How to upgrade to wpad-openssl for mesh?

linuxuser · December 21, 2023, 7:31pm

I nearly bricked again a device.

root@AX53U-S1:~# ubus call system board
{
	"kernel": "5.10.176",
	"hostname": "AX53U-S1",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "ASUS RT-AX53U",
	"board_name": "asus,rt-ax53u",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.5",
		"revision": "r20134-5f15225c1e",
		"target": "ramips/mt7621",
		"description": "OpenWrt 22.03.5 r20134-5f15225c1e"
	}
}

Newer OpenWrt is not recommended at the moment because of WAN-problems.

root@AX53U-S1:~# opkg install wpad-openssl
Installing wpad-openssl (2022-01-16-cff80b4f-18.3) to root...
Collected errors:
 * check_conflicts_for: The following packages conflict with wpad-openssl:
 * check_conflicts_for: 	wpad-basic-wolfssl * 
 * opkg_install_cmd: Cannot install package wpad-openssl.

Ok, tried it to avoid to loose internet.

root@AX53U-S1:~# opkg remove wpad-basic-wolfssl 
Removing package wpad-basic-wolfssl from root...

Removed

root@AX53U-S1:~# opkg install wpad-openssl
Installing wpad-openssl (2022-01-16-cff80b4f-18.3) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk
Upgrading hostapd-common on root from 2022-01-16-cff80b4f-16.2 to 2022-01-16-cff80b4f-18.3...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/hostapd-common_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk

This never ends. Had to do a "sysupgrade -n".

So what can I do, if I have no wired connection to the internet.

The same way as described at Flashing an original Asus RT-AX53U using scp? - #5 by linuxuser did not work. I mean connecting the pc to the AX53U lan-port and the wan-port of the AX53U to an Archer C7-wireless-wds-client.

I tried this after the above non working-installation. No chance to ping something in the internet, even the Fritzbox, which has the same net as the C7.

Maybe there is a connection with WAN-bug?

A solution could be to use https://firmware-selector.openwrt.org/ but I don't want to try this, because I bricked a Zyxel doing it this way. Debricking is not so easy with the AX53U for me, after I read https://openwrt.org/docs/guide-user/troubleshooting/generic.debrick

Can I download wpad-openssl locally and install it then locally? How can I do this? Which dependencies exist, so I have to download these too?

alaviss · December 22, 2023, 6:04am

You can, run opkg install --download-only --force-depends wpad-openssl and it will download both dependencies and the package.

Then remove wpad-basic-wolfssl as usual and run opkg install *.ipk to install the packages you downloaded.

linuxuser · December 22, 2023, 7:53am

Looks like there is somewhere a bug.

Starting with OpenWrt 22.03.5, r20134-5f15225c1e

root@AX53U-S1:~# opkg update
Downloading https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt7621/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt7621/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/luci/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/telephony/Packages.sig
Signature check passed.

Posted the updated repos, maybe there is something wrong.

root@AX53U-S1:~# cd /tmp

Can't believe that /tmp is the problem

root@AX53U-S1:/tmp# opkg install --download-only --force-depends wpad-openssl
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/hostapd-common_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/libopenssl1.1_1.1.1w-1_mipsel_24kc.ipk

Looks ok

root@AX53U-S1:/tmp# ls *.ipk
hostapd-common_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk
libopenssl1.1_1.1.1w-1_mipsel_24kc.ipk
wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk

Maybe there are more dependencies?

root@AX53U-S1:/tmp# opkg remove wpad-basic-wolfssl
Removing package wpad-basic-wolfssl from root...

No problem.

root@AX53U-S1:/tmp# opkg install *.ipk
Upgrading hostapd-common on root from 2022-01-16-cff80b4f-16.2 to 2022-01-16-cff80b4f-18.3...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/hostapd-common_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk
Installing libopenssl1.1 (1.1.1w-1) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/libopenssl1.1_1.1.1w-1_mipsel_24kc.ipk
Failed to send request: Operation not permitted
Installing wpad-openssl (2022-01-16-cff80b4f-18.3) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk
Failed to send request: Operation not permitted
Configuring hostapd-common.
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/libopenssl1.1_1.1.1w-1_mipsel_24kc.ipk, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_install_pkg: Failed to download libopenssl1.1. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package libopenssl1.1.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk, wget returned 4.
 * opkg_download: Check your network settings and connectivity.
 * opkg_install_pkg: Failed to download wpad-openssl. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package wpad-openssl.

