Toniebox Offline after Network Change

o3liger · June 10, 2025, 11:43am

After I changed my Network (Wifi & Subnet), the Toniebox is booting but is not connected to Teddycloud

Actions performed:

Connected to new Wifi (holding both ears for 10sec with Toniebox Setup [https://www.toniebox-setup.com/connect-wifi)
Changed altURL.custom.305.json to new IP Address on SD Card
Restarted Docker Container

Expected outcome:

Toniebox is connecting to new Teddycloud IP Address

Actual outcome:

Toniebox is booting normal but is not connected to Teddycloud

Environment details:

OS: Ubuntu 22.04.5
Docker version: 28.0.1
TeddyCloud version: 0.6.4

henryk · June 10, 2025, 3:13pm

Are you sure teddycloud is reachable on all necessary ports on the expected ip? Is the toniebox able to connect to the nEw subnet?

Anything in the docker logs when you do a freshnesscheck?

You are sure you did not to do a factory reset by mistake?

o3liger · June 10, 2025, 6:16pm

Ports are open. No special docker logs when I perform the freshnesscheck.
However I get the result “Schildkröte”.

I hold down both ears for 10sec but without the charging cable. Is this already a factory reset?

I’m fine to reflash, however I think I need to restore the backup first?
If so, what will be the right command to do the restore? I found nothing in the documentation…

henryk · June 10, 2025, 6:28pm

You may post your ngCfg.json and the Patch.

o3liger · June 10, 2025, 7:11pm

ngCfg.json

{
    "general": {
        "activeImg": "ofw2",
        "_descWaitForPress": "Waits for an earpress on startup",
        "waitForPress": false,
        "_descWaitForBoot": "Waits for an earpress before firmware boot",
        "waitForBoot": false,
        "waitTimeoutInS": 60,
        "_descMinBatteryLevel": "Divide through 2785 to get voltage",
        "minBatteryLevel": 8869,
        "ofwFixFlash": "/sys/pre-img.bin",
        "_descSerialLog": "Logging only works with the debug build!",
        "serialLog": false,
        "_descLogLevel": "0:Trace - 5:Fatal",
        "logLevel": 0,
        "_descLogColor": "Use colors in log output",
        "logColor": false
    },
    "ofw1": {
        "checkHash": false,
        "hashFile": false,
        "watchdog": true,
        "bootFlashImg": true,
        "flashImg": "/sys/pre-img.bin"
    },
    "ofw2": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "ofwSimBL": true,
        "patches": ["altCa.305", "altUrl.custom.305"]
    },
    "ofw3": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "patches": ["altCa.305", "altUrl.tc.fritz.box"]
    },
    "cfw1": {
        "checkHash": false,
        "hashFile": false,
        "watchdog": true
    },
    "cfw2": {
        "checkHash": false,
        "hashFile": false,
        "watchdog": true
    },
    "cfw3": {
        "checkHash": false,
        "hashFile": false,
        "watchdog": true
    },
    "add1": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "ofwSimBL": false,        
        "patches": ["blockCheck.310", "noCerts.305", "noPass3.310", "noPrivacy.305", "uidCheck.307"]
    },
    "add2": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "ofwSimBL": false,
        "patches": ["altCa.305", "altUrl.305"]
    },
    "add3": {
        "checkHash": true,
        "hashFile": false,
        "watchdog": true,
        "ofwFix": true,
        "ofwSimBL": false,
        "patches": ["altCa.305", "altUrl.305"]
    }
}

altUrl.custom.305.json

{
    "general": {
        "_desc": "Changes Boxine URLs to custom ones.",
        "_memPos": "",
        "_fwVer": "3.0.5+"
    },
    "searchAndReplace": [{
        "_desc": "prod.de.tbs.toys to teddy.lan",
        "search":  ["70", "72", "6f", "64", "2e", "64", "65", "2e", "74", "62", "73", "2e", "74", "6f", "79", "73", "00"],
        "replace": ["74", "65", "64", "64", "79", "2e", "6c", "61", "6e", "00", "??", "??", "??", "??", "??", "??", "??"]
    }, {
        "_desc": "rtnl.bxcl.de to teddy.lan",
        "search":  ["72", "74", "6e", "6c", "2e", "62", "78", "63", "6c", "2e", "64", "65", "00"],
        "replace": ["74", "65", "64", "64", "79", "2e", "6c", "61", "6e", "00", "??", "??", "??"]
    }]
}

henryk · June 10, 2025, 8:32pm

Did this Teddy.lan work before? I assume your toniebox can not resolve that hostname. If you have a local dns server like adguard or pihole, please point teddy.lan explicit to the ip.

