[Frage] Why did one FB upgrade to 7.01?

[frater]

I have a pool of 66 Fritzboxes that are converted to Freetz which I'm monitoring with Zabbix.
Most of them are 7490's and 7390's, but also some 7360. 3270, 7270...
I'm heavily monitoring these for some 6 years and for that they depend on Freetz as they are running a Zabbix agent.

Those Zabbix agents become pivotal in their ability to monitor other devices in the network. Through Zabbix I can ping devices in their network and have a better image of their networks health. I used to be able to see DSL-saturation but each time AVM upgrades it breaks the script I created for it. Finally I gave up. But still that Zabbix agent provides me a lot of useful data.

Monday night at 3:00 AM one of those boxes was unable to access the Freetz interface and Zabbix was unable to reach the agent on it. I checked this out by logging into the AVM WebIF and noticed the modem upgraded to Fritz!OS 7.01. Up until that time it was running Freetz 6.83 for a 7490.

I checked the update settings and it was set to the 2nd option

Notify me about new versions of FRITZ!OS and install necessary updates automatically (recommended)

I then started to check other modems and saw they were all set to that option. I can lose 1 modem to Fritz!OS, but to lose all 66 would be a disaster, so I'm logging into all modems and change that setting to the first one:

The FRITZ!Box notifies you about new versions of FRITZ!OS. The FRITZ!Box indicates on the "Overview" page that a new version of FRITZ!OS is available. You can also request notification about the new version by push service mail

I never changed that option because in all these years I never had a Freetz-box upgrade itself to Fritz!OS.

My question now is: "Why did this one box upgrade itself to Fritz!OS 7.01 whilst others did not and why did it do this on that specific moment??"

I do want to add some extra info. All modems in my pool have some specifics and this one is of a client of ours, but is the only 7490 of our pool which is connected to the fibre-network of XS4all, a big Dutch provider, who also provided the 7490.
I have a feeling that this provider asked AVM to raise some emergency flag so that modems from their pool are forced to 7.01 regardless to what they are running (Fritz!OS or Freetz).

I can't afford to lose another modem to Fritz!OS so I will continue to change that setting on those other 65 modems (I'm halfway through).

I didn't yet make the move to 7.01 because the International firmwares are lagging behind the German ones. I may not even make that move as I'm heavily dependent on the Freetz additional Firewall interface that's able to create NAT-entries to itself.

I just noticed that I can't reach that 7.01's WebIF using its DNS-name. I can only access it using its IP-address. I think 7.01 has added some DNS-rebinding security or the Fritz!OS WebIF forces you to use a certificate matching the DNS-name.
Can I turn this off somewhere?

AFAIK I have no way of reverting this remotely.
My procedure to "Freetz" a new 7490 is to downgrade it to 6.x using the recovery tool and then upload the firmware using the 6.x WebIF.
Even if I would have remote access to a Windows machine I would not be able to continue as the recovery tool resets all settings and I will lose access.
I know there is some other procedure to "Freetz", but because the above procedure works I never examined it. Would that other procedure work?

 

[koyaanisqatsi]

Hello

My procedure to "Freetz" a new 7490 is to downgrade it to 6.x using the recovery tool and then upload the firmware using the 6.x WebIF.

You can go back to previous installed ( freetz ) firmware with: linux_fs_start

C:\Windows\system32>ftp 192.168.178.1
Connected to 192.168.178.1.
220 ADAM2 FTP Server ready
User (192.168.178.1:(none)): adam2
331 Password required for adam2
Password:
230 User adam2 successfully logged in
ftp> quote GETENV linux_fs_start
linux_fs_start 1
200 GETENV command successful
ftp> quote SETENV linux_fs_start 0
200 SETENV command successful
ftp> quote REBOOT
221 Thank you for using the FTP service on ADAM2
221 Goodbye.
Connection closed by remote host.
ftp> bye

 

[frater]

I just logged into Linux NAS I can still reach in that network

[~] # ping -c1 192.168.178.1
PING 192.168.178.1 (192.168.178.1): 56 data bytes
64 bytes from 192.168.178.1: seq=0 ttl=64 time=0.441 ms

--- 192.168.178.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.441/0.441/0.441 ms
[~] # ftp 192.168.178.1
ftp: connect: Connection refused
ftp> bye

I guess that works only when the FB has just started and has not yet loaded the firmware?
That means I can't do it remotely (interactively) because I can't reach that NAS during that stage....

What I could do is write a script that will do this automatically whenever the FB comes out of a non-pingable situation.
But before I can do that I need to test this.
For now I can live with one "lost" Freetz.
Please confirm what I'm thinking is correct.

EDIT
I just read a bit more on that website and it seems I can use EVA-tools to do this for me so I don't have to write my own scripts for that. Still I need to examine this first and I also need to wait until this evening as the Fritz!Box is being used during the day.


Does @PeterPawn have an idea why only that FB upgraded to Fritz!OS?

 

[PeterPawn]

@frater (ich schreib mal in Deutsch, wenn's Probleme macht, gerne auch in Englisch, aber m.W. kannst Du Deutsch ja lesen):

Das Problem mit dem nicht gewünschten Update und dem nicht nachvollziehbaren Deklarieren einer schon länger existierenden Firmware-Version als "wichtiges Update", gibt es immer wieder ... man kann tatsächlich nur noch empfehlen, die erste Einstellung zu benutzen, weil AVM es entweder nicht in den Griff kriegt oder es nicht in den Griff kriegen will.

