FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14217 questions

16871 answers

27753 comments

54389 members

0 votes
134 views 8 comments
by
We always used a tunnel name of 9 characters on the RUT955, but since version 07.03.x you are only allowed to use 8 characters.

Because of this we are now unable to change any ipsec parameters after an upgrade.

Any change for going back to longer tunnel names?
by

@bamboe Can you please share what you changed in your /etc/config/uhttpd file to fix the GUI save bug? I'm experiencing the same problem and all units are far away so a remote downgrade/reset to defaults is not an option.

edit: the correct fix is

edit /etc/config/uhttpd

Replace

list listen_http 'xxx'
list listen_https 'yyy'

With 

option listen_http 'xxx'
option listen_https 'yyy'

And then restart the service

/etc/init.d/uhttpd restart

2 Answers

0 votes
by

Hello,

Thank you for providing your feedback.

I will address this limit to the developers.

Could you provide the number of devices affected by this?

As a temporary workaround, configuration details can be modified by SSH, specifically targeting /etc/config/ipsec file.

Since configuration options may differ between firmware versions, I suggest to create a working configuration in the current WebUI by giving any name to the instance within the 8 character limit and edit name in the SSH afterwards. However, make sure the tunnel establishes and configuration is correct, because, as you have mentioned, if instance name is longer than 8 characters, WebUI will not accept configuration changes.

Below are the instructions, on how to modify ipsec configuration via SSH. To login, use command line interface from router's WebUI in System -> CLI page or an SSH client such as PuTTy. Use root as username and router's password to login.

Execute the following command:

  • vi /etc/config/ipsec

Press letter i to enable editing and change every option, regarding either instance name, or configuration details. 

Once done press Esc, then enter :wq and press Enter.

Then, execute the following command:

  • /etc/init.d/ipsec restart

That should be enough to continue using ipsec.

Best regards,

by
This indeed solves the problem, but still prefer to use the 9 characters.

Currently about 60 routers are affected by this problem.

Another small problem we noticed after the upgrade is that the hostname now needs to be a domain name or IP address, as we are using the location as hostname. This can be fixed by adding .x to the name, but is not prefered.

A bigger problem is at 'Access Control' it is complaining that 'Server certificate' and 'Server key' are required. Both are filled in and exist in the /etc directory.  Till now I did not find a work around for it.

For this about 800 routers are affected.
by

Hello,

The IPsec instance name length is being worked on and should be resolved in the subsequent firmware releases.

The developers are aware of the issue. No solution is available yet at the moment. I would assume, that this has happened after update from legacy firmware version with Keep settings option enabled? 

What specific changes do you want to perform? Some of them could be done over CLI/SSH.

Otherwise, could you check if device reset to factory defaults solves this?

Could you also try downgrading to 7.03.3 with Keep settings set to off and see if the issue persists?

Best regards,

by
editing the uhttp file directly  and restart of the service will indeed bypass the GUI problem.

The original config comes indeed from the legacy firmware but works fine on the 07.02.7 firmware.

I now have copied the original 07.03.4 /etc/config/uhttpd file and use it in my template. This can now be edited and saved.
0 votes
by

@

by
Thanks

I can't take the chance of factory resetting the remote devices - was hoping someone knew what specific line was causing the problem so I could just manually edit it. I hope someone from Teltonika can chime in-
by
did some test again and found the 'fault' in the new uhttpd file:

in the old file it mentions 'list enable http 'x''

this should be changed into 'option enable http 'x''

and the restart the service uhttpd with '/etc/init.d/uhttpd restart'
by
@bamboe thanks, it was close, but the syntax was slightly off. See top post above for the fix that worked for me
by

@luckman212

Ok, for you the listen started still with list, for me the enable started still with list.

So they real end solution is to replace 'list' with 'option' in the uhttpd file, except for the following line which still has to start with list:

 list lua_prefix '/api=/www/cgi-bin/api_dispatcher.lua'