Topic: davidc502 1900ac 3200acm builds

The content of this topic has been archived between 26 Feb 2018 and 7 May 2018. Unfortunately there are posts – most likely complete pages – missing.

Page 36 of 229

Post #876

starcms

30 Dec 2016, 00:31

ralfbergs wrote:

Hi @davidc502,
thanks for your builds.
Do you have a bug tracker?
I noticed a couple of small issues since I installed your build for wrt1200ac and would like to let you know about them.
One is that there is no diffutils package available, which I often use to compare config changes.
Also, /sbin/fan_ctrl.sh doesn't seem to be useful on wrt1200ac, as this device doesn't have a fan. That script wouldn't work anyway, as it tries to determine the CPU temp by looking at /sys/class/hwmon/hwmon2, which doesn't exist on wrt1200ac. There's only hwmon0 and 1.
Plus a couple of further issues which I have forgotten. :-(
Let me know if you want me to report here, or if you have a bug tracker.
Kind regards,
Ralf

You are correct. Only the original WRT1900AC v1 (mamba) had a fan. No others in the WRT1200/1900/3200 series do. So I simply deleted the line */5 * * * * /sbin/fan_ctrl.sh from scheduled tasks in Luci (cron as it's actually called). I also have a 1200ac.

I don't believe @david has a bug tracker yet; if you have any issues please post them here.

Post #877

starcms

30 Dec 2016, 00:50

davidc502 wrote:

ralfbergs wrote:
davidc502 wrote:
This morning I fixed https not working correctly. It would re-direct users back to http, which isn't helpful. It now stays on the https track no matter where you go on the page. Would like to get a certificate that has a valid CA, but it will cost $ to do so.
You want to use Let's Encrypt. It's free and the way to go...
That's how it's set up... using let's encrypt and though it says it has a open CA, in my case its not using one. Will look again and see if there's anything else I can do to get it to work.

@david, I forgot to mention something important. In order to get opkg to download packages from a https:// source, you'll need wget (to be able to download from a https:// site) and ca-bundle and ca-certificates packages to install the database of trusted certificate providers.

Post #878

davidc502

30 Dec 2016, 01:52

starcms wrote:

ralfbergs wrote:
Hi @davidc502,
thanks for your builds.
Do you have a bug tracker?
I noticed a couple of small issues since I installed your build for wrt1200ac and would like to let you know about them.
One is that there is no diffutils package available, which I often use to compare config changes.
Also, /sbin/fan_ctrl.sh doesn't seem to be useful on wrt1200ac, as this device doesn't have a fan. That script wouldn't work anyway, as it tries to determine the CPU temp by looking at /sys/class/hwmon/hwmon2, which doesn't exist on wrt1200ac. There's only hwmon0 and 1.
Plus a couple of further issues which I have forgotten. :-(
Let me know if you want me to report here, or if you have a bug tracker.
Kind regards,
Ralf
You are correct. Only the original WRT1900AC v1 (mamba) had a fan. No others in the WRT1200/1900/3200 series do. So I simply deleted the line */5 * * * * /sbin/fan_ctrl.sh from scheduled tasks in Luci (cron as it's actually called). I also have a 1200ac.
I don't believe @david has a bug tracker yet; if you have any issues please post them here.

In cron, there should be a # in front except for the 1900ac. Is this not the case? I have the ACS, and in this model it does.

Post #879

davidc502

30 Dec 2016, 01:56

More about the certificate. certbot, for let's encrypt, was used to create the cert... It's just a command line utility, and it asked me Zero questions about the environment.

After it was created, I just moved on, and haven't circled back around, but surely it has switches that will allow one to fill in the information needed.

