Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:troubleshooting:tftpserver [2019/02/26 21:56] – [TFTP Recovery Procedure - How To Set up a TFTP Server] jeff | docs:guide-user:troubleshooting:tftpserver [2024/04/28 17:45] – Logical restructuring anf small fixes jalakas | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== TFTP Recovery | + | ===== What is TFTP Recovery |
| - | ==== What is TFTP Recovery over Ethernet? ==== | + | On most devices, the vendor provides a boot loader on a discreet partition that is untouched by firmware updates. In case of a failed flash process or in case of a misconfiguration, |
| - | On most devices, the vendor provided boot loader is a partition separated from the actual firmware. In case of a failed flash process or in case of a misconfiguration, | + | There are two potential modes of operation: |
| - | The recovery works by starting a TFTP server on your computer, which will push the firmware file over TFTP network protocol to the OpenWrt device with the broken firmware. For this, the device has to be started up in TFTP recovery | + | **1. TFTP recovery |
| - | ==== Is TFTP Recovery | + | For many routers, the recovery process requires you to host the firmware image on a TFTP server on your computer. Then device with the broken firmware then has to be started up in TFTP recovery mode. Some devices then will automatically pull the network-provided firmware file over TFTP network protocol to the OpenWrt and hopefully recover with a successful emergency flash process. |
| - | TFTP Recovery over Ethernet is not supported by every router model. TFTP Recovery is based on a device- | + | Other devices do not have automatic pull function |
| - | Note: | + | **2. TFTP recovery |
| - | | + | |
| - | | + | |
| - | ===== Summary | + | Some other routers, e.g. many Netgear routers, run a TFTP server in recovery mode, and you need to upload the firmware to the device using a TFTP client. |
| + | |||
| + | The below article mainly advises on the first mode of recovery, i.e. the router runs a TFTP client and you need to host the firmware image on a TFTP server. | ||
| + | \\ | ||
| + | ===== Is TFTP Recovery over Ethernet supported by my device? ===== | ||
| + | |||
| + | TFTP recovery over Ethernet is not supported by every router model. TFTP recovery is based on a device- and vendor-specific boot loader that may or may not be present on your device. Check the OpenWrt device page for your precise model to find out, if your device has a boot loader supporting TFTP recovery. If your device supports it, then this recovery function will still be present in your device boot loader, after OpenWrt firmware has been flashed onto the device. | ||
| + | |||
| + | Note: | ||
| + | ● Your device boot loader could alternatively have implemented TFTP recovery over [[: | ||
| + | ● Your device could also have [[docs: | ||
| + | \\ | ||
| + | ===== Setting up TFTP Recovery/ | ||
| - | The following procedure only describes how to set up a TFTP server over Ethernet for the TFTP recovery process, it does not describe the device-specific flash recovery process. For the actual flash process you have to consult the vendor provided documentation, | + | The following procedure only describes how to set up a TFTP server over Ethernet for the TFTP recovery/install preparation |
| - | - Download the desired OpenWrt (or stock) firmware image to the designated TFTP directory on your computer | + | - Download the desired OpenWrt (or stock) firmware image to the designated TFTP directory on your computer |
| - Set the IP address of your computer' | - Set the IP address of your computer' | ||
| - Start the TFTP server on your computer. | - Start the TFTP server on your computer. | ||
| - | - Power up the router and press a device-specific button. | + | |
| + | | ||
| + | - Stop the TFTP server on your computer | ||
| + | \\ | ||
| + | ==== Setting up a TFTP server for TFTP Recovery/ | ||
| - | ===== TFTP Server on Mac OSX ===== | + | {{page> |
| + | Access to TFTP-client ('' | ||
