Luci not showing anymore active Wireguard Clients after update (package upgrade with opkg)

From what version did you upgrade?

Im using a update shell script, that I execute manually ..so I cehck manually every 3-4 days.... and it made last night an update.

Did you happen to just add that pre-shared key to the e1cE peer?

Yes, the setup hasnt changed and has worked over month without trouble, I even, tonight, created new pubkey and privkey to see, if that was necesarry, umask 077 and then they keys been vreated with the know commands, updated my clients, and they connect and data goes sucesfully through the wireguard tunel, checked that with bmon.

If so, did you use the genpsk argument to generate that key

All Ok with the keys

You don't have a "Latest Handshake"

That wonders me too!!! No clue...why this is, as its working well...wireguard and my clients...no clue why it says no handshake if data is flowing and all working fine, even cryptorouting all worls fine!

Now.... some hours before, there was an FireFox update to v65.0 ...I dont want blame, and maybe Im stupid...but maybe its casue that FireFox update...that Luci deosnt display...connectionstas via the little icon that is used to show if a client is up or not...fast withotu need to monitor datastreams...

How does this script work? Would you mind sharing it?

Usually, upgrading OpenWrt should only be done by using the sysupgrade method (web or terminal). While it is possible to preserve settings, this should be used with care anytime you are running a major upgrade (maintenance updates are okay). In the process, though, packages not part of the base image you are using for installation will be erased and need to be re-installed. A script could be created to perform such upgrades and package installations, but it is often better to have a human in the loop.

If your script is using the opkg upgrade commands, this is probably a very bad idea (there were literally 3 different posts yesterday where people messed up their installations by using this method).

2 Likes

Like @psherman, I'm completely lost at what this might mean. My intention was to ask you what version of OpenWrt did you previously use prior to upgrading; but it seems you were on 18.06.1 and ran some opkg script. I highly advise against that; as it can render a system unstable. I'd suggest:

  • Upgrade to 18.06.2
  • Install needed software packages
  • Do not run scripts to update or upgrade software
  • Are you sure...?
  • Did you install the new Public Key and Pre-Shared Key on the peer?

You don't have a Latest Handshake. I'd blame the update shell script - save further evidence.

Are you saying that another icon is missing too?

1 Like

The keys are OK lleeachii, definitly, the still working....Ill upgtade to 18.02 and setup everything new...that bothers me, but what will we do...lol, the only issues I have is:

The icon doesnt go in STATUS Online
The Message NO HANDSHAKE in Status Page is strange, as Wireguard is working !!

Hello psherman,

Im using this script:

#!/bin/ash
opkg update
PACKAGES="$(opkg list-upgradable |awk '{print $1}')"
if [ -n "${PACKAGES}" ]; then
opkg upgrade ${PACKAGES}
if [ "$?" -eq 0 ]; then
echo "$(date -I"seconds") - update success, rebooting" \
>> /www/update.result
exec reboot
else
echo "$(date -I"seconds") - update failed" >> /www/update.result
fi
else
echo "$(date -I"seconds") - nothing to update" >> /www/update.result
fi

@MooMan - don’t use this script. Ever. It will break your install.

1 Like

Hello Friends,

I wiped all, installed 18.02 OpenWRT, and installed and setup all new, will not use anymmore the UpdateScript... will do in future manually, Thanks psherman =D

Now, my clients show up again well as normal, asap they connect to my WireguardServer running on OpenWRT WRT32X ...all wonderfull, also the Handshake shows up nice now, all, like it should be.... we can close this case, Thank you lleachii and also Thanks psherman .. I didnt knew, there came out a new version after 18.01...my fault...should check more..after I wiped all, and went up to 18.02... all again OK!

31

@MooMan - Glad to hear it is now working properly again.

Out of curiosity, where did that script come from? Did you make it yourself or did you find it somewhere on the web or on these forums?

EDIT: even if you wrote the script yourself, did you find the idea of using opkg upgrade somewhere, or was this something you decided to do on your own?

1 Like

Hi psherman,
I confess, I found it "somewhere" in the net, the updateScript, it worked many month well, had no trouble, but will now do it manually, every week once, with commands:
opkg list-upgradable

and then, manually make opkg upgrade

That is a lit bothering, making one by one...but hey, if it doesnt brak anythingm and is a better way, then I will swollow this extrawork :grinning:

How do you make updates? is manually, like I decribed, the only way to do it? Or is there a way, that executes as cronjob and makes an update by iteself on scheduled bases?

