Rpi4 < $(community_build)

neil1 · December 12, 2020, 7:20pm

i think issue is because of dns https proxy not working properly.
i ran opkg update command after updating and i got these errors

opkg update
Downloading https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/core/Packages.gz
*** Failed to download the package list from https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/core/Packages.gz

Downloading https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/base/Packages.gz
*** Failed to download the package list from https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/base/Packages.gz

Downloading https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/luci/Packages.gz
*** Failed to download the package list from https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/luci/Packages.gz

Downloading https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/kmods/5.4.82-1-9c8ae92a7cae5c0da821e5ef6f3edb59/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/kmods/5.4.82-1-9c8ae92a7cae5c0da821e5ef6f3edb59/Packages.gz

Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/freifunk/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/freifunk/Packages.gz

Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/packages/Packages.gz

Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/routing/Packages.gz

Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/core/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/base/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://github.com/wulfy23/rpi4-opkg/raw/master/r15199-5d2b577a53/luci/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/snapshots/targets/bcm27xx/bcm2711/kmods/5.4.82-1-9c8ae92a7cae5c0da821e5ef6f3edb59/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/freifunk/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/routing/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a72/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

then i manually started the dns proxy over https from luci

anon50098793 · December 12, 2020, 7:23pm

that makes sense... must be a timing thing... maybe with ppp + ntp... needs some more time...

if you have not rebooted yet...

dmesg | grep checkinternet

this is what mine says;

[root@dca632 /usbstick 42°]# dmesg | grep checkinternet
[   55.449430] checkinternet.sh> checkinternet firstboot [init]
[   55.475762] checkinternet.sh> getting gw> attempts remaining: 5 every 3
[   55.517909] checkinternet.sh> gw-v4> [ok]
[   55.561313] checkinternet.sh> gw-v6> [ok]
[   55.594743] checkinternet.sh> checking internet connection
[   55.913266] checkinternet.sh>  dns-ping downloads.openwrt.org [ok]
[   55.951026] checkinternet.sh> opkg-update...
[   66.112262] checkinternet.sh> opkg-check[ok]
[   66.146157] checkinternet.sh> result:0  wanaddr-ok dnsping-ok[1] opkg-check[ok]
[   66.171357] restorepackages.sh> /bin/checkinternet.sh checkopkg firstboot [ok] .internetok ok

probably failed... otherwise we'll check it next time... you can also just run...

ssh root@IP opkg update
ssh root@IP /autorestore.sh

when it's back online...

neil1 · December 12, 2020, 7:33pm

yes not rebooted so far

 dmesg | grep checkinternet
[   51.976454] checkinternet.sh> checkinternet firstboot [init]
[   51.998002] checkinternet.sh> getting gw> attempts remaining: 5 every 3
[   52.039785] checkinternet.sh> gw-v4> [ok]
[   52.086317] checkinternet.sh> no wan gw
[  121.922232] checkinternet.sh> checkinternet firstboot [init]
[  121.948622] checkinternet.sh> getting gw> attempts remaining: 5 every 3
[  121.998481] checkinternet.sh> gw-v4> [ok]
[  122.047501] checkinternet.sh> no wan gw

if i remeber correctly, i read somewhere
adblock will not work with dns over https proxy.
adblock was in running condition and dns over https was stopped
Thats why i started using simple ad block.
I think there is conflict between these two.

anon50098793 · December 12, 2020, 7:35pm

hmmm... that looks a bit buggy... I will check it out... and add a bit more delay... for next time... thanks again for the valuable input...

anon50098793 · December 12, 2020, 7:49pm

yeah your probably right... lemme think about it a little...

have you setup ENABLEDSERVICES="https-dns-proxy" (or whatever the service name is)?

( LUCI > Services > banip > advanced > wrt.ini )

[root@dca632 /usbstick 41°]#     dmesg | grep '15\-'

