Can't reach attended sysupgrade server from luci, diadnostic ping, or browser

Mpilon · December 7, 2024, 4:42am

Trying to reach sysupgrade.openwrt.org, to do attended upgrade via luci and simple ping.

Ping from my router shows total packet loss:

PING sysupgrade.openwrt.org (45.140.183.87): 56 data bytes

--- sysupgrade.openwrt.org ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

ASU from the router simply hangs w/o any error msg.

Trying to reach the configured server address (https://sysupgrade.openwrt.org) with chrome on an android tablet pauses for a bit and shows:

This site can’t be reached
https://sysupgrade.openwrt.org/ is unreachable.
ERR_ADDRESS_UNREACHABLE

The ipaddr for the server is resolved to: 45.140.183.87

My browser's attempted connection is forced to http:// rather than the https:// specified.

Is the server down? Does the configured server in luci need to be changed? Is this fallout from the update vulnerability we were notified of today?

otnert · December 7, 2024, 5:33am

see this

hnyman · December 7, 2024, 6:40am

It is possibly still down due to the security concerns. The build cache caused risks:

https://lists.openwrt.org/pipermail/openwrt-devel/2024-December/043494.html

KrypteX · December 9, 2024, 2:32pm

Any updates on the sysupgrade server? It's still down and @aparcar won't confirm that there's an issue The OpenWrt Firmware Selector - #1125 by KrypteX

aparcar · December 9, 2024, 3:08pm

@KrypteX please try to write proper problem descriptions, it does help developers to investigate. Ideally you also refrain from triple posting the same issue at different place to lower the noise.

I can confirm that SNAPSHOT builds are right now stuck due to package manger issues. I suspect something is wrong with the ImageBuidler cache (unrelated to firmware build cache aka CVE). I'm checking right now.

KrypteX · December 9, 2024, 3:22pm

@aparcar OK, thanks. Hope you figure it out.

Mpilon · December 9, 2024, 5:24pm

It's ok now. It would be appreciated if significant events - upgrade server going down, package/utility name changes (opkg!) ...

... would be announced in a sticky under the announcements section here.
Could save this kind of confusion and arseing around.

KrypteX · December 9, 2024, 6:21pm

No, it's not. If you request a new custom SNAPSHOT build from Firmware Selector, it remains stuck at 3rd step "Validate manifest".
If you don't add a custom, unique script (e.g. a comment), you'll get back a cached response from days ago. The issue is not fixed.

Mpilon · December 9, 2024, 9:34pm

Like i said, it would be nice to have real, definitive status updates.

efahl · December 9, 2024, 11:41pm

There's something strange going on with IPv6 on the ASU server or its CDN or somewhere. This causes some requests to it from any client to fail, so if you are lucky enough to hit it via IPv4 for all requests, then it works, but sometimes it doesn't. I've been getting about 50% failure rate doing auc against it, and more like 80% for owut (because owut makes more requests for information).

Paul has made some changes in an attempt to fix it (or at least figure what the hell is going on), but there's a gremlin somewhere that may bite you.

$ auc -c -B 24.10.0-rc1 -b 24.10
auc/0.3.2-1
Server:    https://sysupgrade.openwrt.org
Running:   23.05.5 r24106-10cc5fcd00 on ath79/generic (tplink,archer-c7-v4)
Connection error: Connection failed

$ nslookup  sysupgrade.openwrt.org
Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:
sysupgrade.openwrt.org  canonical name = asu-02.infra.openwrt.org
Name:   asu-02.infra.openwrt.org
Address: 45.140.183.87

Non-authoritative answer:
sysupgrade.openwrt.org  canonical name = asu-02.infra.openwrt.org
Name:   asu-02.infra.openwrt.org
Address: 2001:678:6e1:1001:be24:11ff:fe23:4c6d

$ ping -c4 45.140.183.87
PING 45.140.183.87 (45.140.183.87): 56 data bytes
64 bytes from 45.140.183.87: seq=0 ttl=47 time=218.803 ms
64 bytes from 45.140.183.87: seq=1 ttl=47 time=164.665 ms
64 bytes from 45.140.183.87: seq=2 ttl=47 time=164.457 ms
64 bytes from 45.140.183.87: seq=3 ttl=47 time=163.537 ms

--- 45.140.183.87 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 163.537/177.865/218.803 ms

$ ping -c4 2001:678:6e1:1001:be24:11ff:fe23:4c6d
PING 2001:678:6e1:1001:be24:11ff:fe23:4c6d (2001:678:6e1:1001:be24:11ff:fe23:4c6d): 56 data bytes

--- 2001:678:6e1:1001:be24:11ff:fe23:4c6d ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

KrypteX · December 10, 2024, 6:53am

Seems to be working now. For how long, that's another question...

system · December 20, 2024, 6:54am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.