Hi,
I reinstalled TO (former: 3.x, now: 5.1.8; in both software versions serving as a dump AP) and now have weird behaviour regarding DNS/DHCP. Both are services are provided in my network via pihole for interfaces iot (VLAN-ID 20) and lan (VLAN-ID 10) and by my router for interface gast (VLAN-ID 50).
Before upgrading I had zero issues with the very same constellation now I got really severe problems:
- DHCP: I have several devices (Dell XPS13 with Intel WIFI 9260; Samsung Galaxy S8) that cannot reconnect easily or sometimes entirely refusing to when roaming from one WiFi to another. With the Laptop I do not get a clear error log, with the smartphone it hangs in receiving an IP-address.
- DNS: TO itself has severe issues resolving URLs, sometimes it doesnât work at all. I thought this might be an issue of release 5.1.8 (therefore I posted a snipped of it here), but it seems to be much more than this:
- first time after reboot I try to
ping google.com
, it takes several seconds until I receive slowly some kind of answer, the second time it is faster and only then it works seamlessly as expected -
pkgupdate
fails until I have runopkg update
at least once (or vice versa - if I ranpkgupdate
before runningopkg update
the first time after restarting the TO it worked without problems):
root@AP_EG1_OG:~# pkgupdate
line not found
line not found
line not found
ERROR:
runtime: [string "requests"]:417: [string "utils"]:420: Getting URI (https://repo.turris.cz/hbs/omnia/lists/base.lua) failed: Couldn't resolve host 'repo.turris.cz'
and after doing a opkg update
:
root@AP_EG1_OG:~# pkgupdate
INFO:Target Turris OS: 5.1.8
- I cannot reach my personal cloud, which is running inside a vm on my server (192.168.1.11) (which hosts 1 vm containing my openwrt router (192.168.1.1), 1 vm containing my pihole (192.168.1.12), 1 vm containing my nextcloud and jitsi appliances (cloud.mydomain.tld; 192.168.1.13)). In pihole I have a
/etc/hosts
file telling my network devices that cloud.mydomain.tld can be reached via 192.168.1.13. I can ping each IP directly, but when trying to ping cloud.mydomain.tld I get the following feedback:
root@AP_EG1_OG:~# ping cloud.mydomain.tld
ping: unknown host cloud.mydomain.tld
The complete network is just as before the TO upgrade, nothing changed and beforehand
My configuration is as follows:
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '<>'
config interface 'lan'
option ifname 'lan0 lan1 lan2 lan3 lan4.1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option delegate '0'
option _turris_mode 'managed'
option gateway '192.168.1.1'
option dns '192.168.1.12'
config interface 'iot'
option ifname 'lan4.2'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.2.2'
option netmask '255.255.255.0'
option delegate '0'
option gateway '192.168.2.1'
option dns '192.168.2.12'
config interface 'gast'
option ifname 'lan4.5'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.5.2'
option netmask '255.255.255.0'
option delegate '0'
option gateway '192.168.5.1'
option dns '192.168.5.1'
config interface 'wan'
option ifname 'eth2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth2'
option proto 'dhcpv6'
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disable_ipv6 '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option network 'lan'
config zone
option name 'iot'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'iot'
config zone
option name 'gast'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option network 'gast'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config forwarding
option src 'iot'
option dest 'wan'
config forwarding
option src 'gast'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option name 'Allow IoT DHCP request'
option src 'iot'
option proto 'udp'
option src_port '67-68'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'Allow IoT DNS Queries'
option src 'iot'
option proto 'tcpudp'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Allow Gast DHCP request'
option src 'gast'
option proto 'udp'
option src_port '67-68'
option dest_port '67-68'
option target 'ACCEPT'
config rule
option name 'Allow Gast DNS Queries'
option src 'gast'
option proto 'tcpudp'
option dest_port '53'
option target 'ACCEPT'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option port '0'
list rebind_domain 'mydomain.tld'
list rebind_domain 'cloud.mydomain.tld'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
config dhcp 'iot'
option interface 'lan'
option ignore '1'
config dhcp 'gast'
option interface 'lan'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
/etc/config/resolver
config resolver 'common'
list interface '0.0.0.0'
list interface '::0'
option port '53'
option keyfile '/etc/root.keys'
option verbose '0'
option edns_buffer_size '1232'
