Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Everything about rooting Toons 1 and 2.

Moderators: marcelr, TheHogNL, Toonz

michel30
Member
Member
Posts: 286
Joined: Fri Aug 25, 2017 4:42 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by michel30 »

And does no one has a certificate for the Toon one to write over the old one with the new one?
TheHogNL
Forum Moderator
Forum Moderator
Posts: 2125
Joined: Sun Aug 20, 2017 8:53 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheHogNL »

michel30 wrote: Mon Apr 18, 2022 7:03 pm And does no one has a certificate for the Toon one to write over the old one with the new one?
The certificates are personal to the toon. You can't use one certificate multiple times.

But I am working on a script to be able to ask a new toon1 certificate without upgrading to 5.46.19. So hang on just a few days.
Member of the Toon Software Collective
TheRedBull
Starting Member
Starting Member
Posts: 6
Joined: Sun Sep 02, 2018 1:37 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheRedBull »

TheHogNL wrote: Mon Apr 18, 2022 8:14 pm
michel30 wrote: Mon Apr 18, 2022 7:03 pm And does no one has a certificate for the Toon one to write over the old one with the new one?
The certificates are personal to the toon. You can't use one certificate multiple times.

But I am working on a script to be able to ask a new toon1 certificate without upgrading to 5.46.19. So hang on just a few days.
Also missed the update last week....

Not sure if there is any email listing, or way to be notified about these urgent updates?

Also can't someone with the update not acquire the code that was used by the update to get new certificates? Or is this exactly what you are currently figuring out?
TheHogNL
Forum Moderator
Forum Moderator
Posts: 2125
Joined: Sun Aug 20, 2017 8:53 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheHogNL »

TheRedBull wrote: Tue Apr 19, 2022 8:05 pm Also can't someone with the update not acquire the code that was used by the update to get new certificates? Or is this exactly what you are currently figuring out?
Exactly
Member of the Toon Software Collective
TheHogNL
Forum Moderator
Forum Moderator
Posts: 2125
Joined: Sun Aug 20, 2017 8:53 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheHogNL »

The latest update script (update-rooted.sh v4.7) will now request new VPN certificates if necessary automatically or if you provide the -c option. After that you can update the firmware as usual again.
Member of the Toon Software Collective
FunFair
Starting Member
Starting Member
Posts: 42
Joined: Sun Oct 01, 2017 11:40 am

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by FunFair »

TheHogNL wrote: Wed Apr 20, 2022 1:10 pm The latest update script (update-rooted.sh v4.7) will now request new VPN certificates if necessary automatically or if you provide the -c option. After that you can update the firmware as usual again.
hero!

It requested a new certificate voor my Toon 1 and now the VPN tunnel is working again!
michel30
Member
Member
Posts: 286
Joined: Fri Aug 25, 2017 4:42 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by michel30 »

TheHogNL wrote: Wed Apr 20, 2022 1:10 pm The latest update script (update-rooted.sh v4.7) will now request new VPN certificates if necessary automatically or if you provide the -c option. After that you can update the firmware as usual again.
So for my understanding.

I put the file update-rooted.sh v4.7 on my toon one and run this scrip with the option -c and fingers cross
Toonz
Forum Moderator
Forum Moderator
Posts: 1873
Joined: Mon Dec 19, 2016 1:58 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by Toonz »

or simply update via TSC menu, new script will be automatically downloaded, certificates requested and new firmware installed
member of the Toon Software Collective
michel30
Member
Member
Posts: 286
Joined: Fri Aug 25, 2017 4:42 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by michel30 »

@TheHogNL

Thanks for the new script, Toon is upgraded to version 5.49.16
TheRedBull
Starting Member
Starting Member
Posts: 6
Joined: Sun Sep 02, 2018 1:37 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheRedBull »

Toonz wrote: Wed Apr 20, 2022 7:01 pm or simply update via TSC menu, new script will be automatically downloaded, certificates requested and new firmware installed
This worked like a charm!

Thanks @Toonz And @TheHogNL

For me this means alot that you were able to fix this mayor issue for my older device.

Also that you were able to fix something that Toon (Eneco) was not able to do for all of us (so far). :D
hvxl
Senior Member
Senior Member
Posts: 1965
Joined: Sat Jun 05, 2010 11:59 am
Contact:

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by hvxl »

Being the cautious type and not really wanting to upgrade the firmware at this moment (Toon restarts frequently enough as it is), I just tried to get new certicates using update-rooted.sh -c. That didn't go very successfully:

Code: Select all

toon:~# ./update-rooted.sh -c

	:

Requesting new VPN certificates
Error opening Certificate /etc/openvpn/vpn/toon.crt
1074390752:error:02001002:system library:fopen:No such file or directory:bss_file.c:406:fopen('/etc/openvpn/vpn/toon.crt','r')
1074390752:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:408:
unable to load certificate
This toon does not contain old VPN certficates. Not necessary to update VPN certificates.
In /etc/openvpn/vpn I have the following files (serial number obscured):

Code: Select all

toon:~# ls -l /etc/openvpn/vpn/
-rw-------    1 root     root          1379 Apr 17  2012 ca.crt
-rw-r--r--    1 root     root           245 Apr 17  2012 dh1024.pem
-rw-------    1 root     root          4006 Jul 11  2014 eneco-001-######.crt
-rw-------    1 root     root           891 Jul 11  2014 eneco-001-######.key
-rw-------    1 root     root           636 Apr 17  2012 ta.key
The eneco-001 certificate doesn't appear to be a problem for another 2 years:

