Is it possible temp. increase free space?

Oleksa75 · May 19, 2018, 12:51pm

Hello there! I have TL-WR743ND-v2 and have updated to 17.01.4 from 17.01.1
Once I tried make "opkg update" && "opkg list-upgradable" I got error xsystem: wget: vfork: Out of memory.
So, my question is: is it possible temporally increase free space for update process only?
At my Ubuntu I have used sshfs utility for mount remote directories.
So, how to mount some directory, where downloaded packages for updated located, to my PC, perform update, ant then unmount additional space?

There list of mounted infrasctructure

root@LEDE:~# mount
/dev/root on /rom type squashfs (ro,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noatime)
/dev/mtdblock3 on /overlay type jffs2 (rw,noatime)
overlayfs:/overlay on / type overlay (rw,noatime,lowerdir=/,upperdir=/overlay/upper,workdir=/overlay/work)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,size=512k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600)
debugfs on /sys/kernel/debug type debugfs (rw,noatime)

What is the directory where updates stored?
Thank You very much!

h8red · May 19, 2018, 12:58pm

Try:
sync && echo 3 > /proc/sys/vm/drop_caches

Frees some memory

Oleksa75 · May 19, 2018, 3:35pm

Thanks, H8red, but without any success (((
And SSHFS seems also not possible because that's require sftp-server in /usr/libexec.
And sftp-server (~ 101K) part of openssh package - unable to install because lack of space...Any another idea from someone?

psherman · May 19, 2018, 5:35pm

You’ll probably need newer hardware. That device doesn’t have enough space, as mentioned in the device support page

Oleksa75 · May 19, 2018, 5:46pm

Doch! I have already MikroTik RB951Ui-2HnD (from yday) ))) Will try original FW and possible, re-flash to LEDE later. BUT I want to use old TL-WR743ND-v2 as "barebone" for learning how to cross-compile and improve my knowledge's about Linux embedded. So, I need some idea how to increase free space just temporally. May be, NFS or solder JTAG with USB <--> RS232 adapter? Please throw me few good ideas ) It is not a problem to bricked device...

psherman · May 19, 2018, 5:47pm

If you flash an image without LuCI, you will have space to install small packages and mess around with the system. But other than that, you could consider an older OpenWRT build like CC or BB.

slh · May 19, 2018, 8:47pm

For security reasons using anything older than 17.04.1 is not an option for an internet connected device, there are already way to many IoT devices and routers in malicious botnets and there have been quite serious security issues in older releases.

psherman · May 19, 2018, 9:38pm

@slh raises a good point if the device will be directly connected to your wan. However, if you’re working with the device behind another router, it can be a great too to use while you learn to bulid images and packages and mess with embedded Linux.

slh · May 19, 2018, 9:45pm

The dnsmasq vulnerabilities don't require a direct internet connection, just a way to connect to an upstream DNS server and javascript and friends allow a lot of probing from the inside as well, without you even noticing.

Oleksa75 · May 20, 2018, 3:09am

Before I used Linux PC (i486) with Gentoo as "gateway" :
ISP --> Gentoo PC (gate) --> TP-Link --> Internal network (10.10..)
But for now I have 2nd ISP and want to use load balancing 2 WANs in MikroTik
ISP1 --> TP-Link TL-WR743ND-v2 (Gate1) --> Mikrotik WAN1
ISP2 --> TP-Link TL-WR840N-v2(Gate2) --> Mikrotik WAN2
++++
Mikrotik LAN + Mikrotik WiFI in bridge --> internal networks.
Or smth like that, BUT both TP-Links have lack of free space...
I have compiled under Gentoo OpenSSH package for mips_24kc, stripped but it still too fat (((
I want fully updated OS for both gates and hope, Lede image can help...
Thank You anyway, will dig more...

psherman · May 20, 2018, 4:32am

Why go through the TP-Link devices in the first place? Assuming you can configure the Mikrotik to do the load balancing/failover on two WANs, there is no reason to go through those other routers -- they don't add any value.

