Absolutelly the same issue.Does anybody else have issues to update Diversion?
Ditto, I thought I was somehow being blocked by the diversion.ch site ???Does anybody else have issues to update Diversion?
I can force update Diversion, maybe you need to update the entware ca-certificates package?Does anybody else have issues to update Diversion?
This is the verbose error messages I get if I try to download 'amtm' from diversion.ch !!!Ditto, I thought I was somehow being blocked by the diversion.ch site ???
I had Diversion 4.1.12 running fine on RT-AC56U and now I cannot install amtm to do a fresh install 'from scratch'. !!!
I have tried installing the 374.43 LTS firmware and got the same issues.
Got Diversion 4.2.0 installed and running on 2 routers with no problem.
Must be missing something obvious !!!
admin@RT-AC56U:/tmp/home/root/test# curl -v -v -v -Os http://diversion.ch/amtm/amtm
* Trying 80.74.145.140...
* TCP_NODELAY set
* Connected to diversion.ch (80.74.145.140) port 80 (#0)
> GET /amtm/amtm HTTP/1.1
> Host: diversion.ch
> User-Agent: curl/7.60.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Sun, 03 Oct 2021 16:09:00 GMT
< Content-Type: text/html
< Content-Length: 162
< Connection: keep-alive
< Location: https://diversion.ch/amtm/amtm
<
Run the same test with https://diversion.ch/amtm/amtmThis is the verbose error messages I get if I try to download 'amtm' from diversion.ch !!!
curl -vvv https://diversion.ch/amtm/amtm -o /dev/null
* Trying 80.74.145.140:443...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to diversion.ch (80.74.145.140) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4045 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=diversion.ch
* start date: Aug 5 23:06:51 2021 GMT
* expire date: Nov 3 23:06:49 2021 GMT
* subjectAltName: host "diversion.ch" matched cert's "diversion.ch"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
} [5 bytes data]
> GET /amtm/amtm HTTP/1.1
> Host: diversion.ch
> User-Agent: curl/7.76.1
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [265 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sun, 03 Oct 2021 19:30:27 GMT
< Content-Type: text/plain
< Content-Length: 35187
< Connection: keep-alive
< Vary: Accept-Encoding
< Last-Modified: Sun, 11 Jul 2021 14:58:38 GMT
< Accept-Ranges: none
< Vary: Accept-Encoding
<
{ [16127 bytes data]
100 35187 100 35187 0 0 55587 0 --:--:-- --:--:-- --:--:-- 69677
* Connection #0 to host diversion.ch left intact
Run the same test with https://diversion.ch/amtm/amtm
Ditto.I'm having the same problem on a RT-AC3200.... Unable to update Diversion at all....
admin@RT-AC3200:/tmp/home/root# curl -vvv https://diversion.ch/amtm/amtm -o /dev/null
* Trying 80.74.145.140:443...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to diversion.ch (80.74.145.140) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4038 bytes data]
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
} [2 bytes data]
* SSL certificate problem: certificate has expired
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
It all goes back to the Let's Encrypt root cert expiry. Normally, you could just install curl and ca-certificates from Entware but amtm won't look at Entware's curl. Or see if the AC87U fork has updated certs.Ditto.
Mistyped the original commandline
Not sure what files I need to change & how/where !!!???
Completely wild idea but could you bind mount Entware's curl over the busybox version?It all goes back to the Let's Encrypt root cert expiry. Normally, you could just install curl and ca-certificates from Entware but amtm won't look at Entware's curl. Or see if the AC87U fork has updated certs.
mount -o bind /opt/bin/curl /usr/sbin/curl
On my RT-AC3200 at least, there is no curl at that location. I am not sure where it is actually stored?Completely wild idea but could you bind mount Entware's curl over the busybox version?Code:mount -o bind /opt/bin/curl /usr/sbin/curl
Sorting the Whitelist causes the operation to crash within diversion, with the following message:
Sort the file now? [1=Yes e=Exit] 1
awk: cmd. line:1: Unexpected end of string
After which the whitelist is completely wiped (0 entries).
Any ideas?
(obviously I just restored the whitelist from backups, just pointing this out in case it's an obvious bug)
Confirmed, a misplaced piece of code made it there which affects the wildcard and whitelist when sorting.Seeing the same error when sorting wc_blacklist.
Sort the file now? [1=Yes e=Exit] 1
awk: cmd. line:1: Unexpected end of string
After which the wc_blacklist is completely wiped also.
I can confirm your error with the RT-AC87U with the old Firmware 384.13_8. Generally, that applies to all old firmware that uses expired root CA's. Unfortunately, there's nothing I can do in amtm or Diversion to circumvent that as both need to download files first to act.Does anybody else have issues to update Diversion?
Solved:I can confirm your error with the RT-AC87U with the old Firmware 384.13_8. Generally, that applies to all old firmware that uses expired root CA's. Unfortunately, there's nothing I can do in amtm or Diversion to circumvent that as both need to download files first to act.
A hotfix for Diversion 4.2.0 has been uploaded, no version change.
1 open Diversion v4.2.0 -> min upd
Diversion update | Diversion update 0% Reload page |
---|
Same issue hereon my RT-AC86U. Now getting these errors:Something went wrong when I tried to normally install the update using amtm. Diversion did not update.
Now, afterwards, after rebooting the router a couple of times, amtm still shows that update is available
Seems that my Diversion is somehow broken now. How can I fix it? By reinstalling? Best way to uninstall and reinstall Diversion so that my settings are restored from backup as normally?
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library
Diversion 4.2.0 by thelonelycoder
RT-AC86U (aarch64) FW-386.3 @ 192.168.0.1 IPv6
90,966 blocked domains by 0 hosts file(s)
hosts list empty, blocking list update will not run
2.004M t 10,907 w 2,929 n ads since Oct 02 17:20
Done Added missing swap file entry to /jffs/scripts/post-mount
Same issue here. Now getting these errors:
Code:/opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library /opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library /opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library /opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library /opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library /opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library /opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library /opt/bin/diversion: line 66: /opt/bin/grep: Accessing a corrupted shared library Diversion 4.2.0 by thelonelycoder RT-AC86U (aarch64) FW-386.3 @ 192.168.0.1 IPv6 90,966 blocked domains by 0 hosts file(s) hosts list empty, blocking list update will not run 2.004M t 10,907 w 2,929 n ads since Oct 02 17:20
Also see this:
Code:Done Added missing swap file entry to /jffs/scripts/post-mount
Result being my Diversion is, to use the technical term, borked.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!