OPKG Fails (wget returned 4, DNS Issue)

Hello forum, posting here to try to get some help and also learn more about networking in general in the process. I have setup my x86-64 OpenWRT router behind my fiber gateway without issue, and then I directed OpenWRT to honor the DHCP and DNS server I'm running on my LAN behind the OpenWRT (DHCP and DNS server is a pi-hole + unbound setup).

OPKG now behaves like this:

root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/23.05.3/targets/x86/64/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.3/targets/x86/64/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/base/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/base/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/luci/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/luci/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/routing/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/routing/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/telephony/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.3/targets/x86/64/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/base/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/luci/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/routing/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.3/packages/x86_64/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

The problem is, I'm fairly sure, that I have set up DNS resolution on the LAN side to be as follows:

image
(The 192.168.1.100 address is my pihole/unbound server)

I'd like to continue using my pihole server for DHCP and DNS, but unfortunately it seems to mean that I can't use opkg for udpates... nor does any DNS query done by the OpenWRT LuCi diagnostic page work. Is there a way I can ask OpenWRT to please use the same DNS server as the rest of my LAN?

Set Network/dns+dhcp/forward pihole as a forwarder.

OK, I had time to try that:

Unfortunately I have no change in behavior for opkg; exact same behavior via LuCi and from cli.

can you send the output of
nslookup one.one.one.one
nslookup one.one.one.one 1.1.1.1
ping 1.1.1.1
ping 192.168.1.100

nmap 192.168.1.100 ( if nmap is not installed on openwrt then try this command on terminal of pc connected to the same network)

Is the pihole running other than port 53?
Try to type the dns address as
<ip-address-of-pi-hole-server>#<port>

Thanks for taking a look!

Looks like the resolver is not configured well in openwrt.

Try this

echo search lan >> /etc/custom_dns.conf
echo nameserver 192.168.1.100 >> /etc/custom_dns.conf

And then edit the /etc/config/dhcp
nano /etc/config/dhcp
under the config dnsmasq replace the existing resolvfile option with '/etc/custom_dns.conf'

service dnsmasq restart
nslookup one.one.one.one

The output of nslookup should contain the server 192.168.1.100
To confirm log in pihole and then nslookup from openwrt and then see if it is requesting to pi hole.

before I do that, are there equivalent instructions in LuCi? I like to leave behind a trail for users of the web GUI if possible.

https://openwrt.org/docs/guide-user/base-system/dhcp_configuration

I think configuring through luci is not effective enough. It might cause DNS forward to unexpected destination.

does not work, I think because dnsmasq is not running on my openwrt. As previously stated, DHCP and DNS are supposed to be handled on this network by the pihole system:

image

I am going to revert /etc/config/dhcp to its previous state until further notice.

Would be very reasonable to start and enable that dnsmasq, and learn to copy and paste text paragraphs before posting more.

1 Like

wait.

please type
cat /etc/config/dhcp
(after doing nano) and post it here

and also show the output of

cat /etc/custom_dns.conf

I have directed to handle the dns by pihole in the custom_dns.conf file

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option allservers '1'
        option dhcpleasemax '1'
        list server '192.168.1.100'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

and then

root@OpenWrt:~# cat /etc/custom_dns.conf
search lan
nameserver 192.168.1.100

If I understand correctly, then perhaps there is some other reason why it did not work when I directed /etc/config/dhcp to use your custom_dns.conf file?

When you start dnsmasq you get 2 DHCP servers on LAN

You have to edit the line
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

and replace it with

option resolvfile '/etc/custom_dns.conf'

and then restart the dnsmasq

*don't forget to save using ctrl +x then y and then enter key after editing in nano

It would be better if you search youtube for using nano command.

yes this was done. I reverted the change because I got that error. I'm quite familiar with nano so it was no problem for me.

isn't that a bad thing? I'd prefer to keep just the one DHCP server on my LAN...

I've simulated the command on my router. It worked for me. You have to ignore the no lease, failing error. And you have to restart the whole router before nslookup or opkg update. Again I am writing the sequence of commands-

rm /etc/custom_dns.conf

echo nameserver 192.168.1.100 >> /etc/custom_dns.conf

cp  /etc/config/dhcp   /etc/config/dhcp.backup

nano   /etc/config/dhcp

*replace the option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' with option resolvfile '/etc/custom_dns.conf'
be careful with the apostrophes(') and the slashes (/)
save the file properly.
double check with
cat /etc/config/dhcp

reboot

post these output:

logread | grep server


cat /etc/resolv.conf

I think you can do it easier:

I think you can just disable localuse and reboot.

uci set dhcp.@dnsmasq[0].localuse='0'
uci commit dhcp

Then reboot. During boot /tmp/resolv.conf will be linked to /tmp/resolv.conf.d/resolv.conf.auto, and /etc/init.d/dnsmasq will no longer re-write it with 127.0.0.1. but use the DNS server set e.g. 192.168.x.x

if this uci command works then the following command will do

rm /etc/resolv.conf

echo nameserver 192.168.1.100 >> /etc/resolv.conf

reboot

Yes you can, but you can also set the DNS server in the GUI on WAN or LAN interface it will end up there :slight_smile: