Strona 1

OpenWrt Failsafe - OpenWrt Wiki

2012-09-29 21:04:30

http://wiki.openwrt.org/doc/howto/generic.failsafe

OpenWrt Failsafe

OpenWrt has a built-in failsafe mode which will attempt to bypass almost all configuration in favor of a few hard coded defaults, resulting in
a router that boots up as

192.168.1.1/24

with only essential services running. From this state you can

telnet

in and fix certain

problems.

Reading Flash Layout, you should understand, that the OpenWrt failsafe can help you with any problems referring to the JFFS2 partition if
you have a SquashFS image installed! In case you forgot your password or you firewall-ed yourself or you broke one of the startup scripts,
you can get back in by using OpenWrt's failsafe mode.

Alternatively you require a possibility to connect to the console via the serial interface on the PCB.

Prerequisites

your device must have a configurable hardware button

, if there's a button on your router, it's likely to be configurable. Check if

there's specific info about failsafe mode for your box and make sure everything still works as expected everytime you update!

everything but the JFFS2 partition, i.e. the kernel and the SquashFS partition, must be intact, so that…

…the boot process is able to get as far as required to register the pressing of the button

…the minimal required binaries and the configuration files with some default settings are available (all on SquashFS)

You should save this page for offline viewing before you find yourself without internet connection.

Warning: Do not start Failsafe while the router is connected to any untrusted network. The switch could be automatically configured to forward

packages between all ports including the WAN port in failsafe mode. Traffic could travel between the WAN and the LAN bypassing the router's

firewall.

Triggering via Hardware Button (Standard OpenWrt method)

1. Set your computer's IP to

192.168.1.2

, subnet

255.255.255.0

2. Power cycle the router (turn off and turn on)

3. Listen on UDP port 4919 for a broadcast packages on your computer, the router will send a message when it waits for a button click.

On Linux run

tcpdump -Ani eth0 port 4919 and udp

to listen for that message.

If you do not receive this message try immediately after the turning the router on, rapidly click and keep clicking the button on the

router for about 60 seconds.

It may be any button, but if you can't get in failsafe mode with a button try another.

If done right, the

192.168.1.1

address will be pingable, and telnettable.

Note: If your router has a ridiculously long boot time (such as DIR-300 A), then you may do this for a longer time.

4. Telnet into

192.168.1.1

where you will get immediate access to root shell/prompt. Authentication won't be required.

It could be that the router listens just on one Ethernet port, this is the caste at least for brcm47xx before Attitude Adjustment

Beta2, also try the WAN port.

5. Try out the commands below.

Triggering via keyboard key combination in a serial console

1. Unplug the router's power cord.

2. Connect the router's WAN port directly to your PC.

3. Configure your PC with a static IP address between 192.168.1.2 and 192.168.1.254. E. g. 192.168.1.2 (gateway and DNS is not

required).

4. Plugin the power.

5. Connect via serial

6. Wait until the following messages is passing: Press the [f] key and hit [enter] to enter failsafe mode

7. Press "f" and the "enter" key

8. You should be able to telnet to the router at 192.168.1.1 now (no username and password)

In failsafe mode

You get a message similar or same like this:

=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------

BusyBox v1.15.3 (2011-11-24 00:44:20 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|

Strona 2

OpenWrt Failsafe - OpenWrt Wiki

2012-09-29 21:04:30

http://wiki.openwrt.org/doc/howto/generic.failsafe

| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
Backfire (10.03.1, r29592) ------------------------
* 1/3 shot Kahlua In a shot glass, layer Kahlua
* 1/3 shot Bailey's on the bottom, then Bailey's,
* 1/3 shot Vodka then Vodka.
---------------------------------------------------
root@(none):/#

NOTE: The root file system in failsafe mode is the only the SquashFS partition. The JFFS2 is not present. To mount JFFS2 in read-write
mode run

mount_root

[https://dev.openwrt.org/browser/trunk/package/base-files/files/sbin/mount_root]

:

mount_root

and then repair your system:

In case you forgot your password, you need to set a new one. Type:

passwd

In case you forgot the routers IP address, get it with

uci get network.lan.ipaddr

In case you filled up the entire JFFS2 by installing too big/too many packages, clean the entire JFFS2 partition. All settings will be reset

and all installed packages are removed. (OpenWrt equivalent of a factory reset)

firstboot

or

mtd -r erase rootfs_data

or

rm -r /overlay/*

If you are done with failsafe mode use

reboot -f

to reboot. Note: Normal

/sbin/reboot

will not work, because

init

is not running. Or power cycle the router.

Notes

the article process.boot may help you better understand when

failsafe

"kicks in" once activated

Back to top

doc/howto/generic.failsafe.txt · Last modified: 2012/09/25 15:53 by hauke