Page 3 of 4
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Mon Apr 18, 2022 7:03 pm
by michel30
And does no one has a certificate for the Toon one to write over the old one with the new one?
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Mon Apr 18, 2022 8:14 pm
by TheHogNL
michel30 wrote: ↑Mon Apr 18, 2022 7:03 pm
And does no one has a certificate for the Toon one to write over the old one with the new one?
The certificates are personal to the toon. You can't use one certificate multiple times.
But I am working on a script to be able to ask a new toon1 certificate without upgrading to 5.46.19. So hang on just a few days.
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Tue Apr 19, 2022 8:05 pm
by TheRedBull
TheHogNL wrote: ↑Mon Apr 18, 2022 8:14 pm
michel30 wrote: ↑Mon Apr 18, 2022 7:03 pm
And does no one has a certificate for the Toon one to write over the old one with the new one?
The certificates are personal to the toon. You can't use one certificate multiple times.
But I am working on a script to be able to ask a new toon1 certificate without upgrading to 5.46.19. So hang on just a few days.
Also missed the update last week....
Not sure if there is any email listing, or way to be notified about these urgent updates?
Also can't someone with the update not acquire the code that was used by the update to get new certificates? Or is this exactly what you are currently figuring out?
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Tue Apr 19, 2022 8:09 pm
by TheHogNL
TheRedBull wrote: ↑Tue Apr 19, 2022 8:05 pm
Also can't someone with the update not acquire the code that was used by the update to get new certificates? Or is this exactly what you are currently figuring out?
Exactly
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Wed Apr 20, 2022 1:10 pm
by TheHogNL
The latest update script (update-rooted.sh v4.7) will now request new VPN certificates if necessary automatically or if you provide the -c option. After that you can update the firmware as usual again.
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Wed Apr 20, 2022 1:53 pm
by FunFair
TheHogNL wrote: ↑Wed Apr 20, 2022 1:10 pm
The latest update script (update-rooted.sh v4.7) will now request new VPN certificates if necessary automatically or if you provide the -c option. After that you can update the firmware as usual again.
hero!
It requested a new certificate voor my Toon 1 and now the VPN tunnel is working again!
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Wed Apr 20, 2022 6:44 pm
by michel30
TheHogNL wrote: ↑Wed Apr 20, 2022 1:10 pm
The latest update script (update-rooted.sh v4.7) will now request new VPN certificates if necessary automatically or if you provide the -c option. After that you can update the firmware as usual again.
So for my understanding.
I put the file update-rooted.sh v4.7 on my toon one and run this scrip with the option -c and fingers cross
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Wed Apr 20, 2022 7:01 pm
by Toonz
or simply update via TSC menu, new script will be automatically downloaded, certificates requested and new firmware installed
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Wed Apr 20, 2022 8:26 pm
by michel30
@TheHogNL
Thanks for the new script, Toon is upgraded to version 5.49.16
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Wed Apr 20, 2022 11:17 pm
by TheRedBull
Toonz wrote: ↑Wed Apr 20, 2022 7:01 pm
or simply update via TSC menu, new script will be automatically downloaded, certificates requested and new firmware installed
This worked like a charm!
Thanks @Toonz And @TheHogNL
For me this means alot that you were able to fix this mayor issue for my older device.
Also that you were able to fix something that Toon (Eneco) was not able to do for all of us (so far).
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Thu Apr 21, 2022 12:52 pm
by hvxl
Being the cautious type and not really wanting to upgrade the firmware at this moment (Toon restarts frequently enough as it is), I just tried to get new certicates using update-rooted.sh -c. That didn't go very successfully:
Code: Select all
toon:~# ./update-rooted.sh -c
:
Requesting new VPN certificates
Error opening Certificate /etc/openvpn/vpn/toon.crt
1074390752:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('/etc/openvpn/vpn/toon.crt','r')
1074390752:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:
unable to load certificate
This toon does not contain old VPN certficates. Not necessary to update VPN certificates.