option msg_buffer_size '65552'
option msg_cache_size '20M'
option net_ipv6 '1'
option net_ipv4 '1'
option prefered_resolver 'kresd'
option prefetch 'yes'
option static_domains '1'
option dynamic_domains '0'
option forward_upstream '0'
option ignore_root_key '1'
config resolver 'kresd'
option rundir '/tmp/kresd'
option log_stderr '1'
option log_stdout '1'
option keep_cache '1'
config resolver 'unbound'
option outgoing_range '60'
option outgoing_num_tcp '1'
option incoming_num_tcp '1'
option msg_cache_slabs '1'
option num_queries_per_thread '30'
option rrset_cache_size '100K'
option rrset_cache_slabs '1'
option infra_cache_slabs '1'
option infra_cache_numhosts '200'
list access_control '0.0.0.0/0 allow'
list access_control '::0/0 allow'
option pidfile '/var/run/unbound.pid'
option root_hints '/etc/unbound/named.cache'
option target_fetch_policy '2 1 0 0 0'
option harden_short_bufsize 'yes'
option harden_large_queries 'yes'
option qname_minimisation 'yes'
option harden_below_nxdomain 'yes'
option key_cache_size '100k'
option key_cache_slabs '1'
option neg_cache_size '10k'
option prefetch_key 'yes'
config resolver 'unbound_remote_control'
option control_enable 'yes'
option control_use_cert 'no'
list control_interface '127.0.0.1'
/etc/config/wireless
#########################################
#mPCIe00:01.0 WLE900VX --> WiFi 2,4GHz First floor
config wifi-device 'radio0'
option type 'mac80211'
option macaddr '<>'
option hwmode '11g'
option require_mode 'g'
option channel '11'
option htmode 'HT40'
option txpower '17'
option country 'DE'
option legacy_rates '0'
option noscan '1'
option disabled '0'
config wifi-iface 'wifi2_OG_lan1'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'family-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0a'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
config wifi-iface 'wifi2_OG_iot'
option device 'radio0'
option network 'iot'
option mode 'ap'
option ssid 'friends/iot-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0b'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
config wifi-iface 'wifi2_OG_gast'
option device 'radio0'
option network 'gast'
option mode 'ap'
option ssid 'guest-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0c'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
#########################################
#mPCIe00:02.0 WLE1216v5-20 --> WiFi 5GHz ground floor
config wifi-device 'radio1'
option type 'mac80211'
option macaddr '<>'
option hwmode '11a'
option require_mode 'n'
option channel '48'
option htmode 'VHT160'
option txpower '16'
option country 'DE'
option disabled '0'
config wifi-iface 'wifi5_EG1_lan'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'family-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0a'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
config wifi-iface 'wifi5_EG1_iot'
option device 'radio1'
option network 'iot'
option mode 'ap'
option ssid 'friends/iot-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0b'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
config wifi-iface 'wifi5_EG1_gast'
option device 'radio1'
option network 'gast'
option mode 'ap'
option ssid 'guest-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0c'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
#########################################
#mPCIe00:03.0 WLE1216v5-20 --> WiFi 5GHz first floor
config wifi-device 'radio2'
option type 'mac80211'
option macaddr '<>'
option hwmode '11a'
option require_mode 'n'
option channel '153'
option htmode 'VHT80'
option txpower '13'
option country 'DE'
option disabled '0'
config wifi-iface 'wifi5_OG_lan'
option device 'radio2'
option network 'lan'
option mode 'ap'
option ssid 'family-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0a'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
config wifi-iface 'wifi5_OG_iot'
option device 'radio2'
option network 'iot'
option mode 'ap'
option ssid 'friends/iot-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0b'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
config wifi-iface 'wifi5_OG_gast'
option device 'radio2'
option network 'gast'
option mode 'ap'
option ssid 'guest-ssid'
option encryption 'psk2+ccmp'
option key '<>'
option macaddr '<>'
option ieee80211r '1'
option ft_over_ds '1'
option mobility_domain '0a0c'
option ft_psk_generate_local '1'
option wpa_disable_eapol_key_retries '1'
option wpa_group_rekey '86400'
option disabled '0'
The reinstallation should not have been the problem as I provided a *.md5-file along with the archive. Or do you think I need to do another reinstallation?
Can anyone help solving this nightmare? My wife is close to killing me - obviously the woman acceptance factor of âDAS WLAN FUNKTIONIERT JA SCHON WIEDER NICHT!â (in english: âWIFI IS AGAIN NOT WORKING!â) is below zero
Thanks,
ssdnvv