[   11.367442] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
[   22.353438] 15-services> odhcpd stop [bug]
[   22.407378] 15-services> mwan3 lock workaround
[   22.436178] 15-services> > disabling default services .............
[   22.457340] 15-services> Stopping and disabling irqbalance
[   22.532695] 15-services> Stopping and disabling open-iscsi
[   22.581889] 15-services> Stopping and disabling vpn-policy-routing
[   22.673445] 15-services> Stopping and disabling quagga
[   22.762676] 15-services> Stopping and disabling darkstat
[   22.838254] 15-services> Stopping and disabling modemmanager
[   22.927941] 15-services> Stopping and disabling watchcat
[   22.976280] 15-services> Stopping and disabling ntop
[   23.027001] 15-services> Stopping and disabling alpine1
[   23.082160] 15-services> Stopping and disabling rssileds
[   23.133899] 15-services> Stopping and disabling pservice
[   23.211203] 15-services> Stopping and disabling netserver
[   23.261531] 15-services> Stopping and disabling atftpd
[   23.312408] 15-services> Stopping and disabling mwan3
[   23.512690] 15-services> Stopping and disabling acme
[   23.592665] 15-services> Stopping and disabling ddns
[   23.741245] 15-services> Stopping and disabling travelmate
[   23.848369] 15-services> Stopping and disabling dbus
[   23.890808] 15-services> Stopping and disabling adblock
[   24.088725] 15-services> Stopping and disabling banip
[   24.353312] 15-services> Stopping and disabling snmpd
[   24.424432] 15-services> Stopping and disabling atd
[   24.506059] 15-services> Stopping and disabling quagga
[   24.600322] 15-services> Stopping and disabling socat
[   24.671800] 15-services> > enabling default services .............
[   24.692172] 15-services> Starting and enabling collectd
[   24.741010] 15-services> Starting and enabling luci_statistics
[   24.788819] 15-services> Starting and enabling uhttpd
[   24.831853] 15-services> > ENABLEDSERVICES: sqm adblock [/root/wrt.ini] [enable+start]
[   24.854214] 15-services> Starting and enabling sqm
[   24.898207] 15-services> Starting and enabling adblock

neil1 · December 12, 2020, 9:34pm

no
i only have this in the wrti.ini

################################################################################### DEFAULT ENABLED/DISABLED OPTIONS

####################################################SAMPLEOPTIONSET
# ENABLEDSERVICES="sqm banip adblock"

neil1 · December 12, 2020, 9:36pm

dmesg | grep '15\-'
[    9.150063] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
[   17.537885] 15-services> odhcpd stop [bug]
[   17.590197] 15-services> mwan3 lock workaround
[   17.621617] 15-services> > disabling default services .............
[   17.642491] 15-services> Stopping and disabling irqbalance
[   17.717696] 15-services> Stopping and disabling open-iscsi
[   17.768170] 15-services> Stopping and disabling vpn-policy-routing
[   17.855422] 15-services> Stopping and disabling quagga
[   17.944141] 15-services> Stopping and disabling darkstat
[   18.031397] 15-services> Stopping and disabling modemmanager
[   18.120421] 15-services> Stopping and disabling watchcat
[   18.168920] 15-services> Stopping and disabling ntop
[   18.219698] 15-services> Stopping and disabling alpine1
[   18.267832] 15-services> Stopping and disabling rssileds
[   18.320066] 15-services> Stopping and disabling pservice
[   18.401328] 15-services> Stopping and disabling netserver
[   18.449329] 15-services> Stopping and disabling atftpd
[   18.498329] 15-services> Stopping and disabling mwan3
[   18.692457] 15-services> Stopping and disabling acme
[   18.763840] 15-services> Stopping and disabling ddns
[   18.905375] 15-services> Stopping and disabling travelmate
[   19.014056] 15-services> Stopping and disabling dbus
[   19.057526] 15-services> Stopping and disabling adblock
[   19.209585] 15-services> Stopping and disabling banip
[   19.465125] 15-services> Stopping and disabling snmpd
[   19.538364] 15-services> Stopping and disabling atd
[   19.612815] 15-services> Stopping and disabling quagga
[   19.700202] 15-services> Stopping and disabling socat
[   19.770792] 15-services> > enabling default services .............
[   19.796202] 15-services> Starting and enabling collectd
[   19.846960] 15-services> Starting and enabling luci_statistics
[   19.894458] 15-services> Starting and enabling uhttpd
[   19.939295] 15-services> > ENABLEDSERVICES:[/root/wrt.ini empty]

vampirexox · December 13, 2020, 7:22am

I can't see Switch tab inside Network, I want to put my PlayStation on DMZ and all the guides I come across online want me to create VLAN through Switch tab. Any way to workaround it?

Also, can I use DNS over HTTPS along with Adblock at the current state it is in?

anon50098793 · December 13, 2020, 7:26am

the pi behaves much like an x86... so there is no underlying switch topology...

one can;

add eth0.N and use a managed switch... ( or unmanaged if the client tags on the wire )
or use brctl/bridge to 'merge' two interfaces for true basic switch functionality... ( but in the case of DMZ... routed is generally better i.e a separate usbnic + switch )
in theory, one can also run a DMZ on a logically (alias/subinterface) separated L3 subnet over a shared L2 switched medium... but that kinda defeats the purpose of the DMZ... and with openwrt it can be tricky also...

if you dont have spare switches/nics laying around the 'advisable' option is to get a cheap managed switch ( 8 port but I generally upsize all my switches )

@neil1 is the authority on DoH + adblock... word is that simple-adblock should be used instead...

vampirexox · December 13, 2020, 7:48am

After installing simple-adblock, I enabled it and started the service & restarted my devicd but I'm not able to see it inside Services tab.

anon50098793 · December 13, 2020, 7:50am

did you install luci-app-simple-adblock?

vampirexox · December 13, 2020, 7:51am

Yes, it was installed & stopped by default. I enabled it since I wanted to use it, but it never worked. I have it disabled and stopped right now.