Oleksa75 · May 20, 2018, 10:52am

All manuals, that I have found in Internet, recommended for 1st line some device as "gateway" from aggressive env. as World Wide Web. And 2nd reason - for 2nd ISP I have dynamic IP address. Just let me unify sources as:
--- ISP1 = 192.168.1.0/24 ---
--- ISP2 = 192.168.2.0/24 ---

--- LAN --- = 10.1.0.1/24
I'll test if there will some drop in speed - will connect directly to MikroTik

bobafetthotmail · May 20, 2018, 2:02pm

No. Installing anything from opkg is impossible in many devices that have 32MB of RAM. The error you get is "not enough RAM".
Your device still does not have enough storage, but opkg fails first because there isn't enough RAM.

If you want to install packages or update something you must rebuild a firmware either from source https://openwrt.org/docs/guide-developer/build-system/start or (recommended) using the Image Builder (which assembles a firmware image using opkg packages). https://openwrt.org/docs/guide-user/additional-software/imagebuilder
Then you "upgrade" the device using your new firmware image.

If packages are integrated when compiling or by the Image Bulder they go in the high-compression squashfs partition and you can actually fit something in there. Installing packages afterwards is not possible on devices with 4MB of flash, even if Opkg has enough RAM to work.

jeff · May 20, 2018, 2:23pm

The assumption there is that your first-line device is secure and robust. Given the age of even LEDE 17.01 against the pace of revealed security flaws in Linux and the applications that are run on Linux systems, anything prior to LEDE 17.01 should be considered not only insecure, but a risk to security to others outside of your network as well.

If you want to add another layer to your perimeter, then you should only consider devices that can support current patch-level firmware, now and into the future. Such devices are available for under US$20 each. You should also consider that two layers of the same thing (OpenWRT, in this case) may not significantly improve your security as the same exploits will likely get an attacker through your second layer that got them through the first.

mk24 · May 20, 2018, 2:26pm

In Community Builds, there are some people making even a VPN work on a 4/32 device. It is difficult but they have posted their builds so you can copy it.

I agree why can't this MikroTik thing be trusted to be directly connected to the Internet, and if not, why use it at all?

Decent hardware (i.e. at least 8/64) running OpenWrt can do all of what you need in one box.

psherman · May 20, 2018, 6:19pm

You don't need multiple layers of gateways -- you just need one that is up-to-date (security wise) and properly configured.

If the MikroTik is running a recently updated OS (RouterOS or any reputable 3rd party OS like OpenWRT) and assuming that they are properly patching security vulnerabilities, it should be safe to expose directly to the internet. I personally use an EdgeRouter X (from Ubiquiti) running the latest EdgeOS release as my main router (OpenWRT supports this hardware, too).

Your main gateway with proper firewalls and security configurations will protect you from attacks form the outside looking in. However, you need to keep in mind that there are lots of vulnerabilities that come from the inside looking out, so other devices on your network need to be protected and updated appropriately. But the nice thing about a good OS on your router is that you will almost certainly have the ability to setup and isolate VLANs so that you can have an untrusted device/OS 'playground' that is separate from your trusted network. This will protect your important devices and data. But keep in mind that a rouge device even on a separate VLAN could still do bad things (like participate in a DDoS attack), so security still matters on each VLAN.

But going back to the basic principle, all you need is one gateway/router with appropriate firewalls and security patches and properly configured and you're good to go.

dustwolf · May 20, 2018, 6:31pm

If the problem is out of memory you need more RAM and that cannot be delivered from another machine.

One thing you can do is use Image Builder to make a package with integrated support for network filesystem, then use the built-in overlay support to overlay the filesystem with a network filesystem where you can have additional storage space.

If your device looses connectivity or reboots, it will fall back to whatever settings are in Flash. If connected, it will store the changes you made afterwards on the remote server.

See here for info on Image Builder:

(it's pretty easy to use but you will need a 64-bit computer)

And here's a how-to on how to configure the overlay to go on an USB key (this you will have to modify as your router has no USB port, use network filesystem instead, which might not be available at boot so don't use fstab, etc):

LP,
Jure

tmomas · May 21, 2018, 6:35am

New URL:

Oleksa75 · May 23, 2018, 12:15am

Ok, thank You very much! Will try imagebuilder and SDK also. btw what about UART (with USB <–> RS232 adapter) ? If I soldering external access for UART - will it possible to connect simple USB pendrive?

psherman · May 23, 2018, 4:08am

No. The usb to serial adapters do not set up a host port.