Differences

This shows you the differences between two versions of the page.

doc:howto:generic.failsafe [2013/02/14 07:04]
buntalo
doc:howto:generic.failsafe [2014/06/22 19:22] (current)
zxdavb
Line 1: Line 1:
====== OpenWrt Failsafe ====== ====== OpenWrt Failsafe ======
-OpenWrt has a built-in failsafe mode which will attempt to bypass almost all configuration in favor of a few hard coded defaults, resulting in a router that boots up as ''192.168.1.1/24'' with only essential services running. From this state you can ''telnet'' in and fix certain problems.+OpenWrt SquashFS-Images have a built-in failsafe mode. OpenWrt failsafe mode bypasses all configuration located on the JFFS2 partition (that is the writable partition), in favor of a few hard coded defaults located on the SquashFS partition (that is the read-only partition), resulting in a device boots up as **''192.168.1.1/24''** on the **''eth0''** network interface with only essential services running. (In case your device has multiple network interfaces (eth0, eth1, ...), usually eth0 is the interface connected to the [[doc:hardware:switch]]. There may be very seldom exceptions.)
-Reading [[doc:techref:Flash Layout]], you should understand, that the OpenWrt failsafe can help you with any problems referring to the [[doc:techref:filesystem#JFFS2]] partition if you have a [[doc:techref:filesystems#SquashFS|SquashFS]] image installed! In case you forgot your password or you firewall-ed yourself or you broke one of the startup scripts, you can get back in by using OpenWrt's failsafe mode. +From this state you can **''telnet''** in, mount the JFFS2 partition with the command ''mount_root'' and fix problems located on the JFFS2 partition, e.g. forgotten password, bad firewall settings, broken startup scripts, etc. Please read **[[doc:techref:flash.layout#partitioning.of.squashfs-images|OpenWrt Flash Layout]]** to understand why OpenWrt failsafe is possible, and also [[doc/techref/process.boot|Boot Process]] to understand how it works: basically OpenWrt contains an additional boot up stage, called preinit. This allows to boot into normal mode by default or boot into failsafe mode, if this was triggered by the user. The triggering can happen in two ways: via pressing a hardware button during preinit-stage or via keyboard command while connected over a serial cable to the PCB during preinit-stage. No matter how the booting into failsafe mode was triggered, once OpenWrt booted into failsafe mode, you can telnet in over Ethernet.
- +
-Alternatively you require a possibility to connect to the console via the serial interface on the PCB.+
 +**→ [[doc:howto:generic.debrick]]**
===== Prerequisites ===== ===== Prerequisites =====
-  * <color red>your device must have a **configurable hardware button**</color>, if there's a button on your router, it's likely to be configurable. Check if there's specific info about failsafe mode for your [[toh:|box]] and make sure everything still works as expected everytime you update! +  * <color red>your device must have a **configurable hardware button**</color>, if there's a button on your router, it's likely to be configurable. Check if there's specific info about failsafe mode for your [[toh:|device]] and make sure everything still works as expected everytime you update! 
-  * everything but the [[doc:techref:filesystems#JFFS2]] partition, i.e. the kernel and the [[doc:techref:filesystems#SquashFS|SquashFS]] partition, must be intact, so that...+  * there must be a **SquashFS-Image** flashed to the device. Failsafe cannot be implemented on JFFS2-Images 
 +  * everything but the [[doc:techref:filesystems#JFFS2]] partition, i.e. the kernel partition and the [[doc:techref:filesystems#SquashFS|SquashFS]] partition, must be intact, so that...
    * ...the boot process is able to get as far as required to register the pressing of the button     * ...the boot process is able to get as far as required to register the pressing of the button
    * ...the minimal required binaries and the configuration files with some default settings are available (all on SquashFS)     * ...the minimal required binaries and the configuration files with some default settings are available (all on SquashFS)
-<html> 
-<table class="inline" style="width:70%; margin-left:15%"> 
-  <tr> 
-    <td style="border-left:6px solid #f57900; vertical-align:middle"> 
-      <img src="/_media/meta/icons/tango/48px-emblem-important.svg.png" alt="" style="float:left; margin-right:0.5em" /> 
-      <strong>Important Information!</strong><br /> 
-      You should save this page for offline viewing before you find yourself without internet connection. 