| - | macOS provides | + | If your computer is also used as a desktop computer for general purpose or for other purpose than build/ |
| - | ==== Command-Line Native tftpd ==== | + | * //(frwl rule # 1)// allow TFTP traffic (UDP 69) only when connections originate from a local LAN ip.address range and also end in the local LAN ip.address range |
| + | * //(frwl rule # 2)// TFTP traffic is Not-Allowed when it is from/to '' | ||
| + | * //(frwl rule # 3)// TFTP traffic is Not-Allowed when originated from Internet-ip-address //(aka: NON private-LAN ip-address ranges)// | ||
| - | For recent versions of macOS, the system-supplied | + | And you must also make sure to do this: after your develop / troubleshooting etc work is done or when you pause to goto other work, then make sure the TFTP-server and TFTP-client both are completely disabled in your OS/distro : turn off TFTP-server service / process, disable TFTP-server startup script file, and **move** the TFTP-client ('' |
| - | | + | **<color # |
| - | | + | \\ \\ |
| - | | + | ==== Setting up a TFTP server on macOS ==== |
| - | $ sudo cp path/to/file/to/serve.bin /private/tftpboot/the_name_the_device_is_looking_for.bin | + | macOS provides a native tftpd server that runs the command line. However, it is not verified |
| - | $ sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist | + | \\ \\ |
| + | === dnsmasq (on macOS): === | ||
| - | * Confirm '' | + | Dnsmasq can be installed easily via [[https:// |
| - | | + | ● Launch it in this way (if you use Homebrew pkg-mngr): <code bash> |
| - | | + | ● Launch it in this way (if you use MacPorts pkg-mngr): <code bash> $ sudo / |
| + | Replace '' | ||
| + | \\ \\ | ||
| + | === macOS Command-Line Native tftpd: === | ||
| - | * Activate your device's recovery/ | + | For recent versions of macOS, the system-supplied '' |
| - | * When done with '' | + | |
| - | | + | ● Configure your network interface for the proper server address for your device. Using System Preferences > Network is perhaps the easiest. |
| + | ● Connect your device to the network interface. | ||
| + | ● Start '' | ||
| + | $ sudo cp path/ | ||
| + | $ sudo launchctl load -F / | ||
| + | ● Confirm '' | ||
| + | $ netstat -an | fgrep \*.69 | ||
| + | udp4 | ||
| + | ● Activate your device' | ||
| + | * When done with '' | ||
| + | \\ | ||
| + | === TftpServer.app (on macOS): === | ||
| - | ==== TFTPServer.app ==== | + | As an example of a GUI wrapper (aka: frontend) based TFTP server, the '' |
| + | * This procedure was tested with '' | ||
| + | * The v3.4.1 '' | ||
| + | * Author' | ||
| - | As an example of a GUI-driven tftp server, TFTPServer.app | + | |
| - | + | ||
| - | | + | |
| - Move the application to a convenient directory. | - Move the application to a convenient directory. | ||
| - In the same directory, create another folder named ' | - In the same directory, create another folder named ' | ||
| Line 62: | Line 94: | ||
| - Start your router and press the button. //The file will transfer.// | - Start your router and press the button. //The file will transfer.// | ||
| - //Note:// TftpServer.app may give warnings about file permissions. Use the " | - //Note:// TftpServer.app may give warnings about file permissions. Use the " | ||
| - | - Click "Stop TFTP" or quit the application to stop the TFTP server. | + | - Click "Stop TFTP" or quit the application to stop the TFTP server. |
| + | - Precautions : keep this app firewalled //(and allow only LAN based TFTP)//, or disable this app when you are done working with TFTP, or disable this app when you pause to goto other work. Do not keep this app continuously running. | ||
| + | \\ | ||
| + | === PumpKIN.app (on macOS): === | ||
| - | ===== TFTP Server | + | This app '' |
| + | * It is developed by Michael Krelin ( // | ||
| + | * The '' | ||
| + | * Precautions : keep this app firewalled //(and allow only LAN based TFTP)//, or disable this app when you are done working with TFTP, or disable this app when you pause to goto other work. Do not keep this app continuously running. | ||
| + | \\ | ||
