Teddycloud CC3235 Newbie HowTo

On your Teddycloud Pi, could you please start tailing the logs of your container:

docker logs -f teddycloud

After that, please restart your teddycloud (e.g. from the Browser GUI → Settings → Restart server) and then post the complete logs from the server startup?

2024-11-16T22:19:20.098649569Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:19:20.849023046Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:19:38.859743498Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:19:39.609973623Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:19:57.872169530Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:19:58.622449492Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:20:16.633498128Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:20:17.383839577Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:20:35.394763287Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:20:36.145026389Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:20:54.156368198Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:20:55.156731198Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:21:13.168492592Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:21:13.918910261Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:23:46.516778730Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:23:47.517004804Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:23:48.517560321Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:23:49.267912323Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:23:49.518082780Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:23:50.268442058Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:23:50.715451000Z WARN |tls_server_fsm.c:0260:tlsPerformServerHandshake| TLS handshake failure!
2024-11-16T22:23:50.768786805Z INFO |server.c:0929:server_init| 1 open HTTPS Web connections
2024-11-16T22:23:51.010022979Z WARN |tls_server_fsm.c:0260:tlsPerformServerHandshake| TLS handshake failure!
2024-11-16T22:23:51.018889262Z INFO |server.c:0929:server_init| 2 open HTTPS Web connections
2024-11-16T22:23:53.020313058Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:23:53.770664333Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:24:00.023938749Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:24:00.774330442Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:24:04.025711232Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:24:04.776085124Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:24:10.530212393Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:24:11.280353743Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:24:29.541445120Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:24:30.541769229Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:24:48.552765124Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:24:49.303126219Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:25:07.313596529Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:25:08.314034324Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:25:26.324132146Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:25:27.074472847Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:25:45.085010184Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:25:45.835234616Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:26:03.598969157Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:26:04.349192748Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:26:22.360231879Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:26:23.360677349Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:26:41.374583467Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:26:42.124886790Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:27:00.136243217Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:27:00.886662604Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:27:18.897919899Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:27:19.898135108Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:27:37.909219198Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:27:38.659628916Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:27:40.309349618Z TeddyCloud v0.6.2 (203f12d) - 2024-10-26 18:14:34 +0000 ubuntu linux-aarch64(64)
2024-11-16T22:27:40.309476210Z 
2024-11-16T22:27:40.312434850Z INFO |settings.c:0848:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
2024-11-16T22:27:40.315566045Z INFO |settings.c:0848:settings_load_ovl| Load settings from /teddycloud/config/config.ini
2024-11-16T22:27:40.316351260Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
2024-11-16T22:27:40.317028125Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-key.pem' assumed PEM style
2024-11-16T22:27:40.317696860Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
2024-11-16T22:27:40.318335261Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
2024-11-16T22:27:40.319227235Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
2024-11-16T22:27:40.319927432Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
2024-11-16T22:27:40.320962127Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
2024-11-16T22:27:40.321591603Z INFO |settings.c:0848:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
2024-11-16T22:27:40.325367125Z INFO |tls_adapter.c:0390:tls_adapter_init| Loading certificates...
2024-11-16T22:27:40.325460995Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
2024-11-16T22:27:40.325549550Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-key.pem' assumed PEM style
2024-11-16T22:27:40.325700622Z INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
2024-11-16T22:27:40.325865454Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
2024-11-16T22:27:40.326119600Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
2024-11-16T22:27:40.326331450Z INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
2024-11-16T22:27:40.326572559Z INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
2024-11-16T22:27:40.351919113Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
2024-11-16T22:27:40.352012316Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5051239
2024-11-16T22:27:41.092863887Z INFO |toniesJson.c:0100:tonies_update| Updating tonies.json from api.revvox.de...
2024-11-16T22:27:41.092955276Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...
2024-11-16T22:27:41.108457065Z INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226
2024-11-16T22:27:41.359212059Z INFO |cloud_request.c:0382:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonies.json
2024-11-16T22:27:41.359366928Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...
2024-11-16T22:27:41.375772635Z INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.111.133
2024-11-16T22:27:43.672904931Z INFO |toniesJson.c:0124:tonies_update| ... success updating tonies.json from api.revvox.de, reloading
2024-11-16T22:27:43.735083015Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
2024-11-16T22:27:43.735236032Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5051239
2024-11-16T22:27:44.486278039Z INFO |toniesJson.c:0211:tonieboxes_update| Updating tonies.json from api.revvox.de...
2024-11-16T22:27:44.486368557Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...
2024-11-16T22:27:44.500942281Z INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226
2024-11-16T22:27:44.750198837Z INFO |cloud_request.c:0382:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonieboxes.json
2024-11-16T22:27:44.750297003Z INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...
2024-11-16T22:27:44.766086180Z INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.111.133
2024-11-16T22:27:44.950759969Z INFO |toniesJson.c:0238:tonieboxes_update| ... success updating tonieboxes.json from api.revvox.de, reloading
2024-11-16T22:27:45.016296284Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
2024-11-16T22:27:45.016783168Z INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5051239
2024-11-16T22:27:55.820407182Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:27:56.571054264Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:28:14.584680203Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:28:15.334970242Z INFO |server.c:0959:server_init| 0 open HTTPS API connections
2024-11-16T22:28:33.346001662Z INFO |server.c:0959:server_init| 1 open HTTPS API connections
2024-11-16T22:28:34.346369524Z INFO |server.c:0959:server_init| 0 open HTTPS API connections