-    </td> 
-  </tr> 
-</table> 
-</html> 
-<html> +===== Triggering via Hardware Button (Standard OpenWrt method) =====
-<table class="inline" style="width:70%; margin-left:15%"> +
-  <tr> +
-    <td style="border-left:6px solid #cd0505; vertical-align:middle"> +
-      <img src="/_media/meta/icons/tango/48px-dialog-warning.svg.png" alt="" style="float:left; margin-right:0.5em" /> +
-      <strong>Warning !</strong><br /> +
-      Do not start Failsafe while the router is connected to any untrusted network. The switch could be automatically configured to forward packages between all ports including the WAN port in failsafe mode. Traffic could travel between the WAN and the LAN bypassing the router's firewall. +
-    </td> +
-  </tr> +
-</table> +
-</html>+
 +==== Stage 0: Router preparation ====
-===== Triggering via Hardware Button (Standard OpenWrt method) ===== +  * Power off the router 
-==== Stage 1 ==== +  * Unplug the WAN port (in case that WAN IP address and LAN IP address are same (address collision happened), if you do not plug out wan port, you cannot enter failsafe mode) 
-Set your computer's IP to ''192.168.1.2'', subnet ''255.255.255.0'' + 
-==== Stage 2 ==== +==== Stage 1: Computer IP settings ====  
-Listen on the  UDP 4919 port for a broadcast packet on the computer.  + 
-=== Under Linux ===+  * Set your computer's IP to ''192.168.1.2'', subnet ''255.255.255.0''. The router will be reached at ''192.168.1.1'' when failsafe mode is running. 
 + 
 +==== Stage 2: Detect when failsafe mode can be triggered ==== 
 + 
 +  * To detect when failsafe mode can be triggered, there are two options: look for a bootup LED blink pattern, or look for a special broadcast packet from the router 
 + 
 +=== Stage 2 option 1: Trigger failsafe mode when the SYS LED begins to blink === 
 + 
 +On some routers (e.g. TP-LINK models), OpenWrt will start to blink a LED (e.g. the "SYS" LED) on the front of the router when it is in its early boot cycle. The blink rate is about twice a second. Looking for a blink pattern is much more convenient to use instead of having to use a packet sniffer. 
 + 
 +  * Power on the router 
 +  * As soon as this blink pattern is seen, press the hardware button the front of the router 
 +  * The SYS LED will change to faster blink pattern, indicating the router is now in failsafe mode 
 + 
 +On some TP-Link routers, the button is on the back of the unit (often labeled "WPS/Reset"). The switch may have a physical button, or may be behind a hole in the case and require a paper clip or similar tool to operate. 
 + 
 +At least [[toh:tp-link:tl-wdr4300#failsafe.mode|one TP-Link router]] seems to respond better to repeatedly clicking the button //before //the SYS LED starts to blink, until the SYS LED lights with the rapid-flash pattern. 
 + 
 +=== Stage 2 option 2: Trigger failsafe mode when the router sends a broadcast packet to UDP port 4919 === 
 + 
 +If the LED blink detection method isn't desired, the alternative is to listen on the  UDP 4919 port for a broadcast packet on the computer and then press the front button when this packet is seen.  
 + 
 +== Start a network sniffer under Linux using tcpdump ==
In a terminal enter the command  <code>tcpdump -Ani eth0 port 4919 and udp</code> In a terminal enter the command  <code>tcpdump -Ani eth0 port 4919 and udp</code>
Line 57: Line 59:
</html> </html>
-=== Under Windows ===+== Start a network sniffer under Windows using recvudp.exe ==
You can employ the You can employ the
-[[http://downloads.openwrt.org/people/florian/recvudp/recvudp-win32.zip|recvudp.exe]] utility software - Launch it.+[[http://downloads.openwrt.org/people/florian/recvudp/recvudp-win32.zip|recvudp.exe]] utility software - Launch it. You may also need to temporarily disable firewall.
-==== Stage 3 ====+== Look for the early boot network broadcast message ==
-Power-cycle the router. The router will deliver a message telling it waits for your click on the button.\\ +Power-cycle the router. The router will deliver a message telling it waits for your click on the button. 
-=== Message under Linux (only the firt part)===+ 
 +== Message under Linux (only the firt part)==
{{:doc:howto:linux-failsafe.png|}} \\ {{:doc:howto:linux-failsafe.png|}} \\
-=== Message under Windows (only the first line)===+== Message under Windows (only the first line)==
{{:media:failsafe2.png|}} {{:media:failsafe2.png|}}
-==== Stage 4 ==== 
-Click the bouton. It can be any button, if one doesn't work , thy an other. 
-==== Stage 5 ==== +==== Stage 3: Trigger a failsafe boot using a button ==== 
-Once in failsafe mode, a confirmation message appears (not always, for the TL-WR1043ND no message comes).Sometimes the sys led blinks very quickly + 
-Leave the listen command and try to  telnet at 192.168.1.1 \\ +Immediately when the LED blink pattern or the network broadcast message is seen, click the device button. If your device has multiple buttons, any button should work. OpenWrt is configured in a way, that pressing of any button during preinit will trigger booting into failsafe mode. But in case a button should not work, try another. 
