I'm not scared of a reboot.
Downtime and reconfiguration are.
There's no reconfig if you use OWUT or ASU.
As for downtime, it's as long as the reboot.
root@Defcon:~# owut upgrade -V 25.12.1 --force
owut - OpenWrt Upgrade Tool 2026.04.09~5d6760b5-r1 (/usr/bin/owut)
ASU-Server https://sysupgrade.openwrt.org
Upstream https://downloads.openwrt.org
Target mediatek/filogic
Profile glinet_gl-mt6000
Package-arch aarch64_cortex-a53
Root-FS-type squashfs
Sys-type sysupgrade
Version-from 25.12.2 r32802-f505120278 (kernel 6.12.74)
Version-to 25.12.1 r32768-b21cfa8f8c (kernel 6.12.74) DOWNGRADE
Build-commit https://git.openwrt.org/?p=openwrt/openwrt.git;a=shortlog;h=b21cfa8f8c
Build-FS-type squashfs
Build-at 2026-03-17T01:31:57Z (~33 days ago)
Image-prefix openwrt-25.12.1-mediatek-filogic-glinet_gl-mt6000
Image-URL https://downloads.openwrt.org/releases/25.12.1/targets/mediatek/filogic
Image-file openwrt-25.12.1-mediatek-filogic-glinet_gl-mt6000-squashfs-sysupgrade.bin
Installed 314 packages
Top-level 89 packages
Default 38 packages
User-installed 58 packages (top-level only)
Package version changes:
base-files 1699~f505120278 1696~b21cfa8f8c (downgrade)
kmod-mt76-connac 6.12.74.2026.03.19~39c960c3-r2 6.12.74.2026.03.05~9f95baf9-r2 (downgrade)
kmod-mt76-core 6.12.74.2026.03.19~39c960c3-r2 6.12.74.2026.03.05~9f95baf9-r2 (downgrade)
kmod-mt7915e 6.12.74.2026.03.19~39c960c3-r2 6.12.74.2026.03.05~9f95baf9-r2 (downgrade)
kmod-mt7986-firmware 6.12.74.2026.03.19~39c960c3-r2 6.12.74.2026.03.05~9f95baf9-r2 (downgrade)
luci 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-app-attendedsysupgrade 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-app-ddns 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-app-firewall 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-app-openvpn 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-app-package-manager 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-app-samba4 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-app-sqm 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-base 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-compat 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-lib-base 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-lib-ip 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-lib-jsonc 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-lib-nixio 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-lib-uqr 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-light 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-lua-runtime 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-mod-admin-full 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-mod-network 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-mod-status 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-mod-system 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-proto-ipv6 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-proto-ppp 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-proto-wireguard 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-ssl 26.101.22673~0c81d2d 26.107.30178~5109d24
luci-theme-bootstrap 26.101.22673~0c81d2d 26.107.30178~5109d24
5 packages were downgraded
31 packages are out-of-date
Default package analysis:
Default Provided-by
dnsmasq dnsmasq-full
nftables nftables-json
There are currently package build failures for 25.12.1 aarch64_cortex-a53:
Feed: packages
5 unshown
Feed: telephony
1 unshown
Feed: video
10 unshown
16 package build failures don't affect this device, details at
https://downloads.openwrt.org/releases/faillogs-25.12/aarch64_cortex-a53/
Request:
Version 25.12.1 r32768-b21cfa8f8c (kernel 6.12.74)
Request hash:
8c0c2bb6215b65d33c5994286b8caa697c00e7374fe920134269016b99237962
--
Status: queued - 0 ahead of you
Progress: 0s total = 0s in queue + 0s in build
--
Status: init
Progress: 1s total = 0s in queue + 1s in build
--
Status: validate_manifest
Progress: 18s total = 0s in queue + 18s in build
--
Status: Error: Impossible package selection
Progress: 21s total = 0s in queue + 21s in build
Build failed in 21s total = 0s in queue + 21s to build:
ASU server stderr =
Generate local signing keys...
WARNING: can't open config file: /builder/shared-workdir/build/staging_dir/host/etc/ssl/openssl.cnf
WARNING: can't open config file: /builder/shared-workdir/build/staging_dir/host/etc/ssl/openssl.cnf
read EC key
writing EC key
WARNING: opening /builder/packages/packages.adb: No such file or directory
Package list missing or not up-to-date, generating it.
Building package index...