Looks good. Now what happens in the logs when you do a freshness check? Or place a Tonie on the Box?

INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
WARN |tls_server_fsm.c:0260:tlsPerformServerHandshake| TLS handshake failure!
WARN |tls_server_fsm.c:0260:tlsPerformServerHandshake| TLS handshake failure!
WARN |tls_server_fsm.c:0260:tlsPerformServerHandshake| TLS handshake failure!
INFO |server.c:0929:server_init| 3 open HTTPS Web connections
WARN |tls_server_fsm.c:0260:tlsPerformServerHandshake| TLS handshake failure!
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections
INFO |server.c:0959:server_init| 1 open HTTPS API connections
INFO |server.c:0959:server_init| 0 open HTTPS API connections

Also, the only time I see Requests from the box in AdGuard is when the box turns on. I cant see anything new in Adguard when I do a freshness check or use a non-downloaded Tonie.

Hey,

that still looks like with issue of the certificates. The DNS and network settings looks good but your certificates are still the issue.

Could you post each command you put in your console. And explain here again your step by step.

I know it is annoying but I think it all comes down to the flashing and copying process.

@Martin_Gubin

This is how my cert folder for Teddycloud looks like:

Client:

~/teddycloudfolder/certs/client$ ls
ca.der  client.der  private.der

Those files are from the extract of your Toniebox firmware the original one.

Server:

~/teddycloudfolder/certs/server$ ls
ca-key.pem  ca-root.pem  ca-root.srl  ca.der  teddy-cert.pem  teddy-key.csr  teddy-key.pem

All those files are from the gensert.sh program. The ca.der is the one I flashed the toniebox with.

Does your folder looks the same ?

One last thing, How do you copy your cert into the docker ? Can you please show your docker config.

@Martin_Gubin

This is my docker config. I put the cert in a dedicated folder and then pass them through the volume option. I never used the “docker cp” function. Maybe that is the topic ? Be advice, I use the develop branch.

version: '3'
services:
  teddycloud:
    container_name: teddycloud
    hostname: teddycloud
    image: ghcr.io/toniebox-reverse-engineering/teddycloud:develop
    ports:
      - 80:80 #optional (for the webinterface)
      - 8443:8443 #optional (for the webinterface)
      - 443:443 #Port is needed for the connection for the box, must not be changed!
    volumes:
      - /home/XXX/teddycloudfolder/certs:/teddycloud/certs
      - /home/XXX/teddycloudfolder/config:/teddycloud/config
      - /home/XXX/teddycloudfolder/data/content:/teddycloud/data/content
      - /home/XXX/teddycloudfolder/data/library:/teddycloud/data/library
      - /home/XXX/teddycloudfolder/data/firmware:/teddycloud/data/firmware
      - /home/XXX/teddycloudfolder/data/cache:/teddycloud/data/cache
    restart: unless-stopped

Edit: Could it be if you copy the cert into docker and then destroy the docker by restarting it, the files are lost ? I’m not an expert in docker but the files within the docker container are not persistent if not linked via the volume option. Please correct if I’m wrong.

