I am at a bit of a loss with the lack of connectivity of my OW distro on this device. I flashed a new image and changed a single line in /etc/config/network
to reflect an available IP on my subnet (10.9.8.21 in this case). I have eth0 connected and I can ping that address.
When I restart the network, I can ping that device. I cannot connect via ssh nor via http (luci is installed and uhttp is running).
If I boot to a live Linux USB, I can ssh into that just fine so something in my OW build must be causing the issue but what?
Hi
sorry, but your post is confusing
maybe you could paste here
cat /etc/config/network
and tell us on which interface is this ssh/http device
and from what interface you try to ssh/http ?
ACEMAGICIAN T8 Plus owner, reporting in. (Mine arrived yesterday, and never even got booted into Windows before I slammed OpenWRT onto it.)
LAN is eth0, which is the furthest socket from the power cable.
WAN is eth1, and is the closest socket to the power cable.
As it's a Proper Computer, stick a keyboard and monitor onto it and take photographs of the monitor, if you can't use SSH or HTTP to grab screenshots.
In addition to /etc/config/network
, what's in /etc/config/dropbear
?
1 Like
If I switch to using an official snapshot image, everything works as expected. I can only conclude that the image I built myself is missing something.
Can anyone see something obvious from my diffconfig?
CONFIG_TARGET_x86=y
CONFIG_TARGET_x86_64=y
CONFIG_TARGET_x86_64_DEVICE_generic=y
CONFIG_DEVEL=y
CONFIG_BUSYBOX_CUSTOM=y
CONFIG_BUSYBOX_CONFIG_FEATURE_GETOPT_LONG=y
CONFIG_BUSYBOX_CONFIG_FEATURE_SEAMLESS_XZ=y
CONFIG_BUSYBOX_CONFIG_FEATURE_SORT_BIG=y
CONFIG_BUSYBOX_CONFIG_FEATURE_TAR_LONG_OPTIONS=y
CONFIG_BUSYBOX_CONFIG_GETOPT=y
CONFIG_BUSYBOX_CONFIG_MOUNTPOINT=y
CONFIG_BUSYBOX_CONFIG_UNXZ=y
CONFIG_BUSYBOX_CONFIG_XZ=y
CONFIG_GNUTLS_ALPN=y
CONFIG_GNUTLS_ANON=y
CONFIG_GNUTLS_DTLS_SRTP=y
CONFIG_GNUTLS_HEARTBEAT=y
CONFIG_GNUTLS_OCSP=y
CONFIG_GNUTLS_PSK=y
CONFIG_GRUB_TIMEOUT="1"
CONFIG_HTOP_LMSENSORS=y
CONFIG_KERNEL_PERF_EVENTS=y
CONFIG_LXC_BUSYBOX_OPTIONS=y
CONFIG_LXC_KERNEL_OPTIONS=y
CONFIG_LXC_NETWORKING=y
CONFIG_LXC_SECCOMP=y
CONFIG_OPENSSL_ENGINE=y
CONFIG_OPENSSL_OPTIMIZE_SPEED=y
CONFIG_OPENSSL_WITH_ASM=y
CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y
