Wget error trying to update he.net

Longtime user, most recently I had 15.05 before installing 18.06.2 and reconfiguring.

I installed the following additional packages: 6in4, libustream-wolfssl, curl, luci-app-ddns, ca-bundle, ca-certificates. Duckdns, for example, can successfully be updated with a https URL.

My he.net tunnel shows 0 received packages because the endpoint is not being updated. I modified 6in4.sh to show the actual URL used:
(credentials redacted)

Running the command on the router I get

Connecting to
Connection error: Connection failed

If I run the same command on my destkop it works just fine, the endpoint is updated and the tunnel comes online. What am I doing wrong?

Please note: I omitted the tunnel config here since it works, it's just wget giving me trouble.

Thanks, Andrea.

Wow...I didn't know HE updated on HTTPS (maybe I just always had issues OpenWrt)...when I have a opportunity to configure a test device I'll let you know.

Any reason you preferred that over mbed TLS?

@lleachii AFAIK it updated on HTTPS even on my older 15.05 setup but I am going from memory...
Regarding wolfssl, a friend works there so I had the name in mind :slight_smile:
Anyhow, I quickly removed it and installed your suggestion: now it works, thanks for the tip!
(of course, I'm going to let him know...)

1 Like

Hey, wolfSSL contributor here. We're happy to help fixing this, if you can provide more information about the problem. It could be useful that wolfSSL packages are updated to the latest version (4.0.0 at the moment of writing this), and if you could let us know more details on the nature of this issue.

If security is important to you, I'd always suggest to use wolfSSL over mbedTLS, because reported vulnerabilities are fixed much quicker, and all the latest standards are properly supported.

WolfSSL has been supporting TLS 1.3 since way before it was even accepted as standard, while mbedTLS has not yet communicated any plans to implement it, and it's been now an RFC for several months already. This alone might be a major security risk, seeing the vulnerabilities on TLS up to v.1.2 that have been disclosed lately.

I've also notice that mbedTLS stopped communicating about security disclosures more than a year ago, so I am not sure if any effort has been invested on their security-related research and development lately.

1 Like

Thanks, Daniele. I'll keep you posted.

@lleachii should I file a bug for this problem? How do we get the devs involved?

1 Like

...sure you can.

bugs.openwrt.org or the dev list.

1 Like

Done, thanks.
FS#2238 - 6in4 endpoint does not update with libustream-wolfssl

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.