Actually that’s not the case. There are two ways for volume mounts in Docker:

1. native Docker volumes: - certs:/teddycloud/certs
2. explicitly mounted directories: - /home/xxx/teddy/certs:/teddycloud/certs

In both cases, the data is not lost when you shut down, restart or update the container. Both of them even persist when you delete the container.

In case 1, the Docker daemon will create a dedicated folder for each defined volume inside its own directories. So at the end, this is also a directory on your host system, but owned by docker or root. The default directory for Docker volumes is /var/lib/docker/volumes/ (on Linux). So if you define your docker-compose.yaml like in example 1. , your certificate volume will be created at /var/lib/docker/volumes/teddycloud_certs/_data on your host system. Any files that you copy or move into this directory will be available inside the container (and vice-versa).

So at the end, 1 and 2 are basically the same, the only difference is that in case 1, Docker will take care of creating the folders. Whereas in case 2, the file handling is a little bit more convenient, as this directory might already belong to your user (e.g. pi instead of root).

I suspect that your error is here. Can you please post this step in more detail? Are you sure that you patch the ca.der of Teddycloud (→ result of gencerts.sh) into your dumped firmware?

cc3200tool -if backupCC3235.bin -of cc3235-flash.customca.bin -d cc32xx write_file /home/pi/toniebox/certs/server/ca.der /cert/ca.der

The second last parameter (/home/pi/toniebox/certs/server/ca.der) has to be the Teddy CA, not the Boxine CA that you read from your Toniebox. Here’s a picutre how it has to be at the end, after you flashed your modified firmware onto your Toniebox:

certificates-tonie-teddy1650×884 180 KB

@Martin_Gubin I think I know why. Please put the both domains on your allowlist in Adguard so they dont‘t get blocked!

prod.de.tbs.toys 
rtnl.bxcl.de

THIS! OMG IT WORKED! Thank you so much!

I have no idea why, but I completely removed teddycloud from docker. Then I created the folders
/home/pi/teddycloudfolder/certs/client
and
/home/pi/teddycloudfolder/certs/server

And I added my Toniebox certs to the client folder and the generated ones to server BEFORE creating the teddycloud. Then I created teddycloud with your options:

version: '3'
services:
  teddycloud:
    container_name: teddycloud
    hostname: teddycloud
    image: ghcr.io/toniebox-reverse-engineering/teddycloud:develop
    ports:
      - 80:80 #optional (for the webinterface)
      - 8443:8443 #optional (for the webinterface)
      - 443:443 #Port is needed for the connection for the box, must not be changed!
    volumes:
      - /home/pi/teddycloudfolder/certs:/teddycloud/certs
      - /home/pi/teddycloudfolder/config:/teddycloud/config
      - /home/pi/teddycloudfolder/data/content:/teddycloud/data/content
      - /home/pi/teddycloudfolder/data/library:/teddycloud/data/library
      - /home/pi/teddycloudfolder/data/firmware:/teddycloud/data/firmware
      - /home/pi/teddycloudfolder/data/cache:/teddycloud/data/cache
    restart: unless-stopped

develop branch and latest are working fine. Teddycloud instantly recognized my Toniebox!

…I have no idea why it didnt work the initial way. I was able to copy the client certs from the box without issues, I was even able to activate boxine cloud.
I also extracted the patched firmware and did a diff command with the docker server file and they said they were identical…

Anyways, thank you so much for your support. I really, really appreciate it.

I am getting stuck on reading the original firmware. I am pretty sure I’ve gotten the clamp to sit properly. Is the error below because of the clamp not sitting good (lsusb seemed to work)? Or is my version of flashrom not compatible? One other possibility I could think of is I am using POPOS and sometimes I need to change permission of the USB (I have had to do this when flashing ESP32 before).

sudo flashrom -p ch341a_spi -r backupCC3235.bin
flashrom v1.2 on Linux 6.9.3-76060903-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Generic flash chip "unknown SPI chip (RDID)" (0 kB, SPI) on ch341a_spi.
===
This flash part has status NOT WORKING for operations: PROBE READ ERASE WRITE
The test status of this chip may have been updated in the latest development
version of flashrom. If you are running the latest development version,
please email a report to flashrom@flashrom.org if any of the above operations
work correctly for you with this flash chip. Please include the flashrom log
file for all operations you tested (see the man page for details), and mention
which mainboard or programmer you tested in the subject line.
Thanks for your help!
Read is not working on this chip. Aborting.