CONFIG_OPENSSL_WITH_CMS=y
CONFIG_OPENSSL_WITH_DEPRECATED=y
CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y
CONFIG_OPENSSL_WITH_IDEA=y
CONFIG_OPENSSL_WITH_MDC2=y
CONFIG_OPENSSL_WITH_PSK=y
CONFIG_OPENSSL_WITH_SEED=y
CONFIG_OPENSSL_WITH_SRP=y
CONFIG_OPENSSL_WITH_TLS13=y
CONFIG_OPENSSL_WITH_WHIRLPOOL=y
CONFIG_PACKAGE_attr=y
CONFIG_PACKAGE_avahi-dbus-daemon=y
CONFIG_PACKAGE_avahi-utils=y
CONFIG_PACKAGE_block-mount=y
CONFIG_PACKAGE_cgi-io=y
CONFIG_PACKAGE_coreutils=y
CONFIG_PACKAGE_coreutils-numfmt=y
CONFIG_PACKAGE_dbus=y
CONFIG_PACKAGE_flock=y
CONFIG_PACKAGE_getopt=y
CONFIG_PACKAGE_htop=y
CONFIG_PACKAGE_iperf3=y
CONFIG_PACKAGE_iptables-mod-ipopt=y
CONFIG_PACKAGE_iptables-nft=y
CONFIG_PACKAGE_kmod-crypto-kpp=y
CONFIG_PACKAGE_kmod-crypto-lib-chacha20=y
CONFIG_PACKAGE_kmod-crypto-lib-chacha20poly1305=y
CONFIG_PACKAGE_kmod-crypto-lib-curve25519=y
CONFIG_PACKAGE_kmod-crypto-lib-poly1305=y
CONFIG_PACKAGE_kmod-fs-ext4=y
CONFIG_PACKAGE_kmod-ifb=y
CONFIG_PACKAGE_kmod-ikconfig=y
CONFIG_PACKAGE_kmod-ipt-core=y
CONFIG_PACKAGE_kmod-ipt-ipopt=y
CONFIG_PACKAGE_kmod-lib-crc16=y
CONFIG_PACKAGE_kmod-macvlan=y
CONFIG_PACKAGE_kmod-nf-conntrack-netlink=y
CONFIG_PACKAGE_kmod-nf-ipt=y
CONFIG_PACKAGE_kmod-nft-compat=y
CONFIG_PACKAGE_kmod-nvme=y
CONFIG_PACKAGE_kmod-sched-cake=y
CONFIG_PACKAGE_kmod-sched-core=y
CONFIG_PACKAGE_kmod-scsi-core=y
CONFIG_PACKAGE_kmod-udptunnel4=y
CONFIG_PACKAGE_kmod-udptunnel6=y
CONFIG_PACKAGE_kmod-usb-core=y
CONFIG_PACKAGE_kmod-usb-storage=y
CONFIG_PACKAGE_kmod-usb-xhci-hcd=y
CONFIG_PACKAGE_kmod-usb3=y
CONFIG_PACKAGE_kmod-veth=y
CONFIG_PACKAGE_kmod-wireguard=y
CONFIG_PACKAGE_libatomic=y
CONFIG_PACKAGE_libattr=y
CONFIG_PACKAGE_libavahi-client=y
CONFIG_PACKAGE_libavahi-dbus-support=y
CONFIG_PACKAGE_libcap=y
CONFIG_PACKAGE_libdaemon=y
CONFIG_PACKAGE_libdaq3=y
CONFIG_PACKAGE_libdbus=y
CONFIG_PACKAGE_libdnet=y
CONFIG_PACKAGE_libevdev=y
CONFIG_PACKAGE_libexpat=y
CONFIG_PACKAGE_libgdbm=y
CONFIG_PACKAGE_libgmp=y
CONFIG_PACKAGE_libgnutls=y
CONFIG_PACKAGE_libhwloc=y
CONFIG_PACKAGE_libiperf3=y
CONFIG_PACKAGE_libiptext=y
CONFIG_PACKAGE_libiptext-nft=y
CONFIG_PACKAGE_libiptext6=y
CONFIG_PACKAGE_libiwinfo=y
CONFIG_PACKAGE_libiwinfo-data=y
CONFIG_PACKAGE_libkmod=y
CONFIG_PACKAGE_liblua=y
CONFIG_PACKAGE_liblucihttp=y