Im glad now, I did the update to OpenWrt 18.06.2 --was worth the hassle setting up all again, Thank you for helping and Tips!

@MooMan -

No, the point is that opkg upgrade should (almost) never be used, at all, ever. There may be some very specific cases where it is safe and useful, but in many cases it presents a significant risk of messing things up. This is because the package system doesn't (currently) have checks to ensure proper compatibility with kernel versions and various other dependencies. A package that is upgraded can therefore cause a conflict -- sometimes just breaking that one package, other times it can mess up the entire system.

I asked where it came from because it might be good to post the above warnings on the site(s)/thread(s) where that script is found.

1 Like

psherman,

but how to update in a way its correct then ?? How do you do it?

Any Tip, or hint would be apreciated...will read tomorrow more about it and hope to find a viable solution... Thank in advance!

Found the source where I found it ->

https://blog.christophersmart.com/2018/03/18/auto-apply-latest-package-updates-on-openwrt-lede-project/

@MooMan - If you want to work with stable release builds (not development builds), those only need to be updated every few months or so. Currently we're on 18.06.2, so you'll wait until 18.06.3 comes out. Do not try to upgrade individual components.

To run these updates, you use the sysupgrade features baked into OpenWrt (command line or via LuCI web interface).

If you have a specific need to keep things in a constantly upgraded path, you'll want to work with the snapshot (development) builds and/or perform builds locally on your own (using the build system), but this may result in various issues and additional work in maintenance.

Otherwise, you rarely need to worry about updating/upgrading packages, and using the opkg upgrade commands will likely cause more harm than good.

1 Like

lleachi, how do you handle upgrading packages in OpenWRT, you using a update Script? Or doing it via opkg command opkg list-upgradable , and then upgrade manually package by package ? psherman mentioned, that updatescripts may break the whole installation... and also says, that even opkg upgrade shouldnt be used, Im kinda confused now :frowning:

Its a big doubt I have, what is a secure and correct way to upgrade packages ?

@MooMan - I'm kind of speechless, honestly. I'm not making this stuff up. I just told you that updates should be done as part of a sysupgrade (i.e. flash upgrade to the next version). Others who are experienced with OpenWrt (such as @lleachii, @jeff, @tmomas) will confirm this.

1 Like

Backup, flash a new image, reinstall packages, if needed.

About once a year a change in a commonly used API brings a slew of these threads. There are also ones about people who soft-brick their device (r/o overlay) by trying to upgrade packages and overflow flash capacity.

Some suggestions on a safe, smooth upgrade at

2 Likes

I'm going to directly answer your question:

I don't seem to do this in-place upgrading on my OpenWrt devices in the manner you desire, so I don't know of a safe way to do so. I am aware that what you're doing may brick my router or make it unstable - even if it has enough flash. Since I'm under the impression that this upgrading was the cause of the issue (which I obviously seemed confused about above) - I'm wondering why it still seems like a good idea to you.

There are many threads where people upgrade their router to an unstable condition.

I suggest as @jeff:

You could also: backup, reset to default the current flash; and then re-install packages; but this all seems quite tedious to me.

1 Like

OK, I always thought, opkg update works like Updateing MacOS or Linux...Systemupdates...my mistake, I will not update anything anymore untill new Releases are out! In reality, I think, this is a very week point of this great Firmware... that you cant update (yes you can, but will possible break things, I understood!!) ...I hope, thre comes a solution in future, where you just can make a update like to a modern Desktop OS.

Thank to everyone declaring this to me, Ill not update anything anymore on OpenWRT except there comes a new Release!

No problem...but there seems to be a juxtaposition in your desires...that I would solve by constantly installing snapshots and then immediately installing all needed packages.

  • There's an inherent risk from installing from that branch, which is why it seems you agree with release builds
  • but, you get the "up-to date software" to seem to desire - as like in a desktop distribution (it seems)
  • I would advise to do this locally - for devices where I cannot, I own a test device and perform the upgrade on it first

This closely aligns with what I believe @jeff to have suggested. I'm just glad you understand that much worse could have happened upgrading a tunnel remotely. You'll learn for yourself if you have to drive kilometers and kilometers because of it.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.