Why "Check your network settings and connectivity"?

Why "Operation not permitted"?

Tried again wpad-openssl only.

root@AX53U-S1:/tmp#opkg install wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24
kc.ipk
Installing wpad-openssl (2022-01-16-cff80b4f-18.3) to root...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk
Failed to send request: Operation not permitted
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_install_pkg: Failed to download wpad-openssl. Perhaps you need to run 'opkg update'?
 * opkg_install_cmd: Cannot install package wpad-openssl.

So again:

sysupgrade -n

grrr2 · December 22, 2023, 8:47am

try in a bit different order:

opkg update
opkg install wpad-full  # this will download and install necessary dependencies first, 
                        # then eventually fail due to conflict between wpad and wpad-full. that's ok
opkg download wpad-full
opkg remove --nodeps wpad
opkg install wpad-full.ipk

alaviss · December 22, 2023, 9:24am

Try using ./*.ipk instead. Those errors mean opkg is trying to download from the Internet, but Internet is down. It should not have the word download anywhere in that output.

I suspect that not using a relative or full path meant that opkg was trying to solve it as a part of a repository and download from there instead of using the local files.

Typically I see that on my system if DNS is unreachable. The error message is certainly weird, though.

badulesia · December 22, 2023, 9:25am

Create a custom build with all the packages you need, than flash it. Simple and effective.

linuxuser · December 22, 2023, 5:43pm

Not a good idea as mentioned in my 1st post. See Zyxel NBG6817 not pingable after flashing I bricked a Zyxel with a custom build.

This would be gambling. There is no easy way to debrick it.

linuxuser · December 22, 2023, 5:45pm

Is internet then down generally? To reinstall takes time too. I could go to another place, where I can connect the router via ethernet to a gateway router.

alaviss · December 22, 2023, 6:02pm

FWIW you can just use: https://openwrt.org/toh/asus/rt-ax53u#back_to_asus_firmware_with_asus_repair_tool
to reset to original then re-install openwrt.

alaviss · December 22, 2023, 6:03pm

try opkg install ./*.ipk (notice the ./). This should force opkg to install using the files you have given it.

linuxuser · December 23, 2023, 7:01am

No, it doesn't work.

root@AX53U-S1:/tmp# ls -1 *.ipk
hostapd-common_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk
libopenssl1.1_1.1.1w-1_mipsel_24kc.ipk
wpad-openssl_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk

root@AX53U-S1:/tmp# opkg remove wpad-basic-wolfssl
Removing package wpad-basic-wolfssl from root...

root@AX53U-S1:/tmp# opkg install ./*.ipk
Upgrading hostapd-common on root from 2022-01-16-cff80b4f-16.2 to 2022-01-16-cff80b4f-18.3...
Downloading https://downloads.openwrt.org/releases/22.03.5/packages/mipsel_24kc/base/hostapd-common_2022-01-16-cff80b4f-18.3_mipsel_24kc.ipk

Same as before.

linuxuser · December 23, 2023, 7:50am

Thanks, that made me more adventurous. I have build a custom image with

ASUS RT-AX53U
22.03.6 (r20265-f85a79bcb4)

Probably misconfigured, because of libustream-wolfssl, should be probably libustream-openssl

base-files busybox ca-bundle dnsmasq dropbear firewall4 fstools kmod-gpio-button-hotplug kmod-leds-gpio kmod-mt7915e kmod-nft-offload kmod-usb-ledtrig-usbport kmod-usb3 libc libgcc libustream-wolfssl logd luci mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd wpad-openssl mesh11sd iperf iperf3

I could boot and configure.

root@AX53U-S1:~# opkg list-installed  | grep wpad
wpad-openssl - 2022-01-16-cff80b4f-18.3

root@AX53U-S1:~# opkg list-installed  | grep 11s
mesh11sd - 2.0.0-1

Maybe there was a version problem with wpad-openssl - 2022, with newer images I see wpad-openssl - 2023 and I assume the newest will be installed. After opkg update there is maybe a 2023 version available and that is why internet is used, just guessing.