CONFIG_PACKAGE_liblucihttp-lua=y
CONFIG_PACKAGE_liblucihttp-ucode=y
CONFIG_PACKAGE_liblxc=y
CONFIG_PACKAGE_libmount=y
CONFIG_PACKAGE_libncurses=y
CONFIG_PACKAGE_libnetfilter-queue=y
CONFIG_PACKAGE_libnettle=y
CONFIG_PACKAGE_libnfnetlink=y
CONFIG_PACKAGE_libopenssl=y
CONFIG_PACKAGE_libpcap=y
CONFIG_PACKAGE_libpci=y
CONFIG_PACKAGE_libpciaccess=y
CONFIG_PACKAGE_libpcre=y
CONFIG_PACKAGE_libpopt=y
CONFIG_PACKAGE_libreadline=y
CONFIG_PACKAGE_libseccomp=y
CONFIG_PACKAGE_libsensors=y
CONFIG_PACKAGE_libstdcpp=y
CONFIG_PACKAGE_libsysfs=y
CONFIG_PACKAGE_libtasn1=y
CONFIG_PACKAGE_libtirpc=y
CONFIG_PACKAGE_libubus-lua=y
CONFIG_PACKAGE_libudev-zero=y
CONFIG_PACKAGE_liburing=y
CONFIG_PACKAGE_libusb-1.0=y
CONFIG_PACKAGE_libxtables=y
CONFIG_PACKAGE_lm-sensors=y
CONFIG_PACKAGE_lm-sensors-detect=y
CONFIG_PACKAGE_lscpu=y
CONFIG_PACKAGE_lua=y
CONFIG_PACKAGE_luajit=y
CONFIG_PACKAGE_luci=y
CONFIG_PACKAGE_luci-app-firewall=y
CONFIG_PACKAGE_luci-app-lxc=y
CONFIG_PACKAGE_luci-app-nlbwmon=y
CONFIG_PACKAGE_luci-app-opkg=y
CONFIG_PACKAGE_luci-app-samba4=y
CONFIG_PACKAGE_luci-app-sqm=y
CONFIG_PACKAGE_luci-base=y
CONFIG_PACKAGE_luci-compat=y
CONFIG_PACKAGE_luci-lib-base=y
CONFIG_PACKAGE_luci-lib-ip=y
CONFIG_PACKAGE_luci-lib-jsonc=y
CONFIG_PACKAGE_luci-lib-nixio=y
CONFIG_PACKAGE_luci-light=y
CONFIG_PACKAGE_luci-lua-runtime=y
CONFIG_PACKAGE_luci-mod-admin-full=y
CONFIG_PACKAGE_luci-mod-network=y
CONFIG_PACKAGE_luci-mod-status=y
CONFIG_PACKAGE_luci-mod-system=y
CONFIG_PACKAGE_luci-proto-ipv6=y
CONFIG_PACKAGE_luci-proto-ppp=y
CONFIG_PACKAGE_luci-proto-wireguard=y
CONFIG_PACKAGE_luci-theme-bootstrap=y
CONFIG_PACKAGE_lxc=y
CONFIG_PACKAGE_lxc-attach=y
CONFIG_PACKAGE_lxc-auto=y
CONFIG_PACKAGE_lxc-autostart=y
CONFIG_PACKAGE_lxc-cgroup=y
CONFIG_PACKAGE_lxc-common=y
CONFIG_PACKAGE_lxc-config=y
CONFIG_PACKAGE_lxc-configs=y
CONFIG_PACKAGE_lxc-console=y
CONFIG_PACKAGE_lxc-copy=y
CONFIG_PACKAGE_lxc-create=y
CONFIG_PACKAGE_lxc-destroy=y
CONFIG_PACKAGE_lxc-device=y
CONFIG_PACKAGE_lxc-execute=y
CONFIG_PACKAGE_lxc-freeze=y
CONFIG_PACKAGE_lxc-hooks=y
CONFIG_PACKAGE_lxc-info=y
CONFIG_PACKAGE_lxc-init=y
CONFIG_PACKAGE_lxc-ls=y
CONFIG_PACKAGE_lxc-snapshot=y
CONFIG_PACKAGE_lxc-start=y
CONFIG_PACKAGE_lxc-stop=y
CONFIG_PACKAGE_lxc-templates=y
CONFIG_PACKAGE_lxc-top=y
CONFIG_PACKAGE_mount-utils=y
