a) how can I check with wich version of a package 24.10.2 came with?
b) once that I’m sure of the version how do I find the package
c) how am I going to downgrade them (openvpn-mbedtls + dependencies)
I’d like to be sure it was the upgrade to break openvpn and not anything else… but well… I didn’t change the configuration, it was working and in case I did change the configuration inadvertently… I checked the configuration of another client that still work (firewall, interfaces, openvpn) and it is absolutely equivalent.
So before opening a bug report I’d like to check if downgrading helps.
Upgrading packages (via the CLI opkg upgrade command or the LuCI Upgrade... button) can result in major problems. It is generally highly discouraged, unless you know what you are doing or if there is specific instruction to do so.
sysupgrade was the next thing I’d try, out of curiosity and once everything else fails and I have another router with the exact same hardware and properly configured.
To be more precise openvpn set up a connection, log seem OK, I can ping from any box on my lan to any other box on the other lans, but I can’t make any ssh/https connection.
There are other members of the vpn using other services across the lans so I’m sure it is not a problem of services down etc…
On this lan I rarely start openvpn but I’m absolutely sure it was running when I initially installed it. So packages versions should be the ones available first or second week of September.
Considering there are other openwrt routers running an openvpn client, the server surely didn’t change. I’ve been able to compare openvpn and firewall settings to really be sure nothing relevant had been changed when it was running and now that it is not.
So, it is most likely a problem with the newer version… could also be a compatibility between older and newer version of openvpn. So I was thinking to give the downgrade a try, but it seems there are no historical versions like debian snapshot.
It would be nice to know if it is a problem of the package or anything else downgrading so I could give some feedback to the developers, but missing historical versions, I’m not sure I’ve enough time to debug the problem since I’ll be on the move for the few coming weeks. And considering that potentially the problem could be solved in 24.10.3 probably any feedback won’t be that useful.
Forgive my ignorance but should the only proper way to upgrade openwrt be to upgrade from release to release?
Then why package get upgraded in the repository for the same release if it is not advisable to upgrade them and there is no historical version?
I’m used to Debian and there is stable, testing, unstable and experimental… and once you’re on testing you’re on your own and if something breaks it is your fault somehow.
But openwrt doesn’t seem to work the same.
I thought eg, that if there was some security issue on some package and I couldn’t afford a sysupgrade I could just opkg that package (and its dependencies).
BTW… in debian it’s pretty easy to get a summary of the changes of a package, where am I supposed to look for packages in openwrt other that git?
I’ve no expectations, I know openwrt is pretty different from debian (or opensuse, fedora or…). Just trying to be a better user.
images from stable will always contain the same package version, they won't upgrade.
openwrt doesn't have a proper package dependency DB, making things risky.
apk (already in snapshots, everywhere starting next major release) will improve things, but it'll most likely still not be perfect - The future is now: opkg vs apk.
as @brada4 said, use owut or asu to upgrade to .3, and you'll get all the packages preinstalled, should be smooth sailing.
I thought sysupgrade won’t reinstall “user installed” packages… and well I never sysupgraded a router “in production”. Fortunately I have a spare one, exactly same hardware so I can do everything with a safety net.
I’m days away from moving to China where I’ll spend most of my time on didi or on train and openvpn won’t be an essential service especially if I’ve no time to set up the rest of the config.
I do get the limitation of infrastructure (no snapshots) and package manager but could you clarify why packages in the same release get "upgraded” then if it is unsafe to upgrade them? And they are available in the same release repository…
I don’t even get what’s going to happen when I "install” a package sometimes after a release is released if there are no “snapshots” of old packages. I did try to look at the repo content but I didn’t find older releases of the packages I was interested in. Did I miss them? Did I look in the wrong place? But if opkg install is going to work after release… they should be somewhere, so I should have a chance to downgrade.
precompiled sysupgrade images won't, but you were told to use owut or asu
because of missing dependency checks would be one reason.
reset works
you can always use owut to downgrade one minor release, then upgrade again.
uninstalling the "bad" package, and reinstalling it (without upgrading) will probably work too.
I did remove and install again openvpn-mbedtls and px5g-mbedtls but it seems the version it picked up where the same that got upgraded. I’m not sure how to check.
I did the owut but it didn’t solve the problem. I’m on 24.10.3 but openvpn is still not working.
I removed libmedtls… I had some trouble reinstalling from a local copy… but I still ended up with something that’s probably newer than what I thought it should be.
Removing libmedtls kill opkg ability to download packages from the internet, so I downloaded the lib via browser, scp to the router, so I had to pick one libmedtls21 but I’m not sure it is the “correct” one.
Where can I check if the versions of the potential culprits are the same included in the “original” release?
If versions are the same of the packages I’ve installed now I’ll look somewhere else for the cause of the problem.
If they are not… since somewhere there should be a repo from where someone can opkg install stuff and not upgrade… I could at least try to patiently downgrade them manually.
Otherwise I really have to think I screwed something else that’s very very subtle since I have the openvpn and firewall config of other 2 routers that are client member of the same vpn but works.
Routing table is fine. I can ping from any box inside my lan to any other box in other lans… but I still can’t connect to any other services and I can’t really really think of any firewall or openvpn configuration that could cause this strange behavior.
nmap from the router can see services open, wget from router works… but not from any box inside the lan.
I sysupgraded and apparently it started from scratch. I reinstalled all the packages needed to run openvpn BUT I’m still experiencing the problem.
Then I upgraded the package via web interface and the problem was still there.
So… snapshot for that router was working. I’m not sure if 24.10.2 was working or it was a problem of mixed versions but 24.10.3 is not working… unless sysupgrade leave something of the previous version behind..
