When I perform System - Software - update lists, I get the following message (only part of the whole messages):
"Failed to send request: Operation not permitted.
Collected errors:
Can you be more specific which device has the issue?
Then run the following:
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; uci export mwan3; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
root@OpenWrt:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; uci export mwan3; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
{
"kernel": "4.14.215",
"hostname": "OpenWrt",
"system": "AMD GX-412TC SOC",
"model": "PC Engines APU3",
"board_name": "pc-engines-apu3",
"release": {
"distribution": "OpenWrt",
"version": "19.07.6",
"revision": "r11278-8055e38794",
"target": "x86/64",
"description": "OpenWrt 19.07.6 r11278-8055e38794"
}
}
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda6:7a60:1ac5::/48'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ifname 'eth1'
option ipv6 '0'
list dns '8.8.8.8'
config interface 'wan'
option ifname 'eth2'
option proto 'dhcp'
option metric '10'
list dns '8.8.8.8'
list dns '8.8.4.4'
option peerdns '0'
option ipv6 '0'
config interface 'wanb'
option ifname 'eth0'
option proto 'dhcp'
option metric '30'
list dns '8.8.8.8'
list dns '8.8.4.4'
option peerdns '0'
option ipv6 '0'
config interface 'wwan'
option proto 'qmi'
option username 'mobitel'
option apn 'internet'
option device '/dev/cdc-wdm0'
option pdptype 'ipv4'
option password 'internet'
option auth 'both'
option metric '20'
list dns '8.8.8.8'
list dns '8.8.4.4'
option peerdns '0'
option ipv6 '0'
uci: Entry not found
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
list server '8.8.8.8'
list server '8.8.4.4'
list server '208.67.222.222'
list server '208.67.220.220'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option mac 'E4:C3:2A:94:C3:04'
option dns '1'
option name 'tp-link-pwr'
option ip '192.168.1.3'
config host
option mac '60:45:CB:5B:E4:D0'
option name 'asus-ap'
option dns '1'
option ip '192.168.1.2'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'WWAN wan wanb wwan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
package mwan3
config globals 'globals'
option mmx_mask '0x3F00'
option logging '1'
option loglevel 'warning'
option rtmon_interval '5'
config interface 'wan'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option reliability '2'
option family 'ipv4'
option initial_state 'online'
option track_method 'ping'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '8'
option enabled '1'
config interface 'wanb'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option reliability '2'
option family 'ipv4'
option initial_state 'online'
option track_method 'ping'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '8'
option enabled '1'
config interface 'wwan'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
list track_ip '208.67.222.222'
list track_ip '208.67.220.220'
option reliability '2'
option family 'ipv4'
option initial_state 'online'
option track_method 'ping'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '8'
option enabled '1'
config member 'wan_m1_w6'
option interface 'wan'
option metric '1'
option weight '6'
config member 'wan_m2_w6'
option interface 'wan'
option metric '2'
option weight '6'
config member 'wanb_m1_w1'
option interface 'wanb'
option metric '1'
option weight '1'
config member 'wanb_m2_w1'
option interface 'wanb'
option metric '2'
option weight '1'
config member 'wwan_m1_w3'
option metric '1'
option weight '3'
option interface 'wwan'
config member 'wwan_m2_w3'
option metric '2'
option weight '3'
option interface 'wwan'
config policy 'wan_only'
list use_member 'wan_m1_w6'
config policy 'wanb_only'
list use_member 'wanb_m1_w1'
option last_resort 'unreachable'
config policy 'wwan_only'
list use_member 'wwan_m1_w3'
config policy 'balanced'
list use_member 'wan_m1_w6'
list use_member 'wanb_m1_w1'
list use_member 'wwan_m1_w3'
config policy 'wan_wwan'
list use_member 'wan_m1_w6'
list use_member 'wwan_m1_w3'
list use_member 'wanb_m2_w1'
config policy 'wanb_wwan'
list use_member 'wan_m2_w6'
list use_member 'wanb_m1_w1'
list use_member 'wwan_m1_w3'
option last_resort 'unreachable'
config rule 'https'
option sticky '1'
option dest_port '443'
option proto 'tcp'
option use_policy 'balanced'
config rule 'default_rule_v4'
option dest_ip '0.0.0.0/0'
option family 'ipv4'
