OpenWrt SquashFS-Images have a built-in failsafe mode. OpenWrt failsafe mode bypasses all configuration located on the JFFS2 partition (that is the writable partition), in favor of a few hard coded defaults located on the SquashFS partition (that is the read-only partition), resulting in a device that boots up as
192.168.1.1/24 on the
eth0 network interface with only essential services running. (In case your device has multiple network interfaces (eth0, eth1, …), usually eth0 is the interface connected to the switch. There may be very seldom exceptions.)
From this state you can
telnet in, mount the JFFS2 partition with the command
mount_root and fix problems located on the JFFS2 partition, e.g. forgotten password, bad firewall settings, broken startup scripts, etc. Please read OpenWrt Flash Layout to understand why OpenWrt failsafe is possible, and also Boot Process to understand how it works: basically OpenWrt contains an additional boot up stage, called preinit. This allows OpenWrt to boot into normal mode by default or boot into failsafe mode, if this was triggered by the user. The triggering can happen in two ways: via pressing a hardware button during preinit-stage or via keyboard command while connected over a serial cable to the PCB during preinit-stage. No matter how the booting into failsafe mode was triggered, once OpenWrt boots into failsafe mode, you can telnet in over Ethernet.
192.168.1.2, subnet mask
255.255.255.0. The router will be reached at
192.168.1.1when failsafe mode is running. (You may use any IP in the range
On many routers, OpenWrt will start to blink a "SYS" LED (may be "Power", may be other) on the front of the router when it is in its early boot cycle. Looking for a blink pattern is much more convenient to use instead of having to use a packet sniffer.
Since r44056 there are three different LED blinking speeds for most of the routers (in trunk and CC15.05):
Some routers has the button only on the back of the unit (often labeled "Reset" or "WPS/Reset"). The switch may have a visible (external) button, or may be behind a hole (with button in the depth). In this case and require a paper clip or similar tool to operate. Please no not use the nail when press the button in the hole.
At least one TP-Link router seems to respond better to repeatedly clicking the button before the SYS LED starts to blink, until the SYS LED lights with the rapid-flash pattern.
If the LED blink detection method isn't desired, the alternative is to listen on the UDP 4919 port for a broadcast packet on the computer and then press the front button when this packet is seen.
Run any sniffer: GUI
wireshark or console
cshark or other. Set the filter in the sniffer: port UDP/4919 and destination address 192.168.1.255.
For example, in a terminal enter the command
tcpdump -Ani eth0 port 4919 and udp
Up to today (Jan 11, 2013) this page didn't precise on which port to listen. In the case of TL-WR1043ND, it's the WAN port. If you find a contradictory example, it will be necessarry to remove or adapt this note.
You can employ the recvudp.exe utility software - Launch it. You may also need to temporarily disable firewall.
Power-cycle the router. The router will deliver a message telling it waits for your click on the button.
Not all versions of OpenWRT sends the "success" packet.
Immediately when the LED blink pattern or the network broadcast message is seen, click the device button. If your device has multiple buttons, any button should work. OpenWrt is configured in a way, that pressing of any button during preinit will trigger booting into failsafe mode. But in case a button should not work, try another.
Indications of failsafe mode:
If you are using a trunk snapshot, revision 46809 or newer, ssh to 192.168.1.1 from the computer and log in as root (no password required). The host key will be randomly generated. You can pass
-o "UserKnownHostsFile /dev/null" -o "StrictHostKeyChecking no" to ssh if you want to allow a different host key temporarily.
If you are using a release image, telnet (not SSH) to 192.168.1.1 from the computer. There is no username or password required.
Now go to section In failsafe mode
From linux desktop → router.
On linux machine
cat yourfirmware.bin | pv -b | nc -l -p 3333
On Router via Telnet
nc linux.machine.ip.192.168.1.2 3333 > /tmp/yourfirmware.bin
install firmware with current settings.
You get a message similar or same like this (using OpenWrt 12.09):
=== IMPORTANT ============================ Use 'passwd' to set your login password this will disable telnet and enable SSH ------------------------------------------ BusyBox v1.19.4 (2013-03-14 11:28:31 UTC) built-in shell (ash) Enter 'help' for a list of built-in commands. _______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- ATTITUDE ADJUSTMENT (12.09, r36088) ----------------------------------------------------- * 1/4 oz Vodka Pour all ingredients into mixing * 1/4 oz Gin tin with ice, strain into glass. * 1/4 oz Amaretto * 1/4 oz Triple sec * 1/4 oz Peach schnapps * 1/4 oz Sour mix * 1 splash Cranberry juice ----------------------------------------------------- root@(none):/#
Additional note (r42985):
================= FAILSAFE MODE active ================ special commands: firstboot reset settings to factory defaults mount_root mount root-partition with config files after mount_root: passwd change root's password /etc/config directory with config files for more help see: http://wiki.openwrt.org/doc/howto/generic.failsafe =======================================================
and then repair your system:
uci get network.lan.ipaddr
firstbootor (this will reboot the device as part of the process)
mtd -r erase rootfs_dataor
rm -r /overlay/*
If you are done with failsafe mode use
reboot -fto reboot. Note: Normal
/sbin/rebootwill not work, because
initis not running. Or power cycle the router.
failsafe"kicks in" once activated