Opkg_download: Failed to download after adguard install

oneil4 · July 11, 2021, 1:11pm

hi, sorry for my translation, i'm french.

actualy use openwrt whit other router openwrt connected on "public hotspot"

"SFR WiFi FON ==wifi ==> router tplink barriere breaker ==rj45==> Linksys Ea8300 with OpenWrt 21.02.0-rc3 === RJ45 ==> desktop

At the first install, i updtates packtages and install ADGUARD HOME, little config for juste ready to use ( but work actualy )

my adresse for accès on adguard config is 10.0.0.2:8080
and use 53 or 5353 for other adresse ( i don't know why to use, sorry i'm beginer )

now, internet worked "normaly" on my desktop but, i have error whit opkg updtate...

i attache my config :

DHCP :


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option cachesize '1000'
	option noresolv '1'
	option port '5353'
	list server '10.0.0.2'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv4 'server'
	option start '80'
	option limit '20'
	option leasetime '24h'
	list ra_flags 'none'
	list dhcp_option '6,10.0.0.2'
	list dhcp_option '3,10.0.0.2'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

FIREWALL :


config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

NETWORK :


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.0.0.2'
	option ipv6 0

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option peerdns '0'
	option ipv6 0

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 0'

adguardhome.yaml

bind_host: 10.0.0.2
bind_port: 8080
users:
- name: root
  password: $2a$10$t4DssjcCYNAtTcAMo3Jjqe2bniRbZtKEMc0NWauVOpbz6KDad.ftm
http_proxy: ""
language: ""
rlimit_nofile: 0
debug_pprof: false
web_session_ttl: 720
dns:
  bind_host: 10.0.0.2
  port: 53
  statistics_interval: 1
  querylog_enabled: true
  querylog_file_enabled: true
  querylog_interval: 1
  querylog_size_memory: 1000
  anonymize_client_ip: false
  protection_enabled: true
  blocking_mode: default
  blocking_ipv4: ""
  blocking_ipv6: ""
  blocked_response_ttl: 10
  parental_block_host: family-block.dns.adguard.com
  safebrowsing_block_host: standard-block.dns.adguard.com
  ratelimit: 20
  ratelimit_whitelist: []
  refuse_any: true
  upstream_dns:
  - https://dns10.quad9.net/dns-query
  upstream_dns_file: ""
  bootstrap_dns:
  - 9.9.9.10
  - 149.112.112.10
  - 2620:fe::10
  - 2620:fe::fe:10
  all_servers: false
  fastest_addr: false
  allowed_clients: []
  disallowed_clients: []
  blocked_hosts:
  - version.bind
  - id.server
  - hostname.bind
  cache_size: 4194304
  cache_ttl_min: 0
  cache_ttl_max: 0
  bogus_nxdomain: []
  aaaa_disabled: false
  enable_dnssec: false
  edns_client_subnet: false
  max_goroutines: 300
  ipset: []
  filtering_enabled: true
  filters_update_interval: 24
  parental_enabled: false
  safesearch_enabled: false
  safebrowsing_enabled: false
  safebrowsing_cache_size: 1048576
  safesearch_cache_size: 1048576
  parental_cache_size: 1048576
  cache_time: 30
  rewrites: []
  blocked_services: []
tls:
  enabled: false
  server_name: ""
  force_https: false
  port_https: 443
  port_dns_over_tls: 853
  port_dns_over_quic: 784
  allow_unencrypted_doh: false
  strict_sni_check: false
  certificate_chain: ""
  private_key: ""
  certificate_path: ""
  private_key_path: ""
filters:
- enabled: true
  url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
  name: AdGuard DNS filter
  id: 1
- enabled: false
  url: https://adaway.org/hosts.txt
  name: AdAway Default Blocklist
  id: 2
- enabled: false
  url: https://www.malwaredomainlist.com/hostslist/hosts.txt
  name: MalwareDomainList.com Hosts List
  id: 4
whitelist_filters: []
user_rules: []
dhcp:
  enabled: false
  interface_name: ""
  dhcpv4:
    gateway_ip: ""
    subnet_mask: ""
    range_start: ""
    range_end: ""
    lease_duration: 86400
    icmp_timeout_msec: 1000
    options: []
  dhcpv6:
    range_start: ""
    lease_duration: 86400
    ra_slaac_only: false
    ra_allow_slaac: false
clients: []
log_compress: false
log_localtime: false
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_file: ""
verbose: false
schema_version: 7

the finality for me, use only modem and plug router by RJ45 and use.

thank for your help

oneil4 · July 11, 2021, 1:32pm

if you need, i have open my first backup work ( on right ) for compare whit not worked ( left )

if you found, if the problem is here ...

IanC · July 11, 2021, 3:41pm

What do you see if you do an opkg update? Do the server names resolve? Try the three network tests in the LUCI UI as well.