Post #880

davidc502

30 Dec 2016, 02:04

ralfbergs wrote:

Hi @davidc502,
thanks for your builds.
Do you have a bug tracker?
I noticed a couple of small issues since I installed your build for wrt1200ac and would like to let you know about them.
One is that there is no diffutils package available, which I often use to compare config changes.
Also, /sbin/fan_ctrl.sh doesn't seem to be useful on wrt1200ac, as this device doesn't have a fan. That script wouldn't work anyway, as it tries to determine the CPU temp by looking at /sys/class/hwmon/hwmon2, which doesn't exist on wrt1200ac. There's only hwmon0 and 1.
Plus a couple of further issues which I have forgotten. :-(
Let me know if you want me to report here, or if you have a bug tracker.
Kind regards,
Ralf

LEDE bug tracker is the place to report them. Just reference the build # example: r2695 https://bugs.lede-project.org/

diffutils? I'll have to take a look to see where this option exists in menuconfig. All packages/kernels are selected, so I'm not sure why this one isn't available, unless it's a option outside of the regular build.

As to the fan script, look to see if it is commented out in cron. On the acs model, it is, and someone with v2 said it was commented out. If commented out, there's nothing else that would call the script.

Post #881

starcms

30 Dec 2016, 03:17

davidc502 wrote:

starcms wrote:
ralfbergs wrote:
Hi @davidc502,
thanks for your builds.
Do you have a bug tracker?
I noticed a couple of small issues since I installed your build for wrt1200ac and would like to let you know about them.
One is that there is no diffutils package available, which I often use to compare config changes.
Also, /sbin/fan_ctrl.sh doesn't seem to be useful on wrt1200ac, as this device doesn't have a fan. That script wouldn't work anyway, as it tries to determine the CPU temp by looking at /sys/class/hwmon/hwmon2, which doesn't exist on wrt1200ac. There's only hwmon0 and 1.
Plus a couple of further issues which I have forgotten. :-(
Let me know if you want me to report here, or if you have a bug tracker.
Kind regards,
Ralf
You are correct. Only the original WRT1900AC v1 (mamba) had a fan. No others in the WRT1200/1900/3200 series do. So I simply deleted the line */5 * * * * /sbin/fan_ctrl.sh from scheduled tasks in Luci (cron as it's actually called). I also have a 1200ac.
I don't believe @david has a bug tracker yet; if you have any issues please post them here.
In cron, there should be a # in front except for the 1900ac. Is this not the case? I have the ACS, and in this model it does.

I always have been restoring my config the last several builds. In mine, I have it commented out too and have added a line for adblock to update every day. But on r2221 or maybe before that when I decided to start completely fresh, it wasn't commented out yet...

Post #882

starcms

30 Dec 2016, 04:53

davidc502 wrote:

More about the certificate. certbot, for let's encrypt, was used to create the cert... It's just a command line utility, and it asked me Zero questions about the environment.
After it was created, I just moved on, and haven't circled back around, but surely it has switches that will allow one to fill in the information needed.

Quick summary at first:

To allow opkg to download packages from a https:// server; wget, ca-certificates, and ca-bundle packages is all that's needed. No configuration required. ca-bundle may not even be required, but it doesn't hurt and I always keep it installed in addition to ca-certificates. If this isn't done, then even if/when you get your web server certificate to show as completely valid in a browser; opkg update and opkg install will fail.

For creating a cert to be used for Luci-SSL, simply look back at my previous few (long ) posts. All the required info is there (with one of the most important things that I haven't seen mentioned anywhere is making sure your build doesn't include a /etc/uhttpd.crt file. Many seem to for some reason (even if Luci-SSL isn't included), but the cert is very old and out of date. uhttpd (using px5g) will generate one automatically based on your uhttpd config on first boot, BUT ONLY if the file/cert doesn't already exist. Also, ensure the commonname in the uhttpd config file is set to 192.168.1.1 (other fields don't matter since its not going to be signed by a CA. This way, someone can if they so choose, download the certificate and add it to their browser certificate store so it will accept it as fully valid.

Now to finally address your original question of correctly generating a cert for your web-server (which contains all the builds, packages, etc)

According to https://letsencrypt.org/docs/certificate-compatibility/, the certificate should be fully legit and uses IdenTrust’s DST Root X3 as the CA which is included in all browsers. I just checked and it is also included in /etc/ssl/certs, so it was provided by either the ca-certificates or ca-bundle packages. So it should definitely be able to work 100%.