ERROR: ca-certificates-20250419-r2: ADB integrity error
ERROR: curl-8.19.0-r1: ADB integrity error
ERROR: ddns-scripts-services-2.8.3-r2: ADB integrity error
ERROR: ddns-scripts-2.8.3-r2: ADB integrity error
ERROR: ddns-scripts-freedns-2.8.3-r2: ADB integrity error
ERROR: wget: exited with error 3
ERROR: libcares-1.34.6-r1: ADB integrity error
ERROR: libev-4.33-r2: ADB integrity error
ERROR: https-dns-proxy-2025.12.29-r4: ADB integrity error
ERROR: iwinfo-2026.01.14~f5dd57a8-r1: ADB integrity error
ERROR: wget: exited with error 8
ERROR: luci-app-ddns-26.101.22673~0c81d2d: unexpected end of file
ERROR: luci-app-https-dns-proxy-2025.12.29-r4: ADB integrity error
ERROR: liblucihttp-lua-2023.03.15~9b5b683f-r1: ADB integrity error
ERROR: wget: exited with error 8
ERROR: luci-lib-ip-26.101.22673~0c81d2d: unexpected end of file
ERROR: wget: exited with error 8
ERROR: luci-lib-jsonc-26.101.22673~0c81d2d: unexpected end of file
ERROR: wget: exited with error 8
ERROR: luci-lib-base-26.101.22673~0c81d2d: unexpected end of file
ERROR: ucode-mod-lua-1: ADB integrity error
ERROR: wget: exited with error 8
ERROR: luci-lua-runtime-26.101.22673~0c81d2d: unexpected end of file
ERROR: wget: exited with error 8
ERROR: luci-compat-26.101.22673~0c81d2d: unexpected end of file
ERROR: wget: exited with error 8
ERROR: luci-app-openvpn-26.101.22673~0c81d2d: unexpected end of file
ERROR: wget: exited with error 3
ERROR: pbr-1.2.2-r12: ADB integrity error
ERROR: luci-app-pbr-1.2.2-r12: ADB integrity error
ERROR: wget: exited with error 3
ERROR: attr-2.5.2-r3: ADB integrity error
ERROR: wget: exited with error 3
ERROR: icu78-78.2-r1: ADB integrity error
ERROR: wget: exited with error 3
ERROR: libdbus-1.16.2-r3: ADB integrity error
ERROR: libexpat-2.7.4-r1: ADB integrity error
ERROR: wget: exited with error 3
ERROR: dbus-1.16.2-r3: ADB integrity error
ERROR: wget: exited with error 3
ERROR: libavahi-dbus-support-0.8-r10: ADB integrity error
ERROR: libdaemon-0.14-r5: ADB integrity error
ERROR: avahi-dbus-daemon-0.8-r10: ADB integrity error
ERROR: libavahi-client-0.8-r10: ADB integrity error
ERROR: wget: exited with error 3
ERROR: libgnutls-3.8.10-r1: ADB integrity error
ERROR: wget: exited with error 3
ERROR: libpam-1.7.1-r4: ADB integrity error
ERROR: libpopt0-1.19-r1: ADB integrity error
ERROR: libtasn1-4.19.0-r2: ADB integrity error
ERROR: libtirpc-1.3.7-r2: ADB integrity error
ERROR: liburing-2.7-r1: ADB integrity error
ERROR: wget: exited with error 3
ERROR: samba4-libs-4.22.7-r3: ADB integrity error
ERROR: wget: exited with error 3
ERROR: samba4-server-4.22.7-r3: ADB integrity error
ERROR: wget: exited with error 8
ERROR: luci-app-samba4-26.101.22673~0c81d2d: unexpected end of file
ERROR: wget: exited with error 3
ERROR: tc-tiny-6.18.0-r2: ADB integrity error
ERROR: sqm-scripts-1.7.2-r1: ADB integrity error
ERROR: wget: exited with error 8
ERROR: luci-app-sqm-26.101.22673~0c81d2d: unexpected end of file
ERROR: mount-utils-2.41.3-r1: ADB integrity error
ERROR: libopenssl-conf-3.5.6-r1: ADB integrity error
ERROR: wget: exited with error 3
ERROR: openssl-util-3.5.6-r1: ADB integrity error
ERROR: wget: exited with error 3
ERROR: openvpn-easy-rsa-3.2.1-r1: ADB integrity error
ERROR: liblz4-1-1.10.0-r1: ADB integrity error
ERROR: liblzo2-2.10-r5: ADB integrity error
ERROR: libnl-core200-3.12.0-r1: ADB integrity error
ERROR: libnl-genl200-3.12.0-r1: ADB integrity error
ERROR: wget: exited with error 3
ERROR: openvpn-openssl-2.6.19-r1: ADB integrity error
ERROR: owut-2026.04.09~5d6760b5-r1: ADB integrity error
ERROR: libqrencode-4.1.1-r2: ADB integrity error
ERROR: qrencode-4.1.1-r2: ADB integrity error
ERROR: wget: exited with error 3
ERROR: samba4-admin-4.22.7-r3: ADB integrity error
ERROR: samba4-utils-4.22.7-r3: ADB integrity error
ERROR: tune2fs-1.47.3-r1: ADB integrity error
ERROR: usb-modeswitch-2025.10.04~9b4d0a6e-r1: ADB integrity error