| + | === Tools/Pkgs via Pkg-Mngr (on macOS): | ||
| - | While there is a command line TFTP server/client feature | + | macOS compatible |
| - | A simple and free TFTP application is **Tftpd32**, available [[http:// | + | if you have MacPorts pkg-mngr, then run**:** <code bash> $ sudo port install inetutils dnsmasq </ |
| + | * the '' | ||
| + | \\ | ||
| + | ==== Setting up a TFTP server on Windows ==== | ||
| + | |||
| + | While there is a command line TFTP **client** feature in Windows, Microsoft has stopped shipping a tftp **server** for security reasons. A third party tftp server will therefore be required. | ||
| + | |||
| + | The built-in client tftp feature can be installed from an administrator cmd.exe command prompt as follows: < | ||
| + | \\ | ||
| + | Regardless of which TFTP server below that you choose to use, you will need to open a local firewall rule to allow inbound client TFTP connections from the local subnet. For security reasons, only traffic from the local LAN subnet should be allowed. Start a cmd.exe prompt as admin then run: | ||
| + | < | ||
| + | \\ | ||
| + | === Tftpd64 (on Windows): === | ||
| + | |||
| + | A simple and free TFTP application is **Tftpd64**, available [[http:// | ||
| Download the portable version, and unzip it in a folder. You should see the manual, a license in a PDF file, a configuration file, and the application executable itself. | Download the portable version, and unzip it in a folder. You should see the manual, a license in a PDF file, a configuration file, and the application executable itself. | ||
| Line 74: | Line 128: | ||
| Place the file you want to send (the firmware file usually) in the same folder where you find the **Tftpd64** program file. The folder exposed through TFTP can be changed by clicking on Browse button, but in most situations you don't need to do that. | Place the file you want to send (the firmware file usually) in the same folder where you find the **Tftpd64** program file. The folder exposed through TFTP can be changed by clicking on Browse button, but in most situations you don't need to do that. | ||
| - | Configure your ethernet | + | Configure your Ethernet |
| - | Double-click | + | This application might stop listening |
| + | | ||
| + | netsh interface ipv6 set global dhcpmediasense=disabled</ | ||
| + | * Use a switch between | ||
| - | Click on the drop-down menu called | + | Double-click |
| - | Now the tftp server is online and ready, and the file(s) in it can be accessed as normal. | + | Click on the drop-down menu called **Server Interfaces** and select your PC's Ethernet port. |
| - | ===== TFTP Server on Linux ===== | + | |
| - | Install atftpd from repository on Debian/ | + | Now the TFTP server is online and ready, and the file(s) in it can be accessed as normal. |
| - | | + | \\ \\ |
| - | Install atftpd from repository on RedHat/ | + | === Tiny PXE (on Windows): === |
| - | | + | |
| - | Create directory where you want to put the image file | + | [[http:// |
| - | | + | \\ \\ |
| - | Put an image file into your directory | + | === Solarwinds |
| - | | + | |
| - | Change the ownership of the folder and the file in it | + | A free TFTP server for Windows can be downloaded [[https:// |
| - | | + | |
| - | Run TFTP server | + | * The default install will use the directory '' |
| - | | + | * Under File | Configure | Security, set "Send files" as the only permissible action. |
| - | Check if your server is listening | + | * Change the local LAN IP address of your computer to the static IP that your router expects. |
| - | | + | * Follow the procedure for your specific router to trigger its TFTP client to download the firmware image you are hosting. |
| - | Check that you can in fact pull the file from your tftp server | + | * Watch the Solarwinds console to ensure that the router has downloaded the firmware file. |
| - | | + | |
| - | tftp> get tp_recovery.bin | + | <color # |
| - | Received 8152633 bytes in 0.8 seconds | + | < |
| - | tftp> quit | + | sc config " |
| + | sc stop " | ||
| + | </ | ||