If I were you, I would load https://valid-isrgrootx1.letsencrypt.org/ (as opposed to simply letsencrypt.org; link is mentioned at https://letsencrypt.org/certificates/ ; its a page with an example certificate just as you would get, 90 day expiration) in IE (in Chrome I can't figure out how to display the actual certificate, clicking on the Lock Icon simply loads a list of permissions) or in another browser that will actually display the certificate (normally by clicking the lock icon and choosing Display Certificate). Click on the Details tab of the cert and look at the values they used. For example in the Subject field, only the CN (common name) value is included and should match your URL (davidc502sis.dynamic-dns.net). Many certs show the origination, state, country, and location in the Subject field of the cert. Not here. If you compare it to your current cert on https://davidc502sis.dynamic-dns.net, you'll notice giant differences, the biggest of which is probably what is listed as who the certificate is issued to and by whom.

The only other thing I can recommend is to check out https://letsencrypt.org/getting-started/ and https://certbot.eff.org/

Edit: ALOT more info on cert here: https://certbot.eff.org/docs/using.html

(Last edited by starcms on 30 Dec 2016, 04:59)

Post #883

108

30 Dec 2016, 07:51

@David, you may take a look at xenolf/lego on github. You can even generate and renew LE certs with the prebuilt binaries right on the router.

Post #884

Redferne

30 Dec 2016, 07:55

Am I the only one using nfs-kernel-server? It worked great on r2221, but now I get this:

    _________
    /        /\      _    ___ ___  ___
   /  LE    /  \    | |  | __|   \| __|
  /    DE  /    \   | |__| _|| |) | _|
 /________/  LE  \  |____|___|___/|___|                      lede-project.org
 \        \   DE /
  \    LE  \    /  -----------------------------------------------------------
   \  DE    \  /    leviathan II (SNAPSHOT, r2695-c9c68c7)
    \________\/    -----------------------------------------------------------

root@wayout /root [#]# /etc/init.d/nfsd start
mount: mounting nfsd on /proc/fs/nfsd failed: No such device
rpc.nfsd: Unable to access /proc/fs/nfsd errno 2 (No such file or directory).
Please try, as root, 'mount -t nfsd nfsd /proc/fs/nfsd' and then restart rpc.nfsd to correct the problem
root@wayout /root [#]#

And the lvm2 package would not install due to kernel dependencies. It worked by --force-depends.

md raid modules are also not installing:

root@wayout /root [#]# oi kmod-md-raid0
Installing kmod-md-raid0 (4.4.39-1) to root...
Downloading http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/kmod-md-raid0_4.4.39-1_arm_cortex-a9_vfpv3.ipk.
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-md-raid0:
 *      kernel (= 4.4.39-1-640b2d6a4a9fcdbcd2b9250e2b3d04a6) *  kernel (= 4.4.39-1-640b2d6a4a9fcdbcd2b9250e2b3d04a6) *
 * opkg_install_cmd: Cannot install package kmod-md-raid0.
root@wayout /root [#]#

What am I doing wrong?

Post #885

ralfbergs

30 Dec 2016, 09:00

starcms wrote:

Regardless if you decide to include Luci-ssl-openssl, I would highly recommend setting 2 default settings for future builds for those that are new to LEDE to ensure maximum security and avoid potential access from the WAN to SSL and Luci.
First, configure dropbear from the default unspecified interface to the LAN interface.
Secondly, in the uhttpd configuration (/etc/config/uhttpd):
-Change the default settings of listen_http and listen_https from the default of (I think it was) 0.0.0.0 (which allows WAN access to Luci) to 192.168.1.1. Also comment out or remove the second listen_http and listen_https of '[::]:80' and '[::]:443, respectively (which also allow WAN access to Luci over IPv6).

Right, this is exactly the other issues I had in mind and couldn't remember. That was one of the very first things I did after scanning my router from the outside (to make sure that the firewall is really closing down everything, which it does). So the out-of-box experience poses no security risk, but still it's much safer to bind only to the LAN interface to protect users against errors they might make themselves. :-)

Post #886

ralfbergs

30 Dec 2016, 09:10

starcms wrote:

I bet there is a configuration error in how the certificate is being generated. The common name of the certificate is li1293-151.members.linode.com. I'm pretty sure it should be davidc502sis.dynamic-dns.net.

