Help with wget/opkg failed problem

Installing and Using OpenWrt
1

Hello,

I am having the well covered wget problem except with error 5 as apposed to the search returns I'm finding in search.

The only thing I can remember messing with as of late is setting a static IP to a nextcloud pi I am trying to set up, I uninstalled adguard, and updated via the attended sysupgrade.

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd48:d800:233e::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd48:d800:233e::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.xx.x'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '193.138.xxx.xx' (is this sensitive?)

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config interface 'wg0'
	option proto 'wireguard'
	option private_key ''
	list addresses '10.67.234.102/32'
	option force_link '1'

config wireguard_wg0
	option public_key 'PLpO9ikFX1garSFaeUpo7XVSMrILrTB8D9ZwQt6Zgwk='
	list allowed_ips '0.0.0.0/0'
	option route_allowed_ips '1'
	option endpoint_host '185.195.xxx.xx' (not sure if this is public?)

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/18000000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option country 'GB'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'yolo'
	option encryption 'psk2'
	option key ''

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option disabled '1'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list server '10.64.0.1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,10.64.0.1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'nextcloud'
	option ip '192.168.99.xxx'
	option mac 'E4:5F:01:xx:xx:xx'

config host
	option name 'myNode'
	option ip '192.168.99.xxx'
	option mac 'E4:5F:01:xx:xx:xx'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list server '10.64.0.1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,10.64.0.1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'nextcloud'
	option ip '192.168.99.xxx'
	option mac 'E4:5F:01:xx:xx:xx'

config host
	option name 'myNode' 
	option ip '192.168.99.xxx' 
	option mac 'E4:5F:01:xx:xx:xx'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'wgzone'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wg0'

config forwarding
	option src 'lan'
	option dest 'wgzone'

Also I've wondered, why does sys upgrade continually report that there is a new upgrade available even right after updating? and Should I be using root to login, shouldn't I adduser a new login?

Thank yoouuuuu

2

You haven't specified the IPv4 address.

option ipaddr 'xxx.xxx.xxx.xxx'

(The setting seems to have appeared in an edit by the OP, along with the DNS setting for WAN.)

It's a public IP for a DNS server...but you can obscure it.

1 Like
3

Actually, I think it is there. There appears to be a 'false start' followed by the complete file:

The address here is fine, but you don't need to redact it since it is an RFC1918 address.

On the DNS below... if this is a public DNS server, it is usually not considered sensitive information. However, what is most critical is that it is working as expected. You might try using other public DNS servers such as 8.8.8.8 or 1.1.1.1 which should work in most situations.

The IP of the endpoint host is a publicly routable IP but this should rightfully be redacted.

Is this WG tunnel up and running when you trying to run wget or opkg? Do you get DNS resolution working when the tunnel is up? what about when it is down?

Please run the following tests:

Do this:

  1. from router with WG tunnel down
  2. from router with WG tunnel up
  3. from computer (connected to router) with WG tunnel down
  4. from computer (connected to router) with WG tunnel up

and report the results.

Can you elaborate on this? What update did you just do? did you use sysupgrade (which doesn't typically tell you about an upgrade), or did you use opkg upgrade (or the LuCI equivalent)?

4

Apologies, no idea what happened there with the editing.

Thanks for the help.

I understand DNS resolution, what's the best way to test this?

With wireguard up
0 drops to 8888 and google from router
0 drops to both from mac

with WG down from router
root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network unreachable
root@OpenWrt:~# ping google.com
PING google.com (2a00:1450:4009:822::200e): 56 data bytes
64 bytes from 2a00:1450:4009:822::200e: seq=0 ttl=60 time=40.778 ms
64 bytes from 2a00:1450:4009:822::200e: seq=1 ttl=60 time=41.934 ms
64 bytes from 2a00:1450:4009:822::200e: seq=2 ttl=60 time=28.570 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 28.570/37.094/41.934 ms

from desktop
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
(base) eve@Macdaddy ~ % ping google.com
PING google.com (172.217.169.78): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
--- google.com ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss
(base) eve@Macdaddy ~ %

I updated from luci via the awesome attended upgrade option. If I use this feature, it'll perform a search and always returns 'new firmware available'. I updated, then checked a day later and there was another - or so I thought. I updated, rechecked and it returned another update. This time I checked the firmware I had with openwrt.org and it was the same.

5

What's the name of the file to edit the public DNS to try 1.1.1.1?

6

/etc/resolv.conf

7

Thanks frollic.

Guys, can this have anything to do with the kernel? noticed I'm on 5.10.156 with 22.03-SNAPSHOT r19977-6cd1035d8d / LuCI openwrt-22.03 branch git-22.339.35241-4ca7a8d.

8

Snapshot can contain bugs... is there a reason you are using snapshot instead of a stable release? (latest is 22.03.2).

9

Does the auc feature source and update from openwrt based upon what you have? I vaguely remember installing my first openwrt on my rt3200 and it being a snapshot - maybe I had to? perhaps it was all that was available?

10

For future reference and to keep the forum awesome:
I've figured out that I am on a snap-shot because that was all that was available for my router when I got it but snaps are bleeding edge and should be left to the pros.

The question now is; can I flash the existing stable release? and should I? will I be required to reconfigure again? (I spent a long time being a newbie and setting up wireguard lol)
If I can reflash and, assuming I will lose my stuffs, can I create a script to reapply all my settings automatically?

Should of mentioned previously that I am 3 months into switching to linux but learning fast, hopefully!

11

https://firmware-selector.openwrt.org/?version=22.03.2&target=mediatek%2Fmt7622&id=linksys_e8450

Best practice: yes, reconfigure from scratch. The real answer is more complex -- it depends on what version you are coming from (or how old your snapshot is) to determine if a direct upgrade is possible or advisable. I always recommend starting over whenever there is any question.

Recommendation: make a backup and then use those backup files as a reference so you can reproduce your settings. Do not directly restore the backup. You can usually copy/paste certain sections of the backup files (such as the WireGuard config) back into place, but this again depends on the version from which you were upgrading.

When you run an upgrade, you will indeed find that all the user-installed packages will be gone (they're not included in the standard images).

There is the "attended sysupgrade" which actually looks at your installed packages, requests a customized image, and then installs that and keeps your existing configuration. This may work, but depends on your current version/snapshot. There is also another package that can create a list of the installed packages and then reinstall them after your upgrade.

Personally, I just keep a little script that installs everything (my setup is a bit more complex with an extroot config)... it's fairly easy to create such a script.

It appears that your device was only officially supported in 22.03, so the snapshot can't be that old and should theoretically be compatible with an upgrade that keeps settings... but I personally recommend just keeping it simple and reinstalling fresh.

1 Like