Pi4 with 22.03.1 unable to get package updates

I am trying to install a couple packages on my Pi4 with 22.03.1. I keep getting these errors:


Powered by LuCI openwrt-22.03 branch (git-22.245.77528-487e58a) / OpenWrt 22.03.1 r19777-2853b6d652
Executing package manager
Downloading https://downloads.openwrt.org/releases/22.03.1/targets/bcm27xx/bcm2711/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.1/targets/bcm27xx/bcm2711/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/base/Packages.gz

Downloading https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/luci/Packages.gz

Downloading https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/routing/Packages.gz

Downloading https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/telephony/Packages.gz
Errors
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.1/targets/bcm27xx/bcm2711/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/base/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/luci/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/packages/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/routing/Packages.gz, wget returned 5.
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/telephony/Packages.gz, wget returned 5.
The opkg update command failed with code 6.


Odd thing is I have 2 RT3200 as Access points and a Asus RT-AC53U. all of those can access and download the packages allowing me to update and install things.

Any suggestions on what I need to do to fi the Pi4 to get the packages? I can see them in a browser and the Pi4 is my router so I am lost as to next steps.

Thanks

How is the pi connected to the network? Did you connect it by Ethernet? And is the Ethernet port set up as lan with a static ip? If so, you need to include the gateway and dns in the config

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

EDIT: forgot to answer questions:

  • Connected VIS Ethernet (wired) directly from the Xfinity Modem ( Bridge mode) to a USB Enthernet. then Ethernet (Onboard to network)
    LAN Port is Static
# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdf8:36ee:bdcd::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.xxx.xxx'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth1'
	option peerdns '0'
	list dns '1.1.1.1'
	list dns '1.0.0.1'

config interface 'wan6'
	option proto 'dhcpv6'
	option device 'eth1'
	option reqaddress 'try'
	option peerdns '0'
	list dns '2606:4700:4700::1111'
	list dns '2606:4700:4700::1001'
	option reqprefix '60'

root@Pi4Wrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option channel 'auto'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Pi4Wrt'
	option encryption 'sae-mixed'
	option key 
	option disabled '1'

root@Pi4Wrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option port '53'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ra 'server'
	option dhcpv6 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'wan-local-wg'
	list proto 'udp'
	option src 'wan'
	option dest_port '51820'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'MInecraft'
	option src 'wan'
	option src_dport '25565-25575'
	option dest_ip 'xxx.xxx.xxx.xxx''

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'ChannelsDVR'
	option src 'wan'
	option src_dport '8089'
	option dest_ip 'xxx.xxx.xxx.xxx''

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Emby'
	option src 'wan'
	option src_dport '8096'
	option dest_ip 'xxx.xxx.xxx.xxx''

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '80'
	option dest_ip 'xxx.xxx.xxx.xxx''
	option name 'Nextcloud'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Nextcloud-443'
	option src 'wan'
	option src_dport '443'
	option dest_ip 'xxx.xxx.xxx.xxx''

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Homeassistant'
	option src 'wan'
	option src_dport '443'
	option dest_ip 'xxx.xxx.xxx.xxx''

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Plex-Atlantis'
	option src 'wan'
	option src_dport '32400'
	option dest_port '32400'
	option dest_ip 'xxx.xxx.xxx.xxx''

config zone
	option name 'wg'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'wg0'

config forwarding
	option src 'wg'
	option dest 'lan'

config forwarding
	option src 'wg'
	option dest 'wan'

config forwarding
	option src 'lan'
	option dest 'wg'

config rule
	option name 'port-443'
	option src 'wan'
	option dest_port '443'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Plex Odyssey'
	option src 'wan'
	option src_dport '32450'
	option dest_ip 'xxx.xxx.xxx.xxx''
	option dest_port '32400'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Plex-HA'
	option src 'wan'
	option src_dport '32400'
	option dest_ip 'xxx.xxx.xxx.xxx'
	option dest_port '32400'

Does your WAN on your Pi have an IP via DHCP? I would guess not if you're having these issues. You probably need to restart your modem (possibly several times) to ensure that it clears the previous MAC address association and learns the MAC address of your USB ethernet adapter -- otherwise you won't get connectivity.

There is no need to redact RFC1918 (private) addresses.