Yes, I also noticed this when checking. Also, the certificate is self-signed, and not signed by a well-known CA.

Maybe David didn't restart his web server to pull in the new config? Or he changed it in the wrong place?

starcms wrote:

But even if there is a configuration error, Windows is still saying "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store." So that makes me think that Let's Encrypt isn't a trusted certificate provider.

No, it's because the currently deployed certificate at https://davidc502sis.dynamic-dns.net/ is self-signed, i. e. the public key was signed by corresponding private key, not by a different private key that belongs to a CA.

starcms wrote:

Also for a trusted certificate, the country, state, and origination name must also match what was provided (not simply the common name if you are generating a simple non-trusted certificate for Luci-SSL)

For Let's Encrypt that doesn't matter, they will not include these fields in the certificate anyway. This is usually the same for all providers of domain-authorized certificates. To make them include these fields you have to provide proof, like identity documents or company registration docs. These certificates usually cost money, they cannot be obtained for free because it's a larger effort on the side of the CA.

starcms wrote:

The concerning thing is that according to the cert, even the issuer has identical values listed. Also, the cert was issued to li1293-151.members.linode.com instead of to davidc502sis.dynamic-dns.net, and it was also issued by li1293-151.members.linode.com as well (which isn't a trusted source).

Yes, as I said, this is the key issue. It's a self-signed certificate, not one signed by an external, well-known CA.

Post #887

ralfbergs

30 Dec 2016, 09:13

starcms wrote:

ralfbergs wrote:
Also, /sbin/fan_ctrl.sh doesn't seem to be useful on wrt1200ac, as this device doesn't have a fan.
You are correct. Only the original WRT1900AC v1 (mamba) had a fan. No others in the WRT1200/1900/3200 series do. So I simply deleted the line */5 * * * * /sbin/fan_ctrl.sh from scheduled tasks in Luci (cron as it's actually called).

I did the same, but I don't want to repeatedly do this. Would be nice if David could change it in his build process. :-)

Post #888

ralfbergs

30 Dec 2016, 09:15

starcms wrote:

@david, I forgot to mention something important. In order to get opkg to download packages from a https:// source, you'll need wget (to be able to download from a https:// site) and ca-bundle and ca-certificates packages to install the database of trusted certificate providers.

That's true. Actually the first thing I did was to mirror David's packages, because I was afraid they could go away. I then changed the URLs to my web server, and I use SSL there as well, so I had to do what you described above. :-)

Post #889

ralfbergs

30 Dec 2016, 09:16

davidc502 wrote:

In cron, there should be a # in front except for the 1900ac. Is this not the case?

No, it's not. It's an active cron entry.

Post #890

ralfbergs

30 Dec 2016, 09:21

davidc502 wrote:

More about the certificate. certbot, for let's encrypt, was used to create the cert... It's just a command line utility, and it asked me Zero questions about the environment.
After it was created, I just moved on, and haven't circled back around, but surely it has switches that will allow one to fill in the information needed.

I recommend you use certbot with the "--webroot" option, like described here. This gives you maximum control and flexibility.

Basically you point the script to the webroot for your domain, so that it can put a file there that will then be retrieved by Let's Encrypt to verify whether you have control over the web server. This approach will also not try to make automatic changes to your config, but just retrieve the certificate. You can then manually configure your web server to use the certificate.

Post #891

ralfbergs

30 Dec 2016, 09:25

davidc502 wrote:

ralfbergs wrote:
Do you have a bug tracker?
I noticed a couple of small issues since I installed your build for wrt1200ac and would like to let you know about them.
One is that there is no diffutils package available, which I often use to compare config changes.
Also, /sbin/fan_ctrl.sh doesn't seem to be useful on wrt1200ac, as this device doesn't have a fan.
LEDE bug tracker is the place to report them. Just reference the build # example: r2695 https://bugs.lede-project.org/

So you're saying it's an upstream bug? I suspected it's a bug of your specific build, this is why I didn't put it in LEDE's bug tracker (which I know about...)

davidc502 wrote:

diffutils? I'll have to take a look to see where this option exists in menuconfig. All packages/kernels are selected, so I'm not sure why this one isn't available, unless it's a option outside of the regular build.