-<html> + 
-<table class="inline" style="width:70%; margin-left:15%"> +==== Stage 4: Log into the router using failsafe ==== 
-  <tr> + 
-    <td style="border-left:6px solid #f57900; vertical-align:middle"> +Indications of failsafe mode: 
-      <img src="/_media/meta/icons/tango/48px-emblem-question.svg.png" alt="" style="float:left; margin-right:0.5em" /> +  * Once in failsafe mode, a network broadcast confirmation message appears (not always, for the TL-WR1043ND no message comes). 
-      <strong>Unverified Information!</strong><br /> +  * On some router models (e.g. TP-LINK models), the SYS led blinks very quickly 
-      If you were connected via WAN port, change to LAN port 0 for telnet <a href="?do=edit">Remove or adapt </a> this note if your experience differs. +  
-    </td> +Now, **telnet** (//not// SSH) to 192.168.1.1 from the computer. There is no username or password required.
-  </tr> +
-</table> +
-</html>+
Now go to section [[#In failsafe mode]] Now go to section [[#In failsafe mode]]
==== Remarks ==== ==== Remarks ====
-  * If you do not receive this message, immediately after turning the router on, rapidly click and keep clicking the button on the router for about 60 seconds. 
-  * If your router has a ridiculously long boot time (such as [[toh/d-link/dir-300#with.manual.step.by.step.guide|DIR-300 A]]), then you may do this for a longer time. +  * If the router does not boot in safe mode despite clicking the button, it may be a timing problem, missing the brief window when OpenWrt is looking for a button press. If so, immediately after turning the router on, rapidly click and keep clicking the button on the router for about 60 seconds to try to not miss the safe mode boot window. 
- +  * If your router has a ridiculously long boot time (such as [[toh/d-link/dir-300#with.manual.step.by.step.guide|DIR-300 A]]), then you may do this for a longer time. 
-<html> +
-<table class="inline" style="width:70%; margin-left:15%"> +
-  <tr> +
-    <td style="border-left:6px solid #f57900; vertical-align:middle"> +
-      <img src="/_media/meta/icons/tango/48px-emblem-question.svg.png" alt="" style="float:left; margin-right:0.5em" /> +
-      <strong>Unverified Information!</strong><br /> +
-      In the previous remarks, we cannot know whether click refers to a brief push (one should repeat) or to a long push. <a href="?do=edit">Remove ou adapt </a> these note if you can. +
-    </td> +
-  </tr> +
-</table> +
-</html> +
- +
-   +
===== Triggering via keyboard key combination in a serial console ===== ===== Triggering via keyboard key combination in a serial console =====
Line 119: Line 103:
  - Wait until the following messages is passing: Press the [f] key and hit [enter] to enter failsafe mode   - Wait until the following messages is passing: Press the [f] key and hit [enter] to enter failsafe mode
  - Press "f" and the "enter" key   - Press "f" and the "enter" key
-  - You should be able to telnet to the router at 192.168.1.1 now (no username and password)+  - You should be able to **telnet** (//not// SSH) to the router at 192.168.1.1 now (no username and password)
===== In failsafe mode ===== ===== In failsafe mode =====
-You get a message similar or same like this: + 
-|<code> === IMPORTANT ============================+You get a message similar or same like this (using OpenWrt 12.09): 
 + 
 +|<code> 
 + === IMPORTANT ============================
  Use 'passwd' to set your login password   Use 'passwd' to set your login password
  this will disable telnet and enable SSH   this will disable telnet and enable SSH
Line 130: Line 117:
-BusyBox v1.15.3 (2011-11-24 00:44:20 CET) built-in shell (ash)+BusyBox v1.19.4 (2013-03-14 11:28:31 UTC) built-in shell (ash)
Enter 'help' for a list of built-in commands. Enter 'help' for a list of built-in commands.
Line 138: Line 125:
|_______||  __|_____|__|__||________||__|  |____| |_______||  __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S  F R E E D O M           |__| W I R E L E S S  F R E E D O M
- Backfire (10.03.1, r29592) ------------------------ + ----------------------------------------------------- 
-  * 1/3 shot Kahlua    In a shot glass, layer Kahlua + ATTITUDE ADJUSTMENT (12.09, r36088) 
-  * 1/3 shot Bailey's on the bottom, then Bailey's, + ----------------------------------------------------- 
-  * 1/3 shot Vodka    then Vodka. +  * 1/4 oz Vodka      Pour all ingredients into mixing 
- --------------------------------------------------- +  * 1/4 oz Gin        tin with ice, strain into glass. 
-root@(none):/# +  * 1/4 oz Amaretto 
 + * 1/4 oz Triple sec 
 +  * 1/4 oz Peach schnapps 
 + * 1/4 oz Sour mix 
 +  * 1 splash Cranberry juice 
 + ----------------------------------------------------- 
 +root@(none):/#
</code>| </code>|

Back to top

doc/howto/generic.failsafe.1360821895.txt.bz2 · Last modified: 2013/02/14 07:04 by buntalo