I need connect Proxy Server with certification

acua87 · February 4, 2021, 7:11am

To anyone for me,

I need your help.
I failed opkg update on Raspberry Pi 4.

root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/packages/Packages.gz
..
..
..

I suspect proxy makes to fail update.
My company has internal network and Proxy server for security.
So I got below the proxy guideline for connecting external internet network.
But, It is not for our OS, openwrt.

[For Ubuntu, Debian, Mint]
http_proxy=http://MyCompanyProxyIPaddr:8080
https_proxy="http://MyCompanyProxyIPaddr:8080"
no_proxy="127.0.0.1, localhost"

[For CentOS, Fedora, Redhat]
export http_proxy="http://MyCompanyProxyIPaddr:8080"
export https_proxy="http://MyCompanyProxyIPaddr:8080"
export no_proxy="127.0.0.1, localhost"

[Register Certificate]
sudo mkdir /usr/share/ca-certificates/MyCompany
sudo cp MyCompanyCerti.crt /usr/share/ca-certificates/MyCompany/
sudo dpkg-reconfigure ca-certificates
sudo update-ca-certificates
Same process to /etc/ssl/cert

So, How can I solve this issue?
Do you have any other commands to replace sudo, dpkg-reconfigure, update-ca-certificates and so on?

Thank you.

frollic · February 4, 2021, 7:41am

check out the opkg proxy settings

acua87 · February 4, 2021, 7:53am

Thank you to reply for me.

I refer "Proxy Support" on this page for setting proxy.
but, I can't find to register certificates.

I found same result by only setting "Proxy Support".
" Failed to send request: Operation not permitted "

Just I think.. must have to register certificates.
Do you have any other openwrt commands to replace sudo, dpkg-reconfigure, update-ca-certificates?

frollic · February 4, 2021, 8:19am

w/o having access to any openWRT device at the moment, you should be able to check where owrt stores the certificates, and add yours.

acua87 · February 5, 2021, 8:26am

I found below things for openwrt on Raspberry Pi 4.

OpenWrt does not support "https_proxy".

I set Proxy option in /etc/opkg.conf and then enter opkg update.
(refer to https://openwrt.org/docs/guide-user/additional-software/opkg#proxy_support)

But, failed.
So, I change package download link address in my openwrt.
Changing from "https://" to "http://" in "/etc/opkg/distfeeds.conf"

"opkg update" is successful.
Not Good but OK.

If you want to look specific status of opkg,
hit "opkg --verbosity=3 update"

Downloading http://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/packages/Packages.gz
opkg_download: Setting environment variable: http_proxy = http://MyCompanyProxyServerIP/.
opkg_download: Setting environment variable: no_proxy = 127.0.0.1, localhost


Collected errors:
 * opkg_conf_set_option: Unrecognized option: https_proxy=http://MyCompanyProxyServerIP/

Thank you

frollic · February 5, 2021, 8:42am

ok,

so the cert wasn't for authenticating to the proxy, but for https to work

system · February 15, 2021, 8:43am

This topic was automatically closed 0 minutes after the last reply. New replies are no longer allowed.