Luci-https not working correctly

Installing and Using OpenWrt
1

Hi,

I have noticed on the last couple of stable builds and snapshot builds, the luci https is extremely slow or doesn't load at all. This mostly occurs on pages where a script is loaded. e.g the network view or the first page after log in. Sometimes I get an error message on the luci site that a script could not be loaded. This has been happening across different routers. I've also tried different browsers etc. This makes using https impossible.

At the moment I am using:

  • OpenWrt SNAPSHOT r11009-1cf2495d48

  • Netgear Nighthawk X4S R7800

  • openvpn-openssl 2.4.7-2

  • luci-ssl-openssl git-19.258.59939-fbfb4af-1

I assume it's a combination of some packages. On all the devices the thing that is the same is the openvpn-Openssl and luci-ssl-openssl instead of the mbedTLS. Which can’t be combined.

Has anyone else experienced this?

Please let me know if you need any logs or more information.

Thanks!

2

Does http work fine?
Do you see any extreme cpu load when you try to open the page? (top or htop from SSH).

1 Like
3

Thanks for your reply.

Http works fine. I had already checked with htop. No high cpu load when trying to use luci with https.

4

I am not sure what is the reason for that. I am using the same packages in my routers (different models) without such behavior.
As a workaround I can suggest to use http over OpenVPN or SSH tunneling if you are connecting from the internet.

1 Like
5

Yes that is how I'm doing it at the moment. Through Openvpn tunnel. I guess it must be a particular setting i do on my devices. I'll have to configure a free device manually again and check after which step the issue occurs.

6

@boni, welcome to the community!

Wait, so you're saying this only occurs when:

  • you are on your OpenVPN tunnel
  • attempt to reach LuCI over HTTPS
    :question:

If so, it may be entropy. Please provide the results of:

cat /proc/sys/kernel/random/entropy_avail

Before and after attempting to access LuCI.

7

Thanks for your reply. :slight_smile:

"Unfortunately" it also occurs while in the lan via wifi. I haven't checked via cable yet. Might do that tonight.

Do you still think it could be due to entropy? Should I still create the cat output?

8

Yes, please - just to eliminate the possibility.

9

Ok, so i was connected via cable in the LAN and still the same issue.

Here is the output before accessing luci:
~# cat /proc/sys/kernel/random/entropy_avail
3299

and here after accessing luci:
~# cat /proc/sys/kernel/random/entropy_avail
3413

This is the error message i sometimes get in luci when accessing via https:

Untitled
Untitled.png1018×343 14.5 KB

10

OK, it's definitely not entropy.

11

Could you post the luci and uhttpd settings from /etc/config/ just to be sure?

12

I left them basically default.

config uhttpd 'main'
	list listen_http '0.0.0.0:80'
	list listen_http '[::]:80'
	list listen_https '0.0.0.0:444'
	list listen_https '[::]:444'
	option redirect_https '0'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
	option max_connections '100'
	option cert '/etc/uhttpd.crt'
	option key '/etc/uhttpd.key'
	option cgi_prefix '/cgi-bin'
	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
	option script_timeout '60'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'

config cert 'defaults'
	option days '730'
	option key_type 'rsa'
	option bits '2048'
	option ec_curve 'P-256'
	option state 'Somewhere'
	option location 'Unknown'
	option commonname 'ABCDEF'
	option country 'DE'


########################################

config core 'main'
	option lang 'auto'
	option mediaurlbase '/luci-static/bootstrap'
	option resourcebase '/luci-static/resources'

config extern 'flash_keep'
	option uci '/etc/config/'
	option dropbear '/etc/dropbear/'
	option openvpn '/etc/openvpn/'
	option passwd '/etc/passwd'
	option opkg '/etc/opkg.conf'
	option firewall '/etc/firewall.user'
	option uploads '/lib/uci/upload/'

config internal 'languages'

config internal 'sauth'
	option sessionpath '/tmp/luci-sessions'
	option sessiontime '3600'

config internal 'ccache'
	option enable '1'

config internal 'themes'
	option Bootstrap '/luci-static/bootstrap'

config internal 'apply'
	option rollback '30'
	option holdoff '4'
	option timeout '5'
	option display '1.5'

config internal 'diag'
	option dns 'openwrt.org'
	option ping 'openwrt'
	option route 'openwrt'