Strange... I have been using it since ages, both on OpenWrt and LEDE...

davidc502 wrote:

As to the fan script, look to see if it is commented out in cron. On the acs model, it is, and someone with v2 said it was commented out. If commented out, there's nothing else that would call the script.

As I said, the script is not commented out in cron. And I have a WRT1200AC "V1".

Post #892

Driver007

30 Dec 2016, 16:14

davidc502 wrote:

So far the new wifi driver is working well on r2695.
Any wifi driver issues out there?
Thanks for all the kudos!
David

how to test properly wifi? for me seems something wrong. It's very unstable on cobra.

and what logs search for?

I have 600Mbps WAN speed, and it's hard to maintain half of the speed, on my Intel card it goes form 20-40MB/s from about a meter from router, my wifi USB also doesn't seem stable, it goes from 300KB/s and after 10 seconds it bumps to 30MB/s but not every time.

latest build.

Post #893

moccolo

30 Dec 2016, 17:34

Driver007 wrote:

davidc502 wrote:
So far the new wifi driver is working well on r2695.
Any wifi driver issues out there?
Thanks for all the kudos!
David
how to test properly wifi? for me seems something wrong. It's very unstable on cobra.
and what logs search for?
I have 600Mbps WAN speed, and it's hard to maintain half of the speed, on my Intel card it goes form 20-40MB/s from about a meter from router, my wifi USB also doesn't seem stable, it goes from 300KB/s and after 10 seconds it bumps to 30MB/s but not every time.
latest build.

what encription and cipher are you using? use wpa2-psk and AES cipher.

(Last edited by moccolo on 30 Dec 2016, 17:36)

Post #894

davidc502

30 Dec 2016, 18:36

ralfbergs wrote:

davidc502 wrote:
More about the certificate. certbot, for let's encrypt, was used to create the cert... It's just a command line utility, and it asked me Zero questions about the environment.
After it was created, I just moved on, and haven't circled back around, but surely it has switches that will allow one to fill in the information needed.
I recommend you use certbot with the "--webroot" option, like described here. This gives you maximum control and flexibility.
Basically you point the script to the webroot for your domain, so that it can put a file there that will then be retrieved by Let's Encrypt to verify whether you have control over the web server. This approach will also not try to make automatic changes to your config, but just retrieve the certificate. You can then manually configure your web server to use the certificate.

Well, the cert is now hooked into a CA. This is the command I ran and just added the domain of davidc502sis.dynamic-dns.net. # ./certbot-auto --update-registration

Looks like the cert is only valid for about 4 months which is strange as there were no options to increase it.

Still looking though

**EDIT**

This was added to cron and checks twice daily and will auto renew - certbot-auto renew --quiet --no-self-upgrade

(Last edited by davidc502 on 30 Dec 2016, 18:48)

Post #895

davidc502

30 Dec 2016, 18:47

moccolo wrote:

Driver007 wrote:
davidc502 wrote:
So far the new wifi driver is working well on r2695.
Any wifi driver issues out there?
Thanks for all the kudos!
David
how to test properly wifi? for me seems something wrong. It's very unstable on cobra.
and what logs search for?
I have 600Mbps WAN speed, and it's hard to maintain half of the speed, on my Intel card it goes form 20-40MB/s from about a meter from router, my wifi USB also doesn't seem stable, it goes from 300KB/s and after 10 seconds it bumps to 30MB/s but not every time.
latest build.
what encription and cipher are you using? use wpa2-psk and AES cipher.

Also, please download a wifi analyzer, to your phone, and look to see how many others you might be competing with. I know in my area 2.4Ghz is hardly usable, and with everyone using 80Mhz widths on 5Ghz, there is only 2 channels outside of DFS.

With DFS not working correctly (always switches to non DFS after a few hours), there are certain times of the day where I only get 10 or 20mbps.

