Should it be in the release notes to not use attended-sysupgrade?
1 Like
Is there a known issue wrt wireguard? I had it installed on TP-Link Archer C6 version 22.03.5, but after doing a sysupgrade to 23.05-rc1, it was removed?
If I do opkg find '*wireguard*', it does find 3 of the 4 packages I installed for it, but not luci-app-wireguard*.
The packages kmod-wireguard, luci-proto-wireguard and wireguard-tools are available, but not installed.
*) I just saw that luci-proto-wireguard (now) Provides: luci-app-wireguard, so I guess that's one mystery less 
Like Jack007 showed, firmware selector package customization is not working.
1 Like
Up and running my on WRT32X with lots of packages added. Working great so far thanks devs! 
1 Like
attanded-sysupgrade image won't follow tls lib change automatically, as they pin packages it installed, right?
ASU (and auc) collects the list of installed packages and tries to update using those, so as you suspect the tls libraries will NOT be switched automatically.
For systems that currently use the wolfssl libraries, you have two options:
- Manually remove the wolfssl packages and manually install the mbedtls equivalents, then use asu/auc (I did this on an x86 install a few months back, worked fine).
- Just start over and install the base firmware, then install your "extra" packages. This always works (and is a good way to ditch any old cruft you might have installed).
If you're on a recent SNAPSHOT right now, #1 is probably fairly easy and not much will be different. If you're on 22.03, it depends... #1 might work, might not, I'd go with #2 to be safe. If you're on anything older than 22.03, #2 is the way to avoid unneeded grief.
EDIT: To clarify my parenthetic comment on #1, I was updating a current snapshot release, where both tls systems were in the same build.
1 Like
If you're Hardcore™, and really want to try a manual update, this might get you started. No warranties, nothing guaranteed but danger! 
Summary
#!/bin/sh
cd /root
opkg update
# Do 'opkg list-installed | grep wolfssl' and verify that the 'remove' list
# is correct and complete.
echo ''
echo 'Installed:'
opkg list-installed | grep wolfssl
echo ''
remove='libustream-wolfssl20201210 libwolfssl5.5.4.ee39414e px5g-wolfssl wpad-basic-wolfssl'
for pkg in $remove ; do
echo "Checking package: $pkg"
if ! opkg list-installed | grep -q "^\b${pkg}\b" ; then
echo "Couldn't find $pkg"
exit 1
fi
opkg whatdepends $pkg # I only see 'luci-ssl' as the top-level dependency for these.
echo ''
done
exit 0 # Danger checkpoint 1
# Make absolutely sure that all of these 'add' packages exist in the release you
# are updating.
add='libustream-mbedtls20201210 libmbedtls12 px5g-mbedtls wpad-basic-mbedtls'
for pkg in $add ; do
if ! opkg list | grep -q "^\b${pkg}\b" ; then
echo "There is no such package as $pkg in the current release"
exit 1
fi
done
exit 0 # Danger checkpoint 2, after this, you are on your own!
# Note that the 'opkg remove' will kill tls, and opkg fetches will stop working!
# That's why we must download everything BEFORE we do the remove.
opkg download $add
opkg remove luci-ssl # You can't remove the underlying ssl libraries while this depends on them.
opkg remove $remove
opkg install --offline-root / ~/*.ipk
opkg install luci-ssl # Put it back after we have new ssl in place.
I remember asking this before and was told you'll just end up with both
7 posts were split to a new topic: Installing OpenWrt 23.05 on the TP-Link ER605v2?
That's not specific to WireGuard. When upgrading from one version of OpenWrt to another (even for minor updates), any packages you had installed after the fact on the prior version will need to be reinstalled on the new version.
The good news, however, is that if you told it to keep your settings, then once you reinstall those packages, they will automatically have the settings from your previous version.
As a general rule of thumb, I only keep settings when upgrading between minor versions (e.g. 22.03.4 to 22.03.5). For major upgrades (e.g. 22.03 to 23.05), I reapply my customized settings manually. This helps avoid problems, and also lets me benefit from updated defaults for the settings I do not customize. It's more tedious that way, but I only have to do it about once a year. I make a configuration backup before updating, and then extract the backup and use the files as a reference, so it's not that hard.