WAN IP is DCHP.
I will try restarting the Modem, as now that I think about it, when I swapped to the RPi4 I may not have cycled modem power. I will say everything else works, I am able to connect to internet to type this post, etc.

So if I understand correctly, this shouldn't cause issues with the other devices (RT3200 and Asus) that are connected to through the router to the internet, right?

I may not get to it tonight but will to the modem power cycle. that might explain why when I first tried the attendedsysupgrade in Luci I had an issue (don't recall details) but then it worked

If you have proper connectivity behind this device, then the modem restart should not be necessary.

Downstream devices should not affect the ability of the Pi itself to connect to the internet normally.

From the Pi, what are the results of a ping test to 8.8.8.8 and then google.com?

PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=116 time=11.371 ms
64 bytes from 8.8.8.8: seq=1 ttl=115 time=9.309 ms
64 bytes from 8.8.8.8: seq=2 ttl=115 time=12.416 ms
64 bytes from 8.8.8.8: seq=3 ttl=115 time=13.948 ms
64 bytes from 8.8.8.8: seq=4 ttl=115 time=8.650 ms
64 bytes from 8.8.8.8: seq=5 ttl=115 time=15.020 ms
64 bytes from 8.8.8.8: seq=6 ttl=115 time=8.863 ms
64 bytes from 8.8.8.8: seq=7 ttl=115 time=13.805 ms
64 bytes from 8.8.8.8: seq=8 ttl=115 time=9.188 ms
64 bytes from 8.8.8.8: seq=9 ttl=115 time=9.052 ms

PING google.com (2607:f8b0:4009:808::200e): 56 data bytes
64 bytes from 2607:f8b0:4009:808::200e: seq=0 ttl=116 time=11.772 ms
64 bytes from 2607:f8b0:4009:808::200e: seq=1 ttl=116 time=8.947 ms
64 bytes from 2607:f8b0:4009:808::200e: seq=2 ttl=116 time=10.402 ms
64 bytes from 2607:f8b0:4009:808::200e: seq=3 ttl=116 time=9.303 ms
64 bytes from 2607:f8b0:4009:808::200e: seq=4 ttl=116 time=10.344 ms
64 bytes from 2607:f8b0:4009:808::200e: seq=5 ttl=116 time=9.319 ms
64 bytes from 2607:f8b0:4009:808::200e: seq=6 ttl=116 time=9.782 ms

Like I said, Pi4 is my router, it works for everything, except updating packages list so I can install added packages. I believe worked prior to 22.03.1 and all my other devices behind this on the LAN work and can fetch the package list without issue

That does prove that the Pi is connected properly to the internet.

What about ping openwrt.org
and then
wget https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/packages/Packages.gz

PING openwrt.org (2a03:b0c0:3:d0::1af1:1): 56 data bytes
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=0 ttl=40 time=120.944 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=1 ttl=40 time=117.931 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=2 ttl=40 time=119.887 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=3 ttl=40 time=118.262 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=4 ttl=40 time=117.531 ms
64 bytes from 2a03:b0c0:3:d0::1af1:1: seq=5 ttl=40 time=118.120 ms
^C
--- openwrt.org ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 117.531/118.779/120.944 ms

root@Pi4Wrt:~# wget https://downloads.openwrt.org/releases/22.03.1/packages/aarc
h64_cortex-a72/packages/Packages.gz
Downloading 'https://downloads.openwrt.org/releases/22.03.1/packages/aarch64_cortex-a72/packages/Packages.gz'
Connecting to 2a01:4f8:251:321::2:443
Connection error: Invalid SSL certificate
root@Pi4Wrt:~# 

So how do I fix the SSL certificate?

I don't know how to fix that particular issue... hopefully someone else can chime in for that. I wonder if it would work with IPv4. You could stop the IPv6 wan interface and that should theoretically make it use on IPv4.

I've had the same thing... intermittently.
If you go into the opkg tab and change all the https to http, it resolves. But, that fix does not survive upgrades. So if you do a firmware upgrade, you may need to re-edit those headers.

Yeah Thanks all for your help. I have to wonder if it was something I broke.. I did this:

root@Pi4Wrt:~# opkg update --no-check-certificate

then reinstalled a package I removed as I couldn't access it ( adguardhome) and now it all seems to work

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.