ERROR: wget: exited with error 3
ERROR: vsftpd-tls-3.0.5-r6: ADB integrity error
ERROR: wsdd2-2023.12.21~b676d8ac-r2: ADB integrity error
make[2]: *** [Makefile:254: package_install] Error 60
make[1]: *** [Makefile:193: _call_manifest] Error 2
make: *** [Makefile:369: manifest] Error 2
Traceback (most recent call last):
File "/app/.venv/lib/python3.14/site-packages/rq/worker/base.py", line 1522, in perform_job
return_value = job.perform()
File "/app/.venv/lib/python3.14/site-packages/rq/job.py", line 1342, in perform
self._result = self._execute()
~~~~~~~~~~~~~^^
File "/app/.venv/lib/python3.14/site-packages/rq/job.py", line 1402, in _execute
result = self.func(*self.args, **self.kwargs)
File "/app/asu/build.py", line 494, in build
result = _build(build_request, job)
File "/app/asu/build.py", line 302, in _build
report_error(job, check_package_errors(job.meta["stderr"]))
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/asu/util.py", line 338, in report_error
raise RuntimeError(msg)
RuntimeError: Impossible package selection
ERROR: Build failed with status 500 (--version-to 25.12.1 --device mediatek/filogic:glinet_gl-mt6000:squashfs)
The above errors are often due to the upgrade server lagging behind the
build server, first suggestion is to wait a while and try again.
The ADB error is known, I didn't think it affected .1, only .2 
Solution is to wait?
I guess, but I haven't looked into it.
No problem.
it's working just ddns updater is wonky.
I can set ip manually on afraid.
Conflating the issues and acting on impulse is wrong.
The latest mbedtls is out for weeks.
Should there have been any critical issues the developers would have addressed it and OpenWRT maintainers would have picked up and published the fix in 25.12.2 already.
An issue with one site doesnât justify the security downgrade.
Seems there is a config/bug in mbedTLS/3.3.6
I have downgrade to 25.12.1 and there is no different, ddns still show error code 35
ipv4
: Forced Update - L: '176.10.xxx.xxx' == R: '176.10.xxx.xxx'
221107 : #> /usr/bin/curl -RsS -o /var/run/ddns/afraid_ipv4.dat --stderr /var/run/ddns/afraid_ipv4.err --noproxy '*' 'https://sync.afraid.org/u/***PW***/?address=176.10.xxx.xxx'
221108 ERROR : cURL Error: '35'
221108 : curl: (35) ssl_handshake returned: (-0x6600) SSL - A field in a message was incorrect or inconsistent with other fields
ipv6
#> /usr/bin/curl -RsS -o /var/run/ddns/afraid_ipv6.dat --stderr /var/run/ddns/afraid_ipv6.err --noproxy '*' 'https://v6.sync.afraid.org/u/***PW***/?address=2001:09b0:0041:0000:0000:0000:5xxx:xxxx'
221105 ERROR : cURL Error: '35'
221105 : curl: (35) ssl_handshake returned: (-0x6600) SSL - A field in a message was incorrect or inconsistent with other fields
Jag fÄr vÀnta pÄ en program fix.
Fel sprÄk ,)
(wrong language)
Yes I know 
I thought you are a swede.
I should wait for a program fix...
I have the same core problem with https://update.spdyn.de . My current workaround is to disable https and use plain http. Not so nice, but better than loosing remote access.
Until a fix is available, maybe try this, and have curl use TLS 1.2 ?
curl --tlsv1.2 --tls-max 1.2 https://URL-HERE
That is working for my DDNS provider. Thanks! 
My DDNS provider doesn't even support TLSv1.3 - only TLSv1.2 . So this workaround triggers a differnet code path skipping the parsing error in mbedtls. Nice.
I have tested both 25.12.1 and 25.12-snapshot and both have same problem, (curl error 35).
I suppose have to wait until a push have ben done
The changes in upstream were merged today, somebody needs to bump the openwrt version in main and 25.12. I would do it, but my last try to be active on github ended not so good (I never was before)...
Yes, I understand.
Just testing on suggest from frollic.
I have to wait until it's pushed.
Solved, waiting to be built, check the BanIP thread you linked to 5 days ago.