Problem with opkg update, but clients & diagnostic is OK

Installing and Using OpenWrt
1

I probably made some configuration error, but I can't figure out where and how to fix it. Clients can access internet, but I can't use opkg update:

root@OpenWrt:~# ping openwrt.org
PING openwrt.org (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=53 time=32.725 ms
64 bytes from 139.59.209.225: seq=1 ttl=53 time=31.736 ms
64 bytes from 139.59.209.225: seq=2 ttl=53 time=32.179 ms
^C
--- openwrt.org ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 31.736/32.213/32.725 ms
root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=123 time=8.017 ms
64 bytes from 8.8.8.8: seq=1 ttl=123 time=8.136 ms
64 bytes from 8.8.8.8: seq=2 ttl=123 time=8.146 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 8.017/8.099/8.146 ms
root@OpenWrt:~# opkg update
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/ar71xx/generic/packages/Packages.gz
Failed to establish connection
*** Failed to download the package list from http://downloads.openwrt.org/releases/18.06.1/targets/ar71xx/generic/packages/Packages.gz

Downloading http://downloads.openwrt.org/releases/18.06.1/packages/mips_24kc/base/Packages.gz
Failed to establish connection
*** Failed to download the package list from http://downloads.openwrt.org/releases/18.06.1/packages/mips_24kc/base/Packages.gz
[..]
root@OpenWrt:~# traceroute  downloads.lede-project.org
traceroute to downloads.lede-project.org (148.251.78.235), 30 hops max, 38 byte packets
 1  192.168.0.1 (192.168.0.1)  0.999 ms  0.770 ms  0.825 ms
 2  10.8.14.1 (10.8.14.1)  7.675 ms  7.539 ms  7.424 ms
 3  89.19.64.90 (89.19.64.90)  7.555 ms  7.654 ms  7.661 ms
 4  ae4-111-ucr1.dub.cw.net (195.2.7.125)  7.990 ms  7.862 ms  8.073 ms
 5  ae5-xcr1.duc.cw.net (195.2.21.1)  8.995 ms  9.324 ms  9.112 ms
 6  ldn-b4-link.telia.net (62.115.61.190)  16.818 ms  19.873 ms  ae18-xcr1.hex.cw.net (195.2.8.94)  17.576 ms
 7  ldn-b4-link.telia.net (62.115.61.190)  24.726 ms  ldn-bb4-link.telia.net (62.115.134.138)  16.122 ms  17.482 ms
 8  ldn-bb4-link.telia.net (62.115.134.138)  17.725 ms  ldn-bb3-link.telia.net (62.115.134.134)  19.498 ms  prs-bb3-link.telia.net (62.115.134.92)  24.079 ms
 9  ffm-bb4-link.telia.net (62.115.122.139)  31.383 ms  prs-bb3-link.telia.net (62.115.134.92)  23.898 ms  prs-bb4-link.telia.net (62.115.114.229)  23.612 ms
10  ffm-b4-link.telia.net (62.115.120.6)  32.401 ms  32.670 ms  ffm-bb3-link.telia.net (62.115.123.12)  32.034 ms
11  ffm-b4-link.telia.net (62.115.120.0)  32.450 ms  32.193 ms  32.154 ms
12  core24.fsn1.hetzner.com (213.239.224.253)  36.474 ms  core23.fsn1.hetzner.com (213.239.224.249)  36.361 ms  core24.fsn1.hetzner.com (213.239.224.253)  35.870 ms
13  ex9k2.dc11.fsn1.hetzner.com (213.239.229.10)  35.378 ms  core23.fsn1.hetzner.com (213.239.224.249)  38.067 ms  37.580 ms
14  static.235.78.251.148.clients.your-server.de (148.251.78.235)  36.895 ms  36.175 ms  ex9k2.dc11.fsn1.hetzner.com (213.239.229.10)  36.732 ms

My network architecture:
internet----ISP router (Vodefone Gigabox, 192.168.0.1)-----OpenWrt (192.168.0.2)----clients

I have 2 interfaces defined on OpenWrt: lan: 192.168.0.2 and wan 192.168.1.2
VLAN switched off, I can provide screenshots with all config pages if that's any help.

Any idea what to check? I already went through the connection troubleshooting [1]

[1] https://openwrt.org/docs/guide-quick-start/ts-internetconnectivity

2

I think these are vice versa, no?