CONFIG_PACKAGE_ncdu=y
CONFIG_PACKAGE_nlbwmon=y
CONFIG_PACKAGE_pciids=y
CONFIG_PACKAGE_pciutils=y
CONFIG_PACKAGE_perl=y
CONFIG_PACKAGE_perlbase-base=y
CONFIG_PACKAGE_perlbase-bytes=y
CONFIG_PACKAGE_perlbase-class=y
CONFIG_PACKAGE_perlbase-config=y
CONFIG_PACKAGE_perlbase-cwd=y
CONFIG_PACKAGE_perlbase-errno=y
CONFIG_PACKAGE_perlbase-essential=y
CONFIG_PACKAGE_perlbase-fcntl=y
CONFIG_PACKAGE_perlbase-file=y
CONFIG_PACKAGE_perlbase-filehandle=y
CONFIG_PACKAGE_perlbase-i18n=y
CONFIG_PACKAGE_perlbase-integer=y
CONFIG_PACKAGE_perlbase-io=y
CONFIG_PACKAGE_perlbase-list=y
CONFIG_PACKAGE_perlbase-locale=y
CONFIG_PACKAGE_perlbase-params=y
CONFIG_PACKAGE_perlbase-posix=y
CONFIG_PACKAGE_perlbase-re=y
CONFIG_PACKAGE_perlbase-scalar=y
CONFIG_PACKAGE_perlbase-selectsaver=y
CONFIG_PACKAGE_perlbase-socket=y
CONFIG_PACKAGE_perlbase-symbol=y
CONFIG_PACKAGE_perlbase-tie=y
CONFIG_PACKAGE_perlbase-unicore=y
CONFIG_PACKAGE_perlbase-utf8=y
CONFIG_PACKAGE_perlbase-xsloader=y
CONFIG_PACKAGE_rpcd=y
CONFIG_PACKAGE_rpcd-mod-file=y
CONFIG_PACKAGE_rpcd-mod-iwinfo=y
CONFIG_PACKAGE_rpcd-mod-luci=y
CONFIG_PACKAGE_rpcd-mod-lxc=y
CONFIG_PACKAGE_rpcd-mod-rpcsys=y
CONFIG_PACKAGE_rpcd-mod-rrdns=y
CONFIG_PACKAGE_rpcd-mod-ucode=y
CONFIG_PACKAGE_rsync=y
CONFIG_PACKAGE_rsyncd=y
CONFIG_PACKAGE_samba4-libs=y
CONFIG_PACKAGE_samba4-server=y
CONFIG_PACKAGE_snort3=y
CONFIG_PACKAGE_sqm-scripts=y
CONFIG_PACKAGE_sysfsutils=y
CONFIG_PACKAGE_tc-tiny=y
CONFIG_PACKAGE_tcpdump=y
CONFIG_PACKAGE_terminfo=y
CONFIG_PACKAGE_tree=y
CONFIG_PACKAGE_ucode-mod-html=y
CONFIG_PACKAGE_ucode-mod-lua=y
CONFIG_PACKAGE_ucode-mod-math=y
CONFIG_PACKAGE_uhttpd=y
CONFIG_PACKAGE_uhttpd-mod-ubus=y
CONFIG_PACKAGE_usbutils=y
CONFIG_PACKAGE_vim-fuller=y
CONFIG_PACKAGE_wireguard-tools=y
CONFIG_PACKAGE_wsdd2=y
CONFIG_PACKAGE_xtables-nft=y
CONFIG_PACKAGE_zlib=y
CONFIG_PACKAGE_zsh=y
CONFIG_PCRE_JIT_ENABLED=y
CONFIG_PERL_NOCOMMENT=y
CONFIG_PERL_THREADS=y
CONFIG_SAMBA4_SERVER_AVAHI=y
CONFIG_SAMBA4_SERVER_NETBIOS=y
CONFIG_SAMBA4_SERVER_VFS=y
CONFIG_SAMBA4_SERVER_WSDD2=y
CONFIG_TARGET_EXT4_JOURNAL=y
CONFIG_TARGET_EXT4_RESERVED_PCT=1
CONFIG_TARGET_KERNEL_PARTSIZE=32
CONFIG_TARGET_OPTIONS=y
CONFIG_TARGET_ROOTFS_PARTSIZE=512
# CONFIG_TARGET_ROOTFS_SQUASHFS is not set
darksky:
the image I built myself
Ah hah!