Update - Sorry, I misunderstood. luci-app-adblock was installed by default.

vampirexox · December 13, 2020, 8:00am

luci-app-simple-adblock isn't installed, but simple-adblock is.

vampirexox · December 13, 2020, 8:47am

I'm not able to find luci-app-simple-adblock from softwares, I followed the guide from https://docs.openwrt.melmac.net/simple-adblock/ but I'm not able to get it to install tho.

anon50098793 · December 13, 2020, 8:50am

LUCI > System > Software > click [update lists]
[in 'filter' box] > type 'luci-app-simple' > click [install] to the right of it...

( wait a minute... you installed a few days ago right?... I probably removed the repo due to security vulnerabilities...

if you are not running r15199...
go to 'configure opkg' remove the '#' next to the line that has luci in distfeeds.conf

and you can put a '#' in front of all the lines in 'customfeeds.conf'
)

dibdot · December 13, 2020, 8:55am

may I ask why?

anon50098793 · December 13, 2020, 8:58am

no idea... heard it through the grapevine... love to be enlightened... both the build users couldn't get adblock running with DoH... and I think i/they/someone said simple worked/better with it... which seems correct thusfar... ( personally don't run DoH so relying on feedback )

if I had to guess... looks like possibly the masq instance handling;

sourcesamples

#init.d/https...
		config_foreach dnsmasq_add_doh_server 'dnsmasq' "${listen_addr}" "${listen_port}"
	elif [ -n "$dnsmasqConfig" ]; then
		for i in $dnsmasqConfig; do
			dnsmasq_add_doh_server "@dnsmasq[${i}]" "${listen_addr}" "${listen_port}"

#init.d/simple
	if [ "$dnsInstance" = "*" ]; then
				config_foreach dnsmasqOps 'dnsmasq' "$targetDNS"
		elif [ -n "$dnsInstance" ]; then
			for i in $dnsInstance; do
				dnsmasqOps "@dnsmasq[$i]" "$targetDNS"
			done
		fi

????????

dibdot · December 13, 2020, 9:01am

than let's wait - thanks anyway!

neil1 · December 13, 2020, 9:39pm

hehehehe

i just followed the guide on their page

neil1 · December 13, 2020, 9:44pm

here is the link

neil1:

please add support for simple ad blocker it does support ad blocking even when you are using dns over https

github.com

openwrt/packages/blob/master/net/simple-adblock/files/README.md#how-to-use-dnsmasq-ipset

# Simple AdBlock

[![HitCount](http://hits.dwyl.com/stangri/openwrt/simple-adblock.svg)](http://hits.dwyl.com/stangri/openwrt/simple-adblock)

A simple DNSMASQ/Unbound-based AdBlocking service for OpenWrt/LEDE Project.

## Features

- Super-fast due to the nature of supported block-lists and parallel downloading/processing of the block-lists.
- Supports hosts files and domains lists for blocking.
- Everything is configurable from Web UI.
- Allows you to easily add your own domains to allow-list or block-list.
- Allows you to easily add URLs to your own blocked hosts or domains lists to allow/block-list (just put allowed domains one per line in the file you're linking).
- Supports multiple modes of AdBlocking implementations with DNSMASQ and Unbound.
- Doesn't stay in memory -- creates the list of blocked domains and then uses DNSMASQ/Unbound and firewall rules to serve NXDOMAIN or 127.0.0.1 reply or to reject access (depending on settings) for blocked domains.
- As some of the default lists are using https, reliably works with either wget/libopenssl,  uclient-fetch/libustream-mbedtls or curl.
- Very lightweight and easily hackable, the whole script is just one ```/etc/init.d/simple-adblock``` file.
- Retains the downloaded/sorted AdBlocking list on service stop and reuses it on service start (use ```dl``` command if you want to force re-download of the list).
- Has an option to store a compressed copy of the AdBlocking list in persistent memory which survives reboots.
- Blocks ads served over https (unlike PixelServ-derived solutions).

This file has been truncated. show original