Please post the output of the following (paste the whole line on the router):
cat /etc/config/network; cat /etc/config/firewall; cat/etc/config/dhcp ; ip -4 addr ; ip-4 ro ; ip -4 ru

3

3 posts were split to a new topic: Opkg update does not work after mesh installation

6

No, it's like that due to some problems (or lack of knowledge) with previous Virginmedia router.

root@OpenWrt:~# cat /etc/config/network; cat /etc/config/firewall; cat/etc/config/dhcp ; ip -4 addr ; ip-4 ro ; ip -4 ru

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdee:712a:7df8::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option defaultroute '1'
	option gateway '192.168.0.1'
	option broadcast '192.168.0.255'
	option dns '208.67.220.220 208.67.222.222'
	option ifname 'eth0.1'
	option ipaddr '192.168.0.2'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan4k '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 4 5t'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'static'
	option ipaddr '192.168.1.2'
	option netmask '255.255.255.0'
	option gateway '192.168.0.1'
	option broadcast '192.168.1.255'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 5t'


config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option network 'lan'
	option forward 'REJECT'

config zone
	option name 'wan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan'
	option forward 'REJECT'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option proto 'tcp udp'
	option name 'wifi bulbs'
	option src 'lan'
	option target 'DROP'
	option src_ip '192.168.0.90'
	option dest 'wan'

config forwarding
	option dest 'lan'
	option src 'wan'

config forwarding
	option dest 'wan'
	option src 'lan'

-ash: cat/etc/config/dhcp: not found
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
20: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.0.2/24 brd 192.168.0.255 scope global br-lan
       valid_lft forever preferred_lft forever
25: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0.2
       valid_lft forever preferred_lft forever
-ash: ip-4: not found
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default
7

My ISP doesn't support ipv6 :crazy_face:
Vodafone Gigabox specifications [1].

IPv6 (Internet Protocol version 6) 	No

[1] https://deviceguides.vodafone.ie/vodafone/gigabox-windows-10/specifications/

8

Did you check the DNS addressing?
nslookup downloads.openwrt.org

It may well be that your looks looks like it has ipv6 semi.configured, but there is no router and in reality your wan does not have ipv6.

(and note that you have "ip6assign 60" option in your network config.)

1 Like
9

Your LAN is 192.168.0.0/24 (IP=192.168.0.2)
Your WAN is 192.168.1.0/24 (IP=192.168.1.2)

and your ISP Router is 192.168.0.1 , the same subnet as your LAN.

Your WAN and LAN subnet should be swapped.

Your WAN should be on the same subnet as the ISP Router 192.168.0.0/24 with IP=192.168.0.2
Your LAN then can use subnet 192.168.1.0/24 and IP=192.168.1.2

I hope that is clear

4 Likes
10

It's clear - thank you! I have wifi clients on both routers - it it going to work?

11

The clients on different router won't see each other unless you setup static routes between the routers. Adjust the firewall rules on the second router and disable masquerading on the second router.

Alternatively you could configure the second router as a dumb AP

1 Like
12

Thanks again!

13

Do you need that? I mean can one router cover the area? (OpenWrt router if it's of decent specs).

14

I use an old TP-Link TL-WR1043N/ND v1 as a wifi extension/lan router, but it's due an replacement soon (Turris Omnia anyone?). I think I can configure the ISP router to serve all wifi clients and use OpenWrt to work as lan switch.

Thank you very much for help again!

15

I don't know about the particular ISP router you have, but often ISP-supplied router and less capable and sometimes not that secure (e.g. running firmware that's based on outdated kernel).

Ideal scenario would be to have the ISP router in bridge mode, and do everything else on the OpenWrt router. But then again that's not always the case

1 Like
16

Thankg again for the help - I have turris omnia up & running using the settings recommended by @mbo2o

P.S. Is it OK to ask on openwrt forum questions related to the turris omnia system?

1 Like
17

Well, that certainly look like a powerful router, and with it being opensource, I would expect it to have up-to-date firmware.

P.S. you could mention people by adding "@" before their username, like this @PrzemoF rather than linking their page.

Well, generally unless the question has something to do with OpenWrt, it would be irrelevant, plus users here might not know about the specifics of the firmware you are using.

People here could be kind enough to get out of their way to provide help, but ideally question related to a different firmware is better asked and answered at its forum or technical support.

2 Likes
18

Thank you! :blush: I fixed the previous post

OK, that's what I see in the system overview: OpenWrt omnia 15.05 r47055 / LuCI 96366054565006474c39e02dca00c9d45dcb9e15 branch (git-18.328.59464-9636605) I hope it's close enough to "vanilla" OpenWrt to make my questions relevant :slightly_smiling_face:

1 Like
19

Well, it's based on OpenWrt, but they certainly have made changes, so what applies to OpenWrt doesn't necessarily apply to their fork, and vice versa. For the success of any project, including a fork of an open source software, they should support it.

Anyway, you could post the question and see if people are able to help.

Could you type the following at SSH and see what you get

uname -r
1 Like
20

or better

unmae -a
21

@Hegabo:

root@turris:~# uname -a
Linux turris 4.4.176-7bc33afbb1b35f5830b2b1b42c9cd8a0-0 #1 SMP Tue Mar 19 22:52:38 CET 2019 armv7l GNU/Linux
22

I see.

It appears they are using version number different than OpenWrt, which made me thinking they were using an ancient release of OpenWrt based on outdated Kernel.

Though, they are a bit behind in the kernel they are using. Using Kernel form January 2016 for a build made in March 2019 doesn't make much sense to me to be honest, particularity for open source hardware, but maybe they have their reasons.