Hi
After upgrade all non-default packages were gone (config was still there)
This was a security problem because I was connected to internet without WG.
I did a reinstall of all packages and everything was working.
Did I do something wrong?
Hi
After upgrade all non-default packages were gone (config was still there)
This was a security problem because I was connected to internet without WG.
I did a reinstall of all packages and everything was working.
Did I do something wrong?
No. User installed packages don't get carried across upgrades. You either need to create your own custom build (either through the full build process or the imagebuilder) or reinstall the packages after upgrade.
What you recommend for the next upgrade to not reveal my "real" ip?
My seed box was running during upgrade. How you do that?
can I just copy paste that?
Or I need to modify names for my setup?
What is this doing exactly?
uci -q delete firewall.vpn
uci set firewall.vpn="zone"
uci set firewall.vpn.name="vpn"
uci set firewall.vpn.input="REJECT"
uci set firewall.vpn.output="ACCEPT"
uci set firewall.vpn.forward="REJECT"
uci set firewall.vpn.masq="1"
uci set firewall.vpn.mtu_fix="1"
uci -q delete firewall.lan_vpn
uci set firewall.lan_vpn="forwarding"
uci set firewall.lan_vpn.src="lan"
uci set firewall.lan_vpn.dest="vpn"
uci del_list firewall.wan.network="wg0"
uci add_list firewall.vpn.network="wg0"
uci set firewall.lan_wan.enabled="0"
uci commit firewall
/etc/init.d/firewall restart
thanks @vgaetera
According to your screenshot, manually removing the LAN to WAN forwarding should be enough.
The code relies on the WireGuard client how-to, so it may not apply properly to your custom setup.
Thanks, but I can't do that. Because my AppleTV runs ***** Netflix which can't be routed over WG.
I use " VPN and WAN Policy-Based Routing" for AppleTV.
Remove the LAN to WAN forwarding, but add a custom rule allowing specific IP address to forward to the WAN zone.
consider using imagebuilder for your next upgrades (same openwrt realase) so you can include all your additional packages and configs.
I removed the LAN to WAN forwarding and added a static IP address to AppleTV. But I don't understand how to do a custom rule. I think this the job of VPN and WAN Policy-Based Routing? At the moment netflix not working.
You can copy-paste the following:
uci -q delete firewall.appletv_fwd
uci set firewall.appletv_fwd="rule"
uci set firewall.appletv_fwd.name="Forward-AppleTV"
uci set firewall.appletv_fwd.src="lan"
uci set firewall.appletv_fwd.src_ip="192.168.1.5"
uci set firewall.appletv_fwd.dest="wan"
uci set firewall.appletv_fwd.proto="all"
uci set firewall.appletv_fwd.target="ACCEPT"
uci commit firewall
/etc/init.d/firewall restart
Make sure to reconnect/restart the device to obtain a new lease.
No, PBR is responsible for directions/priorities, but not permissions/filtering.
You are real hero. It's working, but only after reboot (I lost internet).
Can I now uninstall PBR? I not need it. Only thing I did with it to forward appletv to Non_WG
Better not, otherwise you will have to manually manage the routing rules.
This is what I put in my rc.local so that on upgrade (of my repeater) my extra packages are reinstalled and services I don't need are turned off...
check_pkg_installed() {
opkg status $1 | grep installed > /dev/null
}
install_if_not_installed() {
for pkg in $@; do
check_pkg_installed $pkg
[ $? -ne 0 ] && opkg install $pkg
done
}
install_after_upgrade() {
local PACKAGES="luci-ssl luci-proto-relay htop iperf3 wireless-tools"
local INSTALLED=/etc/config/auto_installed_on_upgrade
if [ ! -f $INSTALLED ]; then
#Wait for connection
sleep 30
opkg update
install_if_not_installed $PACKAGES
[ $? -eq 0 ] && echo $PACKAGES > $INSTALLED
#Don't need odhcp and dnsmasq which are enabled by default
/etc/init.d/dnsmasq stop
/etc/init.d/dnsmasq disable
/etc/init.d/odhcpd stop
/etc/init.d/odhcpd disable
#Restart http server now that we have ssl so we can login
/etc/init.d/uhttpd restart
fi
}
Has worked well for me upgrading from 19.07.2 to 19.07.3 and from 19.07.3 to 19.07.4
You just need to manually list your non default packages in local PACKAGES=
and adapt/remove the services actions
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.