Post #896

starcms

30 Dec 2016, 19:12

davidc502 wrote:

ralfbergs wrote:
davidc502 wrote:
More about the certificate. certbot, for let's encrypt, was used to create the cert... It's just a command line utility, and it asked me Zero questions about the environment.
After it was created, I just moved on, and haven't circled back around, but surely it has switches that will allow one to fill in the information needed.
I recommend you use certbot with the "--webroot" option, like described here. This gives you maximum control and flexibility.
Basically you point the script to the webroot for your domain, so that it can put a file there that will then be retrieved by Let's Encrypt to verify whether you have control over the web server. This approach will also not try to make automatic changes to your config, but just retrieve the certificate. You can then manually configure your web server to use the certificate.
Well, the cert is now hooked into a CA. This is the command I ran and just added the domain of davidc502sis.dynamic-dns.net. # ./certbot-auto --update-registration
Looks like the cert is only valid for about 4 months which is strange as there were no options to increase it.
Still looking though
**EDIT**
This was added to cron and checks twice daily and will auto renew - certbot-auto renew --quiet --no-self-upgrade

According to their website, their certs are only good for 90 days. But looks like you got it figured out.

Your website is now showing a completely valid cert! In the next build, you can definitely include wget, ca-certificates, and ca-bundle and change the sources to point to HTTPS. Great job!

Edit: And if I were you, I'd set up the webserver to automatically direct http traffic to https

(Last edited by starcms on 30 Dec 2016, 19:18)

Post #897

starcms

30 Dec 2016, 19:14

Driver007 wrote:

davidc502 wrote:
So far the new wifi driver is working well on r2695.
Any wifi driver issues out there?
Thanks for all the kudos!
David
how to test properly wifi? for me seems something wrong. It's very unstable on cobra.
and what logs search for?
I have 600Mbps WAN speed, and it's hard to maintain half of the speed, on my Intel card it goes form 20-40MB/s from about a meter from router, my wifi USB also doesn't seem stable, it goes from 300KB/s and after 10 seconds it bumps to 30MB/s but not every time.
latest build.

Do you have a WRT3200ACM? The wifi drivers for it are still maturing and have speed issues.

Post #898

davidc502

30 Dec 2016, 19:19

Redferne wrote:

Am I the only one using nfs-kernel-server? It worked great on r2221, but now I get this:

    _________
    /        /\      _    ___ ___  ___
   /  LE    /  \    | |  | __|   \| __|
  /    DE  /    \   | |__| _|| |) | _|
 /________/  LE  \  |____|___|___/|___|                      lede-project.org
 \        \   DE /
  \    LE  \    /  -----------------------------------------------------------
   \  DE    \  /    leviathan II (SNAPSHOT, r2695-c9c68c7)
    \________\/    -----------------------------------------------------------

root@wayout /root [#]# /etc/init.d/nfsd start
mount: mounting nfsd on /proc/fs/nfsd failed: No such device
rpc.nfsd: Unable to access /proc/fs/nfsd errno 2 (No such file or directory).
Please try, as root, 'mount -t nfsd nfsd /proc/fs/nfsd' and then restart rpc.nfsd to correct the problem
root@wayout /root [#]#

And the lvm2 package would not install due to kernel dependencies. It worked by --force-depends.

md raid modules are also not installing:

root@wayout /root [#]# oi kmod-md-raid0
Installing kmod-md-raid0 (4.4.39-1) to root...
Downloading http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/kmod-md-raid0_4.4.39-1_arm_cortex-a9_vfpv3.ipk.
Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-md-raid0:
 *      kernel (= 4.4.39-1-640b2d6a4a9fcdbcd2b9250e2b3d04a6) *  kernel (= 4.4.39-1-640b2d6a4a9fcdbcd2b9250e2b3d04a6) *
 * opkg_install_cmd: Cannot install package kmod-md-raid0.
root@wayout /root [#]#

What am I doing wrong?