5 Likes
@efahl Thanks for the advice to not use attended-sysupgrade when going from 22.03.5 to 23.05.0-rc1
I upgraded TP-Link EAP615-Wall v1 using the regular sysupgrade (with preserve settings) and this went ok.
One thing I noticed, compared to 22.03, is that Used memory went up from 48Mb to 62Mb
Par for the course...
Oh, indeed. TIL. Thanks.
I started out with a customized build of 22.03.5 with some added packages, including WireGuard, but it looks like they also count as 'after the fact'?
Do you have a recommendation as how to best go about this?
In my customized build I had also created/added an uci-defaults script (which works rather nicely ). I did notice that after the upgrade to 23.05-rc1, the /rom/etc/uci-defaults/99-asu-something was gone (too).
thanks for the great work!
as i see finally dnsmasq 2.89 is included in this upcoming stable release and as a new feature now one can utilize dnsmasq with nftables. my question is though:
according to link it looks like as only need to add name(s)/domain(s) within dnsmasq configuration. but it seems not to work by its own.
I could only make nft set feature work if first create the set configuration in firewall configuration then can pick the configured set(s) in dnsmasq and then i can add the domain(s).
is this the correct approach? I.e. defining set in dnsmasq is not enough, must configure it in firewall?
thanks.
Archer C6 V3, it's been running for over an hour now, OK so far
1 Like
That's not the HTTP server the u-boot is supposed to have.
ok, downgraded the TP-Link firmware to 2.0.1, can now ssh in and Barrier Breaker loaded.
scp the initramfs in /tmp and did a sysupgrade but no luck.
etc/uhttpd.crt
killall: watchdog: no process killed
/sbin/sysupgrade: eval: line 272: status_led_blink_preinit_regular: not found
Sending TERM to remaining processes ... nginx nginx portal_mgmt_mon ifstat-mini ipstat balance_loop cmxddnsd ntpd arpreq speedtest sys_monitor sleep omadad cloud-brd crond loggerd klogd sleep sleep sleep sleep netifd tddpd tmngtd ippoold dnsmasq improxy dnsproxyd ubusd queueventd uhttpd monitor pptpd xl2tpd online_check
Sending KILL to remaining processes ... ntpd
Switching to ramdisk...
/lib/ld-musl-mipsel.so.1: /sbin/snapshot: Not a valid dynamic program
Performing system upgrade...
Unlocking firmware ...
Writing from to firmware ...
Upgrade completed
Rebooting system...
so…
unable to change firmware to latest openwrt, and now can neither upgrade the TP-Link firmware neither! all upgrade fails in browser, and all upgrade via cli neither good!
device is now stuck with firmware version 2.0.1 from TP-Link
Also the web page loads now as WVR450G instead of ER605!!
This seems to be a chineese only device, are chineese dev doing wrong file definition in openwrt firmwares?
can I still safely use this device? NON upgradable, neither can I restored my configs unless manually!
Device bricked, only port 5 working.
help most welcome if anyone got a solution for me please.
thank you
Hey, just installed on mvebu-cortexa9-cznic_turris-omnia via custom image builder w/ a bunch of the less popular packages (e.g., chrony, gpsd, dump1090, lxc containers, etc) and ran it on my primary router for a day. The good news is that it runs as well as 22.03, which is also the bad news. Basically I suffer from a few of the iptables incompatibility issues w/ fwknopd, mwan3, and pbr (the latter two documented in Implementing policy routing in (or compatible with) mwan3) so I reverted to 21.02.
Also perhaps of interest is I recently acquired a mt7922 WiFi6 card (using the mt7921e driver). In 21.02 it doesn't have AP support but in 23.05 iw recognizes its features and LuCi will try to configure it as an AP w/ a 6GHz option. Unfortunately I suspect the driver is still not up to the task as the card eventually hangs as an AP with various options that ought to work, and badly enough that a reboot won't fix it -- it needs power cycled.