May I recommend the stock 22.03.5 image, so you get an opportunity to learn what does and doesn't work, before venturing out into the wilds of image building?
Edit: Sorry - amnesiac reporting in. I've just remembered that you asked me to grab the output from gcc earlier, to determine the architecture.
Feel free to mess about with image building to your heart's content! I'll go and stand in the corner now.
My own stupidity aside, I can see that you've got the uhttpd package, but I can't see any package with "ssh" or "dropbear" in it.
In fairness, I've not experimented with image-rolling, so I don't know the exact name for the SSH package.
Dropbear is listening for incoming ssh connections.
Dropbear is listening, but you can't connect?
Hmm.
Alright, I'm baffled. That's curious indeed.
Something about my image is breaking things... if I ping a device from the T8plus' console, only 1 ping go out with tons of packet loss. If I flash the official snapshot, everything works as expected. Has to be something I am not compiling into my image.
I would assume (dangerous, I know) that there exists, somewhere, a list of every package which is in the stable release. If so, then it may be possible to compare the stable release's package list with your own to identify the deltas.
I generated a list from opkg list-installed
under my build and under the official snapshot. I am not missing anything, so bizarre.
mybuild.txt
official_snapshot.txt
Even on the official snapshot, I cannot do DNS.
# ping www.google.com
ping: bad address 'www.google.com'
Here is /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1d:692b:58dc::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '10.9.8.21'
option netmask '255.255.255.0'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
Any thoughts are welcomed
EDIT: jeeze ... if I switch the lan interface over to dhcp, it magically works... why??
config interface 'lan'
option device 'br-lan'
# option proto 'static'
# option ipaddr '10.9.8.21'
# option netmask '255.255.255.0'
option proto 'dhcp'
What IP address does the LAN pick up via DHCP?
Currently just testing this behind my firewall/router as if it was a standard PC. I intend to move this to replace that firewall/router but only after I am satisfied that it works.
It is picking 10.9.8.215
.215 is in the same subnet (/24) as .21. So .21 ought to work... but your experience suggests that it doesn't.
Off the wall question here, but is there any chance another device might also have .21? Might there be a conflict going on?
No, it does have one in use... I tried several.
Maybe I am thinking about this all wrong. Perhaps I should be testing this in a double NAT? Connect the ethernet to eth1 (which it is expecting to be WAN) and setup a forward port for ssh to the thing.
My advice would be: not yet.
Test and prove the simple configuration first - direct connectivity - before you add complexity.
Then, once you've sorted out direct connectivity, introduce additional byzantine concepts as double NAT.
Well, if I do connect the ethernet cable to eth1 (wan) and if I add this firewall forward, I can get this working as expected using my built image (not running the official snapshot any more):
config redirect
option target DNAT
option src wan
option dest lan
option proto tcp
option src_dport 2222
option dest_ip 10.9.8.216
option dest_port 22
option enabled 1
I can ssh in now and use luci.
% ssh -p 2222 root@10.9.8.216 -L 8000:localhost:80
This is another possible approach to achieve the same goal:
config rule
option name 'Allow SSH'
list proto 'tcp'
option src 'wan'
option dest_port '22'
option target 'ACCEPT'
config rule
option name 'Allow HTTP'
list proto 'tcp'
option src 'wan'
option dest_port '80'
option target 'ACCEPT'
And then, from a source on the WAN side:
ssh root@10.9.8.216
curl http://10.9.8.216/
That said, that second approach doesn't tunnel HTTP over SSH, but you get the drift.
DNAT has its place, but it might or might not be the best approach depending on your environment.