| + | \\ | ||
| + | ==== Setting up a TFTP server | ||
| + | === dnsmasq (on Linux): === | ||
| + | |||
| + | **dnsmasq** is pre-installed in most distributions. | ||
| + | |||
| + | Create directory where you want to put the recovery image file: <code bash> | ||
| + | bash# mkdir /srv/tftp </ | ||
| + | |||
| + | Put an image file into your directory - actual name will vary: <code bash> | ||
| + | bash# cp ~/ | ||
| + | |||
| + | Run TFTP server: <code bash> | ||
| + | bash# dnsmasq --listen-address=0.0.0.0 --port=0 --enable-tftp --tftp-root=/ | ||
| + | |||
| + | Check if your TFTP server is listening: <code bash> | ||
| + | bash# netstat -lunp | grep 69 </ | ||
| + | \\ | ||
| + | === atftpd (on Linux): === | ||
| + | |||
| + | You can also use **atftpd**: | ||
| + | <columns 100% 50% - -> | ||
| + | Install atftpd from repository on Debian/ | ||
| + | bash# apt install atftpd | ||
| + | < | ||
| + | Install atftpd from repository on RedHat/ | ||
| + | bash# yum install atftpd | ||
| + | </ | ||
| + | |||
| + | Create directory where you want to put the recovery | ||
| + | bash# mkdir / | ||
| + | |||
| + | Put an image file into your directory | ||
| + | bash# cp ~/ | ||
| + | |||
| + | Change the ownership of the folder and the file in it: <code bash> | ||
| + | bash# chown nobody: | ||
| + | |||
| + | Run TFTP server | ||
| + | bash# | ||
| + | |||
| + | Check if your TFTP server is listening: <code bash> | ||
| + | bash# | ||
| + | * //If not set, you should try running TFTP server as superuser.// | ||
| + | \\ | ||
| + | === Testing TFTP server (on Linux): === | ||
| + | |||
| + | **Check that you can in fact pull the file from your TFTP server.** | ||
| + | Preferably from another computer call your TFTP server IP: (//or if not possible, in same server call IP 0.0.0.0//): <code bash> | ||
| + | bash# tftp 192.168.0.66 | ||
| + | tftp> get tp_recovery.bin | ||
| + | Received 8152633 bytes in 0.8 seconds | ||
| + | tftp> quit </ | ||
| If you have received the file, congratulations, | If you have received the file, congratulations, | ||
| + | \\ \\ | ||
| + | ===== Troubleshooting steps ===== | ||
| + | |||
| + | TFTP file transfer doesn' | ||
| + | * Check if your TFTP server is running and listening | ||
| + | * Check if TFTP folder is set up correctly (location, access rights) | ||
| + | * Check if firmware file is set up correctly (location, access rights) | ||
| + | TFTP file transfer works from local computer, but not from another computer: | ||
| + | * Check if network cable is connected properly | ||
| + | * Check if server IP is set correctly | ||
| + | * Make sure server firewall allows inbound TFTP on UDP port 69 | ||
| + | * Check that you have opened up UDP 69 traffic from the local subnet in the host firewall. | ||
| + | * Restart the server if you have just changed the local host IP address. | ||
| + | TFTP file transfer works from another computer, but not from router: | ||
| + | * Check if server IP is set correctly (same as router is searching for) | ||
| + | * Check that the host running the TFTP server is using the specific fixed IP address and subnet mask that your router is expecting to use. | ||
| + | * Try using alternate cable, a crossover cable or alternate switch/ | ||
| + | * Try connecting to an alternate port on the router / routers switch | ||
| + | * Pay attention to any output or verbosity from the router console or led activity if available | ||
| + | * Verify the arp cache on either host... server side is easier... | ||
| + | * Use arp -s to add a static mapping or arp -d to delete stale entries... | ||
| + | * Use a third host to simply ping the router, both with static addresses if possible | ||
| + | * Try an alternate server software, client software or TFTP transfer mode | ||
| + | * If you get some activity, timing can often yield results, power cycle the router and start the transfer earlier or later... | ||
| + | * Check that you have downloaded a firmware image that contains " | ||
| + | * Run a packet sniffing tool like [[https:// | ||