Nevertheless I think it is important, that manual installation works. I am unsure what I do after my Zyxel is unbricked.

linuxuser · December 23, 2023, 8:43am

Looks like my system has not the needed packages.

# opkg list-installed | grep wolf
**libustream-wolfssl20201210** - 2022-12-08-9217ab46-2
**libwolfssl5.6.4.ee39414e** - 5.6.4-stable-1

# opkg list | grep libustream
libustream-mbedtls20201210 - 2022-12-08-9217ab46-2 - ustream SSL Library (mbedtls)
**libustream-openssl20201210** - 2022-12-08-9217ab46-2 - ustream SSL Library (openssl)
libustream-wolfssl20201210 - 2022-12-08-9217ab46-2 - ustream SSL Library (wolfssl)
luci-ssl-nginx - git-20.161.73418-219f0ce - LuCI with OpenSSL as the SSL backend (libustream-openssl). OpenSSL cmd tools (openssl-util) are used by nginx for SSL key generation.
luci-ssl-openssl - git-17.031.53232-b6341bd - LuCI with OpenSSL as the SSL backend (libustream-openssl). OpenSSL cmd tools (openssl-util) are used by uhttpd for SSL key generation instead of the default px5g. (If px5g is installed, uhttpd will prefer that.)

# opkg list-installed | grep openssl
libopenssl1.1 - 1.1.1w-1
wpad-openssl - 2022-01-16-cff80b4f-18.3

Which packages do I have to remove / install for wpad-openssl ?

alaviss · December 23, 2023, 9:22am

You already have everything you need for wpad-openssl.

You could convert libustream to openssl so you can remove wolfssl to save space, or you could leave it be as the two libraries do not conflict with one another.

The latest openwrt is 23.05.2. If you build an 22.03.6 image then you'll be stuck with old stuff.

linuxuser · December 23, 2023, 9:38am

Thanks, good to know. I already flashed again.

Warning! There is a WAN interface issue with version 23.05.0, version 22.03.5 works fine

Read, that the problems exist with 23.05.2 too.

What I did now:

Default packages:

base-files busybox ca-bundle dnsmasq dropbear firewall4 fstools kmod-gpio-button-hotplug kmod-leds-gpio kmod-mt7915e kmod-nft-offload kmod-usb-ledtrig-usbport kmod-usb3 libc libgcc libustream-wolfssl logd luci mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd wpad-basic-wolfssl

I removed:

libustream-wolfssl wpad-basic-wolfssl

I installed:

base-files busybox ca-bundle dnsmasq dropbear firewall4 fstools kmod-gpio-button-hotplug kmod-leds-gpio kmod-mt7915e kmod-nft-offload kmod-usb-ledtrig-usbport kmod-usb3 libc libgcc logd luci mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail uboot-envtools uci uclient-fetch urandom-seed urngd wpad-openssl libustream-openssl20201210 mesh11sd iperf iperf3

Was not sure what happens, when I don't define libustream-openssl. Should it be added automatically? Else I was not sure if libustream-openssl20201210 is the correct version. Saw this with my query above with mixed wolf packages,


# opkg list-installed | grep ssl
libopenssl1.1 - 1.1.1w-1
libustream-openssl20201210 - 2022-12-08-9217ab46-2
wpad-openssl - 2022-01-16-cff80b4f-18.3

alaviss · December 23, 2023, 9:55am

I believe it'd just grab a random one, since libustream is a dependency of uhttpd. Picking your own means you get to select the exact implementation.

Just go for libustream-openssl, the package manager will pick the correct version for you.