Wenn das NAS mit der FRITZ!Box per Kabel verbunden ist, kann man auf dem die entsprechenden Skripte laufen lassen, welche die FRITZ!Box beim Start wieder auf die vorhergehende Version zurückstellen.

Ich habe das (als Angriffsversuch) schon so manches Mal vollautomatisch machen lassen ... es ist eigentlich nur ein leicht geändertes "eva_switch_system", weil man hier vielleicht sicherstellen sollte, daß es nicht mehrfach "umgeschaltet" wird und das Skript entsprechend abändern müßte, damit es den festen Wert setzt (einfach in Zeile 199 in "eva_switch_system" das "$new" ersetzen) und nicht den anderen "errechnet". Welcher Wert von "linux_fs_start" gerade aktiv ist, sieht man in den Support-Daten - man will dann logischerweise den anderen haben, wenn man auf die letzte Version zürück möchte.

Fügt man dann dem Aufruf von "eva_discover" am Beginn von "eva_switch_system" noch den Parameter "WAIT=nnnn" hinzu (für die max. Wartezeit, bis eine startende FRITZ!Box gefunden wird - das sind 120 Sekunden als Standard, deshalb gibt es den Parameter in "eva_switch_system" nicht extra), kann man das Skript einfach anstarten und auf dem NAS laufen lassen ... und dann irgendwann die FRITZ!Box neu starten. Geht alles glatt (bei mir macht es das, aber man sollte das vorher selbst üben und ggf. auch mal mit dem NAS und einer anderen FRITZ!Box durchspielen - bei mir tritt an die Stelle des NAS i.d.R. ein RasPi), startet die Box anschließend wieder mit der gewünschten Systemversion.

Wobei man bei einigen Modellen tatsächlich ein Power-Off braucht, damit man in den Bootloader kommt (ich habe hier auch 6490, bei denen das so ist, nicht nur die GRX-Modelle sind davon betroffen) ... da macht es sich dann bezahlt, wenn die Box an einer schaltbaren Steckdose hängt (die aber so viel autonome Intelligenz hat, daß der Einschalt-Vorgang automatisch läuft). Bis zur 7490 hatte ich allerdings i.d.R. derartige Probleme nicht und es klappt auch nach einem "Warmstart".

 

[frater]

Es stimmt das ich ohne Problemen Deutsch lesen kann, aber beim schreiben muss ich immer ein bisschen suchen. Ohne Fehler schreiben in Englisch ist auch einfacher für mich...
...
I just updated the settings of all the Fritzboxes under my control and my only worry now is this one box.
I think I will leave it like that as I can't take the risk of breaking it and having to go there. We're getting paid to keep that connection alive, not break it.
In this case we only get paid for incidents and the only reason it gets monitored is the ease it gives us when troubleshooting.

I think I will go there when I need to be there for other purposes and take that as an extra job.
Thanks for enlightening me. I didn't know about the revert firmware option.

Now I need to search for a CLI-command to check the status of that "update setting", so I can get a Zabbix message in my dashboard whenever it's not set to "notify only".
I need to have those safeguards as it's only human to forget those kind of things when setting up a modem.

I need to look into 7.01 for Freetz as well.

 

[eisbaerin]

but to lose all 66 would be a disaster, so I'm logging into all modems and change that setting to the first one:

Dann ist es IMO besser wie ich es mache:
Unter AVM-Dienste folgendes abhaken:

[_] FRITZ!Box sucht periodisch nach Updates
Bei der Suche nach Updates werden gerätespezifische Daten wie z.B. das aktuelle FRITZ!OS an AVM übermittelt.

Dann verschwindet unter "Update" sogar der Reiter mit den Einstellungen aus #1

 

[frater]

Thanks Mrs. ice bear.
I will do this for future firmwares....
All 66 now have it set to only notify....

### Zusammenführung Doppelpost by stoney ###

Mrs. ice bear....
I can't find the settings you are talking about...
Not where I can set the options with "make menuconfig" nor in the Freetz interface.

 

[eisbaerin]

In der .06.83 und davor ist es noch sehr versteckt:
Unter Inhalte:
http://fritz.box/?lp=sitemap
ganz unten dann "AVM-Dienste"


Ab der .06.98/.07.xx findet man es dann auch noch an der alten Stelle, aber auch unter :
Internet/Zugangsdaten/AVM-Dienste
http://fritz.box/?lp=rootServices

 

[frater]

Thank you! Eisbärin
Keep warm!

For those, like me, on International:

http://fritz.box/?lp=sitemap




//edit by stoney: Bilder geschrumpft

 

[PeterPawn]

@frater:
You should deactivate "Diagnostics and Maintenance", too.

Look at the german (context-sensitive) help page (https://service.avm.de/help/de/FRITZ-Box-Fon-WLAN-7490/017p2/hilfe_avm_dienste) and take notice of the sentence:

AVM kann im Bedarfsfall ein Software-Update unabhängig von den sonstigen Update-Einstellungen Ihrer FRITZ!Box vornehmen, etwa um den störungsfreien Betrieb zu sichern.

It exists even in the english version (at https://service.avm.de/help/en/FRITZ-Box-Fon-WLAN-7490/017p2/hilfe_avm_dienste):

If necessary, AVM can perform a software update, regardless of the other update settings in your FRITZ!Box, in order to ensure undisturbed operation.

To draw a conclusion: Don't feel safe, if you've deactivated the automatic search for firmware updates, as long as you didn't shut off the "spy services" from AVM at the same time.

 

[frater]

Thanks PeterPawn....
It seems I need to do all those 66 boxes again
That's going to be a job for tomorrow

 

[eisbaerin]

Keep warm!

Oh, no! Sorry! I love it cold.