Turris Build issueshttps://gitlab.nic.cz/turris/os/build/-/issues2023-03-03T02:00:32+01:00https://gitlab.nic.cz/turris/os/build/-/issues/356Turris OS has enabled broken SIP ALG by default and cannot be turned off2023-03-03T02:00:32+01:00Ghost UserTurris OS has enabled broken SIP ALG by default and cannot be turned offSIP ALG is software technology broken by design which mangles _data_ part of UDP and TCP SIP packets during IP routing. It has no value, just breaks signalization of VOIP SIP audio calls and in most cases make VOIP calls unstable with po...SIP ALG is software technology broken by design which mangles _data_ part of UDP and TCP SIP packets during IP routing. It has no value, just breaks signalization of VOIP SIP audio calls and in most cases make VOIP calls unstable with poor quality, random hangouts or fully unusable.
Turris OS has this madness enabled by default and it cannot be easily disabled.
Please turn it off and remove it from default installation.
How to detect it on network: Check that _data_ part of TCP stream to port 5060 is not modified when doing routing/NAT from lan to wan.
It is visible here:
```
# iptables-save | grep 5060
-A zone_guest_turris_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
-A zone_guest_turris_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip
-A zone_lan_helper -p tcp -m comment --comment "!fw3: SIP VoIP connection tracking" -m tcp --dport 5060 -j CT --helper sip
-A zone_lan_helper -p udp -m comment --comment "!fw3: SIP VoIP connection tracking" -m udp --dport 5060 -j CT --helper sip
```
Note that this is all about _data_ content of UDP and TCP packets, not IP headers of IP packets.
More details about SIP ALG and what it cause when is enabled:
* https://www.802.cz/sip-alg/
* https://web.archive.org/web/20180517153856/https://www.telefonujeme.cz/about6415.html
* https://getvoip.com/blog/2020/09/01/what-is-sip-alg/
* http://forum.odorik.cz/viewtopic.php?f=7&t=1274
* http://forum.odorik.cz/viewtopic.php?f=15&t=4733https://gitlab.nic.cz/turris/os/build/-/issues/326fw_printenv does not work on U-boot 2022.01 and newer2023-03-03T02:04:23+01:00Josef Schlehoferfw_printenv does not work on U-boot 2022.01 and newerEnvironment: Turris Omnia, burstlab + installed new version of U-boot by using ``turris-nor-update -d``
# Actual behavior:
```
== U-Boot version ==
U-Boot SPL 2022.01 (Jan 27 2022 - 00:24:34 +0000)
U-Boot 2022.01 (Jan 27 2022 - 00:24:...Environment: Turris Omnia, burstlab + installed new version of U-boot by using ``turris-nor-update -d``
# Actual behavior:
```
== U-Boot version ==
U-Boot SPL 2022.01 (Jan 27 2022 - 00:24:34 +0000)
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000)
== U-Boot environment ==
Read error on /dev/mtd0: Attempted to read 65536 bytes but got 0
== Rescue image version (this can be missing for even pretty new rescue versions) ==
lzcat: /dev/mtd1: Compressed data is corrupt
************** firmware
````
# Expected behavior:
- U-boot env is printed.
- Rescue image version is printed
Related: turris/os/packages!878Turris OS 6.0https://gitlab.nic.cz/turris/os/build/-/issues/289Mosquitto does not cooperate with Access Point plugin well (can not load serv...2022-09-26T20:42:06+02:00Josef SchlehoferMosquitto does not cooperate with Access Point plugin well (can not load server key)This is happening only on Turris 6.0 and it can be reporudced by downloading Access Point Remote Plugin and generating certificate.
`Jul 24 23:01:20 TurrisMoxNAS mosquitto[3564]: 1627167680: Error: Unable to load server key file "/etc/s...This is happening only on Turris 6.0 and it can be reporudced by downloading Access Point Remote Plugin and generating certificate.
`Jul 24 23:01:20 TurrisMoxNAS mosquitto[3564]: 1627167680: Error: Unable to load server key file "/etc/ssl/ca/remote/01.key". Check keyfile.`
cc: @jhoracekTurris OS 6.02022-08-19https://gitlab.nic.cz/turris/os/build/-/issues/181Provide OTP function inside LXC container2022-06-06T14:18:38+02:00Vojtech MyslivecProvide OTP function inside LXC containerIn Turris OS LXC container on top of Turris OS running on our Hardware (Turris 1.x, Omnia, MOX), OTP commands are not available (at least `atsha204cmd` is not).
We should resolve this issue as e.g. Foris depends on correctly working `cr...In Turris OS LXC container on top of Turris OS running on our Hardware (Turris 1.x, Omnia, MOX), OTP commands are not available (at least `atsha204cmd` is not).
We should resolve this issue as e.g. Foris depends on correctly working `crypto-wrapper serial-number` command to display device serial number in About tab.Turris OS 6.0Michal HruseckyMichal Hrusecky