Why do you still have an old Barrier Breaker device in the mix?

oneil4 · July 11, 2021, 3:59pm

on the ea8300, the 3 test fail ....
but on the tplink, just ping fail ( is normal on my strange connection, explain after )

and actualy, my internet connect is good by the RJ45 plugged on my EA8300.

i try to you explain why i have old tplink on my network :

I connect on a public network, with a script in SH to connect (a bit like travelmat similar package).

The connection I use has become unstable.

I have started a real internet connection (orange internet provider), it is not yet active.

so i'm reconfiguring my EA8300 router to be ready to use when i get the hardware, and that means having a simmilar configuration.

that's why i use a "wan" with an old router.

currently, my message that I post goes through :

my pc, the EA8300 router, the TPlink, public hotspot.

So, the EA8300 does pass through the connection, but still does not update the packets

oneil4 · July 11, 2021, 4:08pm

for easy compréhensive my configuration hardware.

actual situation working for me .. and you reply why the actual situation, but opkg update not working

IanC · July 11, 2021, 5:07pm

I had similar on a "dumb AP" that has a wired connection back to my WAN router. It had no way to know how to access the outside world until I added these to the config (where 19.168.0.6 is the LAN address on the device that also has WAN):

        option gateway '192.168.0.6'
        option dns '192.168.0.6'

Could it be the same for you? Maybe tell us what IP addresses are used where. Is the BB device 10.0.0.1? Have you got the same netmask everywhere - I've had problems when confusing my /24 and /16 networks?

oneil4 · July 11, 2021, 5:35pm

progressing :

i have flash whit sysupgrade.bin
on the first boot, opkg work

after restaure my backup, opkg work ( i have installed ADG )
after install the script for adguard, don't work

#!/bin/sh
# Switch to Adguard setup

opkg install adguardhome ca-certificates ca-bundle 

uci set dhcp.@dnsmasq[0].cachesize='1000'
uci set dhcp.@dnsmasq[0].noresolv='1'
uci set dhcp.@dnsmasq[0].server='192.168.1.1'
uci set dhcp.@dnsmasq[0].port='5353'
uci add_list dhcp.lan.dhcp_option='6,192.168.1.1' 
uci add_list dhcp.lan.dhcp_option='3,192.168.1.1' 
uci set dhcp.lan.leasetime='24h' 
uci set network.wan.peerdns='0' 

uci commit dhcp
uci commit network
# Save changes

# Restart network + dnsmasq service to reflect changes
/etc/init.d/network restart
/etc/init.d/dnsmasq restart

echo 'Goto http://192.168.1.1:3000 and install AdGuard.'

i have adapted for change ip for my device ( 10.0.0.2 ) ...

go reflash sysupgrade for fresh install

now i have installed ADG whit opkg and not lunch script.
adg not work because i don't execute the script.

the problem is the script ( i think )

now step by step, apply all parameter under the script for found the problem ....

16F84 · July 11, 2021, 6:14pm

Sidenote:

I'm using 21.02.0 rc3 factory on the EA8300 (works great)
but when you restore from an older backup (19.07.7 save) to 21.02.0 rc3 (factory) on the EA8300, it does not load the packages that you had installed as far as I have tested.
So you have to know which packages you had installed for the backup to possibly work. Or just factory reset and redo from scratch as this is often a source of problems - and then make a backup of the new configuration under 21.02.0.rc3.
opkg often doesn't like sitting behind 2-3 NAT, try to direct connect the router that won't opkg update for better results.

oneil4 · July 11, 2021, 6:34pm

ok so

i have soled my problem, i describe step by step how to

1 / flash sysugrade for new config
2 / restore my old backup whit no adguard installed
3 / go to software and opkg updtate and install adguard
4 / go to iprouter:3000 and proced to install
( for me 10.0.0.2:8080 interface lan / 10.0.0.2:5335 interface lan )

my problem solved after :

6 / don't use the script sh found on adguard topic
7 / go on /luci/admin/network/dhcp
8 / on DNS forwardings, add 10.0.0.2#5335 ( now i know is possible use # and not " : " )
9 / go to luci/admin/network/firewall/custom
10/ add

iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j DNAT --to 10.0.0.2:5335
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j DNAT --to 10.0.0.2:5335

adapte 10.0.0.2 for you router ip ..

now worked, and opkg update worked again.

erdoukki · July 11, 2021, 6:52pm

it is normal...
You can backup (before flash) and restore them (after a flash) with : https://openwrt.org/docs/guide-user/advanced/opkg_extras

16F84 · July 11, 2021, 6:56pm

Hey thanks. I'm still pretty new but my configs are starting to get complex enough to warrant this.

system · July 21, 2021, 6:57pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.