69), 30 hops max, 64 byte packets
1 2001:506:6000:11b:71:156:212:142 (2001:506:6000:11b:71:156:212:142) 1.095 ms 2.965 ms 5.391 ms
2 2001:506:6000:11b:69:235:122:82 (2001:506:6000:11b:69:235:122:82) 0.988 ms 0.901 ms 0.828 ms
3 sffca401igs.ipv6.att.net (2001:1890:ff:ffff:12:122:114:5) 3.214 ms 5.401 ms 5.725 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
root@turris:~#


#27

Fenevadkan was doing some helpful troubleshooting yesterday but fell off the radar. FYI I changed DNS forwarding to Google in FORIS and my DNS connection test went through. Via SSH I can ping the server, see my above post.


#28

Oh, this is interesting. My computer can access repo.turris.cz, and even traceroute through the router works.

2 2001:506:6000:11b:71:156:212:142 3.964 ms 2.157 ms 6.325 ms
3 2001:506:6000:11b:69:235:122:82 5.920 ms 9.085 ms 13.480 ms
4 * * *
5 2001:1890:1fff:41e:192:205:32:222 4.818 ms 29.928 ms 4.546 ms
6 nyk-bb3-v6.telia.net 185.798 ms
nyk-bb4-v6.telia.net 178.710 ms 178.680 ms
7 ldn-bb4-v6.telia.net 177.412 ms
ldn-bb3-v6.telia.net 176.848 msldn-bb4-v6.telia.net 179.884 ms
8 hbg-bb1-v6.telia.net 178.157 ms 179.152 ms 229.939 ms
9 prag-bb1-v6.telia.net 174.097 ms
win-bb2-v6.telia.net 183.860 msprag-bb1-v6.telia.net 174.832 ms
10 prag-b3-v6.telia.net 183.476 ms 178.244 ms 180.312 ms
11 cznic-ic-335938-prag-b3.c.telia.net 160.390 ms 164.550 ms 165.213 ms
12 gw-s-01-dnsgw.nic.cz 163.793 ms 165.105 ms 163.312 ms
13 *^C

But it still fails on the router running 3.11.2.

Other IPv6 hosts work, e.g.,

root@turris:~# ping6 www.google.com
PING www.google.com (2607:f8b0:4005:808::2004): 56 data bytes
64 bytes from 2607:f8b0:4005:808::2004: seq=0 ttl=56 time=3.305 ms
64 bytes from 2607:f8b0:4005:808::2004: seq=1 ttl=56 time=3.277 ms
64 bytes from 2607:f8b0:4005:808::2004: seq=2 ttl=56 time=3.194 ms
^C
--- www.google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3.194/3.258/3.305 ms
root@turris:~#

So I think I’ll just try rspoerri’s solution and hope it’s fixed soon.


#29

Ah-hah. I have determined the root cause, in my situation. It’s that AT&T sucks, and there’s nothing the CZ.NIC people can do about it except implement Happy Eyeballs. When I use the -I option to use one of the delegated prefixes for ping6, then my router successfully reaches repo.turris.cz.

They’re apparently doing source address filtering for whatever reason, so the routers can’t access Europe. Most people don’t notice because they’re using ISP-supplied routers that only access American services. AT&T made it very difficult to use this third-party router on this Internet connection, so I think this is not a supported configuration.


#30

I’d ask the ISP. So far I can’t see why the breakage should be intentional. It might just have been undetected (most of affected people don’t know how to triage these). I’ve seen some (unintentional) IPv6 routing issues recently.

When I try traceroute to your address, it seems to die here in Europe already:

10  2a01:5e0::3:41 (2a01:5e0::3:41)  7.413 ms !N * *

and it’s completely stuck when I try it from yet another Czech ISP, but AFAIK these might be completely independent to the route between you and cz.nic.


#31

Still not finding a solution for this issue…can the folks from Turris fix this or can someone post a guide on how to fix this with a modification to the hosts file?


#32

Hey Brian,

I think you didn’t see my post. This issue is most probably on the ISP side, which you are experiencing. On the forum together with support, there are 3 people, which has this issue and I don’t think this is something on our side.

May I know, if you try to enable or disable DNS Forwarding in DNS tab when you’re logged in to administration interface Foris? Did you try to change DNS servers (maybe the ones, which supports DNS over TLS) to some preferred once, which are listed in Foris? If you do and it still doesn’t work, I suggest you to send us diagnostics following our Error reporting article in our documentation to get at least some basic details, which can help us and if it still doesn’t work, we have also article for Debugging DNS problems and it can give us a further view, what’s happening and why.

Anyway, the forum is not meant to be for bug reporting.


#33

Pepe,

Thank you for addressing. I have toggeled DNS Forwarding from OFF to On (Google) (no solution) and then onto Cloudfare which finally seems to have fixed the issue.


#34

So the ISP is likely intercepting DNS packets not directed at them when only encryption helps? Well, if these at least returned answers that are correct and work fine…


#35

it seems to be resolved for me. updating works again.


#36

I have two omnia routers with diferents connections but the same ISP from Spain

Both of them
cat /etc/turris-version
3.11.2

Two weeks ago, more or less, both of them continuosly messages with error update.
Updater selhal:

unreachable: https://repo.turris.cz/omnia/lists/base.lua: Operation timed out after 30000 milliseconds with 0 out of 0 bytes received

I check all combinations dns forwarding or without forwarding but no solution

What can I do?


#37

I had exactly the same problem as you and adding the record to /etc/hosts resolved the issue for me as well. Were you able to figure out the root cause?


#38

The root cause seems to be some provider inbetween you and turris making an error or change how ipv6 is routed.
After some time it worked again for me without any modifications.


#39

switch off ipv6 temporarily worked for me.


#40

Why do I have this problem with Turris address only and only from the router?


#41

I am looking for permanent non-workaround solution.