OpenWrt has a built-in failsafe mode which will attempt to bypass almost all configuration in favor of a few hard coded defaults, resulting in a router that boots up as 192.168.1.1/24 with only essential services running. From this state you can telnet in and fix certain problems.

Reading Flash Layout, you should understand, that the OpenWrt failsafe can help you with any problems referring to the JFFS2 partition if you have a SquashFS image installed! In case you forgot your password or you firewall-ed yourself or you broke one of the startup scripts, you can get back in by using OpenWrt's failsafe mode.

Alternatively you require a possibility to connect to the console via the serial interface on the PCB.

• your device must have a configurable hardware button, if there's a button on your router, it's likely to be configurable. Check if there's specific info about failsafe mode for your box and make sure everything still works as expected everytime you update!
• everything but the JFFS2 partition, i.e. the kernel and the SquashFS partition, must be intact, so that…
  • …the boot process is able to get as far as required to register the pressing of the button
  • …the minimal required binaries and the configuration files with some default settings are available (all on SquashFS)

Important Information! You should save this page for offline viewing before you find yourself without internet connection.

Warning ! Do not start Failsafe while the router is connected to any untrusted network. The switch could be automatically configured to forward packages between all ports including the WAN port in failsafe mode. Traffic could travel between the WAN and the LAN bypassing the router's firewall.

Set your computer's IP to 192.168.1.2, subnet 255.255.255.0

Listen on the UDP 4919 port for a broadcast packet on the computer.

In a terminal enter the command

tcpdump -Ani eth0 port 4919 and udp

Unverified Information! Up to today (Jan 11, 2013) this page didn't precise on which port to listen. In the case of TL-WR1043ND, it's the WAN port. If you find a contradictory example, it will be necessarry to remove or adapt this note.

You can employ the recvudp.exe utility software - Launch it. You may also need to temporarily disable firewall.

Power-cycle the router. The router will deliver a message telling it waits for your click on the button.

Click the bouton. It can be any button, if one doesn't work , thy an other.

Once in failsafe mode, a confirmation message appears (not always, for the TL-WR1043ND no message comes).Sometimes the sys led blinks very quickly. Leave the listen command and try to telnet at 192.168.1.1

Now go to section In failsafe mode

• If you do not receive this message, immediately after turning the router on, rapidly click and keep clicking the button on the router for about 60 seconds.

• If your router has a ridiculously long boot time (such as DIR-300 A), then you may do this for a longer time.

Unverified Information! In the previous remarks, we cannot know whether click refers to a brief push (one should repeat) or to a long push. Remove ou adapt these note if you can.

1. Unplug the router's power cord.
2. Connect the router's WAN port directly to your PC.
3. Configure your PC with a static IP address between 192.168.1.2 and 192.168.1.254. E. g. 192.168.1.2 (gateway and DNS is not required).
4. Plugin the power.
5. Connect via serial
6. Wait until the following messages is passing: Press the [f] key and hit [enter] to enter failsafe mode
7. Press "f" and the "enter" key
8. You should be able to telnet to the router at 192.168.1.1 now (no username and password)

You get a message similar or same like this:

 === IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
 ------------------------------------------


BusyBox v1.15.3 (2011-11-24 00:44:20 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 Backfire (10.03.1, r29592) ------------------------
  * 1/3 shot Kahlua    In a shot glass, layer Kahlua
  * 1/3 shot Bailey's  on the bottom, then Bailey's,
  * 1/3 shot Vodka     then Vodka.
 ---------------------------------------------------
root@(none):/# 

NOTE: The root file system in failsafe mode is the only the SquashFS partition. The JFFS2 is not present. To mount JFFS2 in read-write mode run mount_root:

mount_root

and then repair your system:

• In case you forgot your password, you need to set a new one. Type:

  passwd

• In case you forgot the routers IP address, get it with

  uci get network.lan.ipaddr

• In case you filled up the entire JFFS2 by installing too big/too many packages, clean the entire JFFS2 partition. All settings will be reset and all installed packages are removed. (OpenWrt equivalent of a factory reset)

  firstboot

  or (this will reboot the device as part of the process)

  mtd -r erase rootfs_data

  or

  rm -r /overlay/*

If you are done with failsafe mode use

reboot -f

• the article process.boot may help you better understand when failsafe "kicks in" once activated