The version of flashrom should be ok. Even in the latest version, the Toniebox chip is shown as “unknown” but it works anyways. I also used v1.2!

In your case, the file size of the flash chip is wrong. It should be 4MB, not 0 kB.

Found Generic flash chip "unknown SPI chip (RDID)" (0 kB, SPI) on ch341a_spi.

So I would assume it’s the clamp not sitting correct. But the error messages are normally different in this case. Very strange.

Yeah not sure whats happening, tried to reseat it mny times. I noticed my rogrammer had a jumper on it. are their any jumpers on your programmer that you are using?

I have similiar problems with the "owl"error after flashing the custom file several times…
After reading the whole discussion i maybe mentioned your Problem:

The TeddyCloud-Server should have a different IP then the AdGuard-Server.
Screenshot DNS Server in FritzBox Settings and in the Adguard Rewrite Rule are both …29

Now to my problem

Believe it or not… in my first flash I had a working Teddycloud Toniebox.
During my vacation, I played around with the box, my network in general and the Teddycloud and unfortunately I got a bit lost… but I can’t figure it out.

My current guess is the AdGuard DNS.

First of all, my setup:
ProxMox server with AdGuard Home, as well as Teddycloud (installed via the helper script : https://community-scripts.github.io/ProxmoxVE/scripts?id=teddycloud

I have now reinstalled everything except AdGuard (Toniebox and Teddycloud). Unfortunately, I get the message “Owl” after flashing. As mentioned, I suspect that the AdGuard Home DNS is the problem.

I noticed that an entry had landed on the AdGuard blocklist:

dns_blocklist1354×498 58.9 KB

I initially released the domain again in the user-defined rules, but then the forwarding to Teddycloud did not work.

I have now adjusted the rule and added important:
(.249 = TonieBox, .62 Teddycloud)
||prod.de.tbs.toys^$dnsrewrite=NOERROR;A;‘192.168.178.62’,client=‘192.168.178.249’$important
||rtnl.bxcl.de^$dnsrewrite=NOERROR;A;‘192.168.178.62’,client=‘192.168.178.249’$important

However, the result is still blocked…

As mentioned, very exciting, as the forwarding used to work perfectly before a week…

I had already extracted the flashed.bin and checked the certificate (which i created with ./generate.sh): it shows teddycloud as name.

Does anyone else have any ideas? What options do I have to exclude AdGuard or the TonieBox in failure analysis?

I’m using Pihole instead of Adguard but I had the same problem at first and can confirm that a blocked rtnl.bxcl.de will lead to error code owl and what makes this problem hard to detect is that the Toniebox sometimes works and sometimes not.

You have to allow (whitelist) this domain globally in Adguard, see here.

@@|rtnl.bxcl.de^$important

In addition to that, you need the dns rewrite rules for your Toniebox. The combination of both should work. What do you mean with “forwarding to Teddycloud did not work”? This is independent from the allowlist.

AdGuard Custom Rule Working:

! TonieCloud unblock
@@|rtnl.bxcl.de^$important
! Umleitung von TonieBox (.249) auf Teddycloud (.62)
||prod.de.tbs.toys^$dnsrewrite=NOERROR;A;192.168.178.62,client=192.168.178.249
||rtnl.bxcl.de^$dnsrewrite=NOERROR;A;192.168.178.62,client=192.168.178.249

@marco79cgn,

first of all thank you for the detailed guide.
Now I am a little bit lost.
my QinHeng Electronics CH341 in EPP/MEM/I2C mode, EPP/I2C adapter is recognised by the pi when no Toniebox platine is connected. But when I unplug the USB Adapter and the connect the platine (proper conected and steady green) the adapter disapears in the list. I tried it with stronger power supply and with 2 Tonieboxes, no change.

I had the exact same problem. I solved it by ordering another programmer and then it worked immediately. I even left the clamp sitting on the board the whole time until the new programmer arrived from Amazon (2 days).

Wow, yes you were right. New Adapter and firmware flashing worked. Used the Adguard Settings but unfortunatelly no connection and codeword “Eule”