(Besides Teddy.lan IS NO IP address… as stated in your first post)

o3liger · June 10, 2025, 8:44pm

Previously I had an IP Address but I changed to teddy.lan because of the 12 digits limitation. My new subnet is 192.168.10.1/24 which is unfortunately too long. Therefore I configured a DNS forwarding in OPNSense from teddy.lan to 192.168.10.83 (Teddy Cloud Server)

henryk · June 11, 2025, 4:25am

Toniebox is in the same subnet? No network isolation?

o3liger · June 11, 2025, 5:20am

Same subnet, no isolation

o3liger · June 11, 2025, 7:05am

After some reading, testing and thinking about, I think I factory reset the box by accident.
What are now the right steps to make it work again? Flashing the backup first to have an “original box” and then start from scratch?

Will be

cc3200tool -p COM4 --reset dtr --sop2 rts write_flash backup.bin

The right command to restore the backup I made when installing it for the first time?

henryk · June 11, 2025, 7:07am

No.

Switch to ofw1, then let the firmware update do and then switch back to ofw2

o3liger · June 11, 2025, 8:28am

Still not working, however I think we made some progress…

I switched to ofw1 and reconnected to the Wifi. I got a new DHCP lease on the firewall for the Toniebox.
Then I switched back to ofw2. If I do now a freshnesscheck, I get error “Ameise” (ant).

Box is still offline in Teddycloud.

In the docker logs I found some issue with certificates now:

TeddyCloud v0.6.4 (f13703a) - 2025-03-05 08:01:37 +0000 ubuntu linux-x86_64(64)

INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/94e36d7533c2/ca.der' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/94e36d7533c2/ca.der' failed
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/94e36d7533c2/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/94e36d7533c2/private.der' detected as DER style RSA PRIVATE KEY
INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.ini
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
INFO |settings.c:0860:settings_load_ovl| Load settings from /teddycloud/config/config.overlay.ini
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
ERROR|tls_adapter.c:0189:read_certificate| Failed to open '/teddycloud/certs/client/94e36d7533c2/ca.der' for cert type detection
ERROR|tls_adapter.c:0376:load_cert| Loading cert '/teddycloud/certs/client/94e36d7533c2/ca.der' failed
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/94e36d7533c2/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/94e36d7533c2/private.der' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0390:tls_adapter_init| Loading certificates...
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/ca-root.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/ca-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0204:read_certificate| File '/teddycloud/certs/server/teddy-cert.pem' assumed PEM style
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/server/teddy-key.pem' detected as DER style RSA PRIVATE KEY
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/ca.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0197:read_certificate| File '/teddycloud/certs/client/client.der' detected as DER style CERTIFICATE
INFO |tls_adapter.c:0201:read_certificate| File '/teddycloud/certs/client/private.der' detected as DER style RSA PRIVATE KEY
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5323930
INFO |toniesJson.c:0100:tonies_update| Updating tonies.json from api.revvox.de...
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226
INFO |cloud_request.c:0389:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonies.json
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.108.133
INFO |toniesJson.c:0124:tonies_update| ... success updating tonies.json from api.revvox.de, reloading
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5326334
INFO |toniesJson.c:0211:tonieboxes_update| Updating tonies.json from api.revvox.de...
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server api.revvox.de:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 157.90.183.226
INFO |cloud_request.c:0389:web_request| Redirecting to: https://raw.githubusercontent.com/toniebox-reverse-engineering/tonies-json/release/tonieboxes.json
INFO |cloud_request.c:0200:web_request| Connecting to HTTP server raw.githubusercontent.com:443...
INFO |cloud_request.c:0252:web_request|   trying IP: 185.199.111.133
INFO |toniesJson.c:0238:tonieboxes_update| ... success updating tonieboxes.json from api.revvox.de, reloading
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.custom.json with size 2
INFO |toniesJson.c:0280:tonies_readJson| Trying to read /teddycloud/config/tonies.json with size 5326334

I changed nothing on docker side.

Do I need to reflash the c2.der certificate?

henryk · June 11, 2025, 2:08pm

You might check the file date of the c2.der if it’s a current one. If so, then you have to do so.

o3liger · June 11, 2025, 2:20pm

I checked right now. Certificates under /certs/server are from February… Therefore no changes.
Any other ideas? Still getting “ant” as error code.

henryk · June 11, 2025, 2:31pm

The log has no connection try. So it seems the box can not reach teddycloud.

So you might check on that. Which ip has the box? Does you see any thing in your dns server?

o3liger · June 11, 2025, 2:49pm

I captured the packages from the Toniebox and realized DNS queries are moving directly to Cloudflare. This was the issue! The DNS overrides for the URLs where simply skipped. After adjusting this on firewall side the box is connecting again!

Thank you so much for your support and patience!