option use_policy 'balanced'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.64.104/24 brd 192.168.64.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 84.41.84.20/24 brd 84.41.84.255 scope global eth2
valid_lft forever preferred_lft forever
5: wwan0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
inet 100.83.108.5/30 brd 100.83.108.7 scope global wwan0
valid_lft forever preferred_lft forever
default via 84.41.84.1 dev eth2 table 1 metric 10
84.41.84.0/24 dev eth2 table 1 proto static scope link metric 10
100.83.108.4/30 dev wwan0 table 1 proto static scope link metric 20
192.168.1.0/24 dev eth1 table 1 proto kernel scope link src 192.168.1.1
192.168.64.0/24 dev eth0 table 1 proto static scope link metric 30
default via 192.168.64.1 dev eth0 table 2 metric 30
84.41.84.0/24 dev eth2 table 2 proto static scope link metric 10
100.83.108.4/30 dev wwan0 table 2 proto static scope link metric 20
192.168.1.0/24 dev eth1 table 2 proto kernel scope link src 192.168.1.1
192.168.64.0/24 dev eth0 table 2 proto static scope link metric 30
default via 100.83.108.6 dev wwan0 table 3 metric 20
84.41.84.0/24 dev eth2 table 3 proto static scope link metric 10
100.83.108.4/30 dev wwan0 table 3 proto static scope link metric 20
192.168.1.0/24 dev eth1 table 3 proto kernel scope link src 192.168.1.1
192.168.64.0/24 dev eth0 table 3 proto static scope link metric 30
default via 84.41.84.1 dev eth2 proto static src 84.41.84.20 metric 10
default via 100.83.108.6 dev wwan0 proto static src 100.83.108.5 metric 20
default via 192.168.64.1 dev eth0 proto static src 192.168.64.104 metric 30
84.41.84.0/24 dev eth2 proto static scope link metric 10
100.83.108.4/30 dev wwan0 proto static scope link metric 20
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
192.168.64.0/24 dev eth0 proto static scope link metric 30
broadcast 84.41.84.0 dev eth2 table local proto kernel scope link src 84.41.84.20
local 84.41.84.20 dev eth2 table local proto kernel scope host src 84.41.84.20
broadcast 84.41.84.255 dev eth2 table local proto kernel scope link src 84.41.84.20
broadcast 100.83.108.4 dev wwan0 table local proto kernel scope link src 100.83.108.5
local 100.83.108.5 dev wwan0 table local proto kernel scope host src 100.83.108.5
broadcast 100.83.108.7 dev wwan0 table local proto kernel scope link src 100.83.108.5
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev eth1 table local proto kernel scope link src 192.168.1.1
local 192.168.1.1 dev eth1 table local proto kernel scope host src 192.168.1.1
broadcast 192.168.1.255 dev eth1 table local proto kernel scope link src 192.168.1.1
broadcast 192.168.64.0 dev eth0 table local proto kernel scope link src 192.168.64.104
local 192.168.64.104 dev eth0 table local proto kernel scope host src 192.168.64.104
broadcast 192.168.64.255 dev eth0 table local proto kernel scope link src 192.168.64.104
0: from all lookup local
1001: from all iif eth2 lookup 1
1002: from all iif eth0 lookup 2
1003: from all iif wwan0 lookup 3
2001: from all fwmark 0x100/0x3f00 lookup 1
2002: from all fwmark 0x200/0x3f00 lookup 2
2003: from all fwmark 0x300/0x3f00 lookup 3
2061: from all fwmark 0x3d00/0x3f00 blackhole
2062: from all fwmark 0x3e00/0x3f00 unreachable
32766: from all lookup main
32767: from all lookup default
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx 1 root root 16 Jan 19 14:10 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 Feb 12 12:20 /tmp/resolv.conf
-rw-r--r-- 1 root root 218 Feb 12 12:07 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 8.8.8.8
# Interface wan
nameserver 8.8.8.8
nameserver 8.8.4.4
# Interface wwan
nameserver 8.8.8.8
nameserver 8.8.4.4
# Interface wwan_4
# Interface wanb
nameserver 8.8.8.8
nameserver 8.8.4.4
head: /tmp/resolv.*/*: No such file or directory
Update: I have disabled two of three interfaces (wanb/eth0, wwan/wwan0) and discovered that update works if only wan and wanb interfaces are up. I must debug what is wrong when wwan0 is up (this is LTE data connection)
After yesterday's finding that disabling wwan interface was a temporary solution, I found what permanent solution was.
I had to add a static route for interface wwan since DHCP on LTE modem creates a virtual interface and route is bound to that virtual interface. For mwan3 to work, you cannot use that virtual interface, but physical one and that interface does not have the default route.