This is what I got when installing lvm2.. I'm not familiar with the package, but does look like it installed? I did see this command being issued above? Is this correct? " /root [#]# oi kmod-md-raid0"

root@lede:~# opkg list |grep lvm2
lvm2 - 2.02.165-1 - LVM2 refers to a new userspace toolset that provide logical                                                         volume management facilities on linux. It is reasonably backwards-compatible wit                                                        h the original LVM toolset.
root@lede:~# opkg install lvm2
Installing lvm2 (2.02.165-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cor[/url]                                                        tex-a9_vfpv3/packages/lvm2_2.02.165-1_arm_cortex-a9_vfpv3.ipk.
Installing libdevmapper (2.02.165-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cor[/url]                                                        tex-a9_vfpv3/packages/libdevmapper_2.02.165-1_arm_cortex-a9_vfpv3.ipk.
Installing kmod-dm (4.4.39-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/ge[/url]                                                        neric/packages/kmod-dm_4.4.39-1_arm_cortex-a9_vfpv3.ipk.
Installing libblkid (2.28-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cor[/url]                                                        tex-a9_vfpv3/base/libblkid_2.28-1_arm_cortex-a9_vfpv3.ipk.
Installing libreadline (7.0-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cor[/url]                                                        tex-a9_vfpv3/base/libreadline_7.0-1_arm_cortex-a9_vfpv3.ipk.
Configuring kmod-dm.
Configuring libdevmapper.
Configuring libblkid.
Configuring libreadline.
Configuring lvm2.
File descriptor 3 (/tmp/lock/opkg.lock) leaked on lvm invocation. Parent PID 228                                                        76: /bin/sh
File descriptor 9 (pipe:[2176]) leaked on lvm invocation. Parent PID 22876: /bin                                                        /sh
  Reading all physical volumes.  This may take a while...
File descriptor 3 (/tmp/lock/opkg.lock) leaked on lvm invocation. Parent PID 228                                                        76: /bin/sh
File descriptor 9 (pipe:[2176]) leaked on lvm invocation. Parent PID 22876: /bin                                                        /sh

Also, installing kmod-md-radio0 worked.

root@lede:~# opkg install kmod-md-raid0
Installing kmod-md-raid0 (4.4.39-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/kmod-md-raid0_4.4.39-1_arm_cortex-a9_vfpv3.ipk.[/url]
Installing kmod-md-mod (4.4.39-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/kmod-md-mod_4.4.39-1_arm_cortex-a9_vfpv3.ipk.[/url]
Configuring kmod-md-mod.
Configuring kmod-md-raid0.

(Last edited by davidc502 on 30 Dec 2016, 19:36)

Post #899

davidc502

30 Dec 2016, 19:33

starcms wrote:

davidc502 wrote:
ralfbergs wrote:
I recommend you use certbot with the "--webroot" option, like described here. This gives you maximum control and flexibility.
Basically you point the script to the webroot for your domain, so that it can put a file there that will then be retrieved by Let's Encrypt to verify whether you have control over the web server. This approach will also not try to make automatic changes to your config, but just retrieve the certificate. You can then manually configure your web server to use the certificate.
Well, the cert is now hooked into a CA. This is the command I ran and just added the domain of davidc502sis.dynamic-dns.net. # ./certbot-auto --update-registration
Looks like the cert is only valid for about 4 months which is strange as there were no options to increase it.
Still looking though
**EDIT**
This was added to cron and checks twice daily and will auto renew - certbot-auto renew --quiet --no-self-upgrade
According to their website, their certs are only good for 90 days. But looks like you got it figured out.
Your website is now showing a completely valid cert! In the next build, you can definitely include wget, ca-certificates, and ca-bundle and change the sources to point to HTTPS. Great job!
Edit: And if I were you, I'd set up the webserver to automatically direct http traffic to https

@starcms

Thanks... already thinking about doing what you suggested.

installed libustream-openssl, ca-certificates, and ca bundle, and opkg works properly. I really appreciate everyone's help getting this going.

root@lede:~# opkg install libustream-openssl
Installing libustream-openssl (2016-07-02-ec80adaa-1) to root...
Downloading http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/base/libustream-openssl_2016-07-02-ec80adaa-1_arm_cortex-a9_vfpv3.ipk.
Configuring libustream-openssl.

root@lede:~# opkg install ca-certificates
Installing ca-certificates (20161130) to root...
Downloading http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/base/ca-certificates_20161130_all.ipk.
Configuring ca-certificates.

root@lede:~# opkg install ca-bundle
Installing ca-bundle (20161130) to root...
Downloading http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/base/ca-bundle_20161130_all.ipk.
Configuring ca-bundle.