In /etc/openvpn/vpn I have the following files (serial number obscured):
Code: Select all
toon:~# ls -l /etc/openvpn/vpn/
-rw------- 1 root root 1379 Apr 17 2012 ca.crt
-rw-r--r-- 1 root root 245 Apr 17 2012 dh1024.pem
-rw------- 1 root root 4006 Jul 11 2014 eneco-001-######.crt
-rw------- 1 root root 891 Jul 11 2014 eneco-001-######.key
-rw------- 1 root root 636 Apr 17 2012 ta.key
The eneco-001 certificate doesn't appear to be a problem for another 2 years:
Code: Select all
toon:~# openssl x509 -in /etc/openvpn/vpn/eneco-001-######.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: ##### (0x#####)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
Validity
Not Before: Jul 11 13:23:01 2014 GMT
Not After : Jul 8 13:23:01 2024 GMT
Subject: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=eneco-001-######/emailAddress=admin@quby.nl
The ca certificate seems to be the one that expired last friday:
Code: Select all
toon:~# openssl x509 -in /etc/openvpn/vpn/ca.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
da:d1:03:6b:af:24:ab:59
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
Validity
Not Before: Apr 17 09:48:39 2012 GMT
Not After : Apr 15 09:48:39 2022 GMT
Subject: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
Should I simply rename/copy ca.crt to toon.crt and try again? Or is there no escaping a firmware upgrade?
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Thu Apr 21, 2022 1:16 pm
by TheHogNL
hvxl wrote: ↑Thu Apr 21, 2022 12:52 pm
Should I simply rename/copy ca.crt to toon.crt and try again? Or is there no escaping a firmware upgrade?
No. It is the eneco-001.xxx.crt which needs to be replaced. That certificate is signed by a CA which now is invalid/outdated. That is the issue.
However your toon hostname is 'toon' but should be 'eneco-001-xxxx'. The script uses that to find the correct filename.
I'll update the script right now (will be 4.73) to ignore the hostname and just use the filename as found in that directory.
Also ca.crt and ta.key will be replaced.
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Thu Apr 21, 2022 1:52 pm
by hvxl
Fun, isn't it? Users who mess up your perfectly working script by changing the host name!
Version 4.73 successfully updated the certificates. Thanks a lot!
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Thu Apr 21, 2022 2:46 pm
by TheHogNL
hvxl wrote: ↑Thu Apr 21, 2022 1:52 pm
Fun, isn't it? Users who mess up your perfectly working script by changing the host name!
Version 4.73 successfully updated the certificates. Thanks a lot!
I did prepare for that in the real request for the certirficate but forgot to implement the same routine in the first part where it checks for a old certificate first
the comment line I re-used in the fix
Code: Select all
#get real hostname (don't believe $HOSTNAME is always correct on rooted toons)
Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!
Posted: Fri Apr 22, 2022 10:00 am
by Xavier
so way to late I saw this topic.
I have 1 toon 1 and 1 toon 2.
Started by trying updating Toon 1 via TSC menu and check for upgrade.
Update is found,
Update started,
Update failed ---> var/log/ tsc.toonupdate.log:
Code: Select all
Now starting the VPN tunnel and waiting for it to be alive and configured...
Could not enable VPN in a normal reasonable time!
DEBUG information:
192.168.0.0/24 dev eth0 scope link src 192.168.0.80
default via 192.168.0.1 dev eth0 metric 10
# <persistent /etc/hosts content can be added to /etc/hosts.template file>
127.0.0.1 localhost.localdomain localhost eneco-001-025058
172.23.112.1 feed.hae.int feed
END DEBUG information
Quitting the upgrade. It was a nice try tho...
Connected to Toon1 by SSH and tried:
Code: Select all
sh /root/update-rooted.sh -o
===================================================================================================================================================================
Welcome to the rooted Toon upgrade script. This script will try to upgrade your Toon using your original connection with Eneco. It will start the VPN if necessary.
Please be advised that running this script is at your own risk!
Version: 4.73 - TheHogNL - 20-04-2022
===================================================================================================================================================================
Only start VPN and then quit
This toon does not contain old VPN certficates. Not necessary to update VPN certificates.
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Could not enable VPN in a normal reasonable time!
DEBUG information:
192.168.0.0/24 dev eth0 scope link src 192.168.0.80
default via 192.168.0.1 dev eth0 metric 10
# <persistent /etc/hosts content can be added to /etc/hosts.template file>
127.0.0.1 localhost.localdomain localhost eneco-001-025058
172.23.112.1 feed.hae.int feed
END DEBUG information
Quitting the upgrade. It was a nice try tho...
killall: openvpn: no process killed
So 1 questions:
How can I upgrade to 5.49.16?
I don't dare to try to upgrade my Toon2 at this moment.