Code: Select all

toon:~# openssl x509 -in /etc/openvpn/vpn/eneco-001-######.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: ##### (0x#####)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
        Validity
            Not Before: Jul 11 13:23:01 2014 GMT
            Not After : Jul  8 13:23:01 2024 GMT
        Subject: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=eneco-001-######/emailAddress=admin@quby.nl
The ca certificate seems to be the one that expired last friday:

Code: Select all

toon:~# openssl x509 -in /etc/openvpn/vpn/ca.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            da:d1:03:6b:af:24:ab:59
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
        Validity
            Not Before: Apr 17 09:48:39 2012 GMT
            Not After : Apr 15 09:48:39 2022 GMT
        Subject: C=NL, ST=NH, L=Amsterdam, O=Home Automation Europe, OU=Eneco, CN=Home Automation Europe CA/emailAddress=admin@quby.nl
Should I simply rename/copy ca.crt to toon.crt and try again? Or is there no escaping a firmware upgrade?
Schelte
TheHogNL
Forum Moderator
Forum Moderator
Posts: 2125
Joined: Sun Aug 20, 2017 8:53 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheHogNL »

hvxl wrote: Thu Apr 21, 2022 12:52 pm Should I simply rename/copy ca.crt to toon.crt and try again? Or is there no escaping a firmware upgrade?
No. It is the eneco-001.xxx.crt which needs to be replaced. That certificate is signed by a CA which now is invalid/outdated. That is the issue.
However your toon hostname is 'toon' but should be 'eneco-001-xxxx'. The script uses that to find the correct filename.
I'll update the script right now (will be 4.73) to ignore the hostname and just use the filename as found in that directory.

Also ca.crt and ta.key will be replaced.
Member of the Toon Software Collective
hvxl
Senior Member
Senior Member
Posts: 1965
Joined: Sat Jun 05, 2010 11:59 am
Contact:

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by hvxl »

Fun, isn't it? Users who mess up your perfectly working script by changing the host name!

Version 4.73 successfully updated the certificates. Thanks a lot!
Schelte
TheHogNL
Forum Moderator
Forum Moderator
Posts: 2125
Joined: Sun Aug 20, 2017 8:53 pm

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by TheHogNL »

hvxl wrote: Thu Apr 21, 2022 1:52 pm Fun, isn't it? Users who mess up your perfectly working script by changing the host name!

Version 4.73 successfully updated the certificates. Thanks a lot!
I did prepare for that in the real request for the certirficate but forgot to implement the same routine in the first part where it checks for a old certificate first :)

the comment line I re-used in the fix :)

Code: Select all

#get real hostname (don't believe $HOSTNAME is always correct on rooted toons)
Member of the Toon Software Collective
Xavier
Member
Member
Posts: 174
Joined: Wed Jan 16, 2019 1:40 am

Re: Too late: Important! Upgrade to 5.49.16 ASAP for rooted and subscription Toons!

Post by Xavier »

so way to late I saw this topic.
I have 1 toon 1 and 1 toon 2.
Started by trying updating Toon 1 via TSC menu and check for upgrade.
Update is found,
Update started,
Update failed ---> var/log/ tsc.toonupdate.log:

Code: Select all

Now starting the VPN tunnel and waiting for it to be alive and configured...
Could not enable VPN in a normal reasonable time!
DEBUG information:
192.168.0.0/24 dev eth0 scope link  src 192.168.0.80
default via 192.168.0.1 dev eth0  metric 10
# <persistent /etc/hosts content can be added to /etc/hosts.template file>
127.0.0.1               localhost.localdomain           localhost              eneco-001-025058
172.23.112.1         feed.hae.int    feed
END DEBUG information
Quitting the upgrade. It was a nice try tho...
Connected to Toon1 by SSH and tried:

Code: Select all

sh /root/update-rooted.sh -o

===================================================================================================================================================================
Welcome to the rooted Toon upgrade script. This script will try to upgrade your Toon using your original connection with Eneco. It will start the VPN if necessary.
Please be advised that running this script is at your own risk!

Version: 4.73  - TheHogNL - 20-04-2022

===================================================================================================================================================================

Only start VPN and then quit
This toon does not contain old VPN certficates. Not necessary to update VPN certificates.
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Now starting the VPN tunnel and waiting for it to be alive and configured...
Could not enable VPN in a normal reasonable time!
DEBUG information:
192.168.0.0/24 dev eth0 scope link  src 192.168.0.80
default via 192.168.0.1 dev eth0  metric 10
# <persistent /etc/hosts content can be added to /etc/hosts.template file>
127.0.0.1               localhost.localdomain           localhost              eneco-001-025058
172.23.112.1         feed.hae.int    feed
END DEBUG information
Quitting the upgrade. It was a nice try tho...
killall: openvpn: no process killed

So 1 questions:
How can I upgrade to 5.49.16?

I don't dare to try to upgrade my Toon2 at this moment.
Toon2 with 6.0.2 firmware TSC 2.1.7
Apps: Sonos, Calender, garbagecalender, webcam, doorcam, Onkyo, Domoticzboard, Solar and weather app.
Post Reply

Return to “Toon Rooting”