root@lede:~# opkg update
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/leviathan_ii_core.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/Packages.sig.
Signature check passed.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/base/Packages.gz.
Updated list of available packages in /var/opkg-lists/leviathan_ii_base.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/base/Packages.sig.
Signature check passed.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/telephony/Packages.gz.
Updated list of available packages in /var/opkg-lists/leviathan_ii_telephony.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/telephony/Packages.sig.
Signature check passed.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/leviathan_ii_packages.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/packages/Packages.sig.
Signature check passed.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/routing/Packages.gz.
Updated list of available packages in /var/opkg-lists/leviathan_ii_routing.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/routing/Packages.sig.
Signature check passed.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/luci/Packages.gz.
Updated list of available packages in /var/opkg-lists/leviathan_ii_luci.
Downloading https://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cortex-a9_vfpv3/luci/Packages.sig.
Signature check passed.

(Last edited by davidc502 on 30 Dec 2016, 19:36)

Post #900

Redferne

30 Dec 2016, 23:46

davidc502 wrote:

root@lede:~# opkg list |grep lvm2
lvm2 - 2.02.165-1 - LVM2 refers to a new userspace toolset that provide logical                                                         volume management facilities on linux. It is reasonably backwards-compatible wit                                                        h the original LVM toolset.
root@lede:~# opkg install lvm2
Installing lvm2 (2.02.165-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cor[/url]                                                        tex-a9_vfpv3/packages/lvm2_2.02.165-1_arm_cortex-a9_vfpv3.ipk.
Installing libdevmapper (2.02.165-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cor[/url]                                                        tex-a9_vfpv3/packages/libdevmapper_2.02.165-1_arm_cortex-a9_vfpv3.ipk.
Installing kmod-dm (4.4.39-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/ge[/url]                                                        neric/packages/kmod-dm_4.4.39-1_arm_cortex-a9_vfpv3.ipk.
Installing libblkid (2.28-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cor[/url]                                                        tex-a9_vfpv3/base/libblkid_2.28-1_arm_cortex-a9_vfpv3.ipk.
Installing libreadline (7.0-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/packages/arm_cor[/url]                                                        tex-a9_vfpv3/base/libreadline_7.0-1_arm_cortex-a9_vfpv3.ipk.
Configuring kmod-dm.
Configuring libdevmapper.
Configuring libblkid.
Configuring libreadline.
Configuring lvm2.
File descriptor 3 (/tmp/lock/opkg.lock) leaked on lvm invocation. Parent PID 228                                                        76: /bin/sh
File descriptor 9 (pipe:[2176]) leaked on lvm invocation. Parent PID 22876: /bin                                                        /sh
  Reading all physical volumes.  This may take a while...
File descriptor 3 (/tmp/lock/opkg.lock) leaked on lvm invocation. Parent PID 228                                                        76: /bin/sh
File descriptor 9 (pipe:[2176]) leaked on lvm invocation. Parent PID 22876: /bin                                                        /sh

Also, installing kmod-md-radio0 worked.

root@lede:~# opkg install kmod-md-raid0
Installing kmod-md-raid0 (4.4.39-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/kmod-md-raid0_4.4.39-1_arm_cortex-a9_vfpv3.ipk.[/url]
Installing kmod-md-mod (4.4.39-1) to root...
Downloading [url]http://davidc502sis.dynamic-dns.net/snapshots/r2695/targets/mvebu/generic/packages/kmod-md-mod_4.4.39-1_arm_cortex-a9_vfpv3.ipk.[/url]
Configuring kmod-md-mod.
Configuring kmod-md-raid0.

Amazing. I'm starting to wonder if my extroot is causing this problem. Maybe keeping settings during upgrade is a bad idea. I wonder how the dependencies are checked during package installation. I got to the point where I needed python and flexget so extroot on /overlay was the only option. Too bad OpenWRT/LEDE does a really bad job on supporting upgrading with extroot. There's a lot of manual labor required.

Thanks for confirming my initial suspicion, now I need to figure out why the dependcies are broken on my installation.

Would you mind installing nfs-kernel-server? Just need to know for a fact that it's working.

BTW, oi is my alias for opkg install.

Cheers!

Page 36 of 229