Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:troubleshooting:tftpserver [2022/07/25 09:53] – [What is TFTP Recovery over Ethernet?] socrates | docs:guide-user:troubleshooting:tftpserver [2024/04/28 17:45] – Logical restructuring anf small fixes jalakas | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Setting up a TFTP server for TFTP Recovery/ | ||
| - | {{page> | ||
| - | Access to TFTP-client ('' | ||
| - | If your computer is also used as a desktop computer for general purpose or for other purpose than build/ | ||
| - | \\ | ||
| - | |||
| ===== What is TFTP Recovery over Ethernet? ===== | ===== What is TFTP Recovery over Ethernet? ===== | ||
| Line 13: | Line 7: | ||
| **1. TFTP recovery client** | **1. TFTP recovery client** | ||
| - | For many routers the recovery | + | For many routers, the recovery |
| - | Other devices do not have automatic pull function and they need manual | + | Other devices do not have automatic pull function and they need you to manually |
| **2. TFTP recovery server** | **2. TFTP recovery server** | ||
| Line 23: | Line 17: | ||
| The below article mainly advises on the first mode of recovery, i.e. the router runs a TFTP client and you need to host the firmware image on a TFTP server. | The below article mainly advises on the first mode of recovery, i.e. the router runs a TFTP client and you need to host the firmware image on a TFTP server. | ||
| \\ | \\ | ||
| - | + | ===== Is TFTP Recovery | |
| - | + | ||
| - | ===== Is TFTP recovery | + | |
| TFTP recovery over Ethernet is not supported by every router model. TFTP recovery is based on a device- and vendor-specific boot loader that may or may not be present on your device. Check the OpenWrt device page for your precise model to find out, if your device has a boot loader supporting TFTP recovery. If your device supports it, then this recovery function will still be present in your device boot loader, after OpenWrt firmware has been flashed onto the device. | TFTP recovery over Ethernet is not supported by every router model. TFTP recovery is based on a device- and vendor-specific boot loader that may or may not be present on your device. Check the OpenWrt device page for your precise model to find out, if your device has a boot loader supporting TFTP recovery. If your device supports it, then this recovery function will still be present in your device boot loader, after OpenWrt firmware has been flashed onto the device. | ||
| - | Note:\\ | + | Note: |
| - | ● Your device boot loader could alternatively have implemented TFTP recovery over [[: | + | ● Your device boot loader could alternatively have implemented TFTP recovery over [[: |
| ● Your device could also have [[docs: | ● Your device could also have [[docs: | ||
| \\ | \\ | ||
| - | |||
| - | |||
| ===== Setting up TFTP Recovery/ | ===== Setting up TFTP Recovery/ | ||
| Line 46: | Line 36: | ||
| - Stop the TFTP server on your computer | - Stop the TFTP server on your computer | ||
| \\ | \\ | ||
| + | ==== Setting up a TFTP server for TFTP Recovery/ | ||
| - | ===Troubleshooting=== | + | {{page> |
| - | -Check that you have opened up UDP 69 traffic | + | Access to TFTP-client ('' |
| - | -Check that the TFTP server is running. Restart the server if you have just changed the local host IP address. | + | |
| - | | + | |
| - | -Check that you have downloaded | + | |
| - | -Run a packet sniffing tool like [[https://www.wireshark.org/|Wireshark]], | + | |
| - | ===== Setting up TFTP Server ===== | + | |
| - | \\ | + | |
| + | If your computer is also used as a desktop computer for general purpose or for other purpose than build/ | ||
| - | ==== On macOS ==== | + | * //(frwl rule # 1)// allow TFTP traffic (UDP 69) only when connections originate from a local LAN ip.address range and also end in the local LAN ip.address range |
| + | * //(frwl rule # 2)// TFTP traffic is Not-Allowed when it is from/to '' | ||
| + | * //(frwl rule # 3)// TFTP traffic is Not-Allowed when originated from Internet-ip-address //(aka: NON private-LAN ip-address ranges)// | ||
| + | |||
| + | And you must also make sure to do this: after your develop / troubleshooting etc work is done or when you pause to goto other work, then make sure the TFTP-server and TFTP-client both are completely disabled in your OS/distro : turn off TFTP-server service / process, disable TFTP-server startup script file, and **move** the TFTP-client ('' | ||
| + | |||
| + | **<color # | ||
| + | \\ \\ | ||
| + | ==== Setting up a TFTP server on macOS ==== | ||
| macOS provides a native tftpd server that runs the command line. However, it is not verified to work on recent versions (10.15.x). So alternative option-1 is: use '' | macOS provides a native tftpd server that runs the command line. However, it is not verified to work on recent versions (10.15.x). So alternative option-1 is: use '' | ||
| \\ \\ | \\ \\ | ||
| - | |||
| - | |||
| === dnsmasq (on macOS): === | === dnsmasq (on macOS): === | ||
| Line 70: | Line 62: | ||
| ● Launch it in this way (if you use MacPorts pkg-mngr): <code bash> $ sudo / | ● Launch it in this way (if you use MacPorts pkg-mngr): <code bash> $ sudo / | ||
| - | Replace '' | + | Replace '' |
| \\ \\ | \\ \\ | ||
| - | |||
| - | |||
| === macOS Command-Line Native tftpd: === | === macOS Command-Line Native tftpd: === | ||
| For recent versions of macOS, the system-supplied '' | For recent versions of macOS, the system-supplied '' | ||
| - | ● Configure your network interface for the proper server address for your device. Using System Preferences > Network is perhaps the easiest.\\ | + | ● Configure your network interface for the proper server address for your device. Using System Preferences > Network is perhaps the easiest. |
| - | ● Connect your device to the network interface\\ | + | ● Connect your device to the network interface. |
| ● Start '' | ● Start '' | ||
| $ sudo cp path/ | $ sudo cp path/ | ||
| Line 89: | Line 79: | ||
| * When done with '' | * When done with '' | ||
| \\ | \\ | ||
| - | |||
| - | |||
| === TftpServer.app (on macOS): === | === TftpServer.app (on macOS): === | ||
| Line 108: | Line 96: | ||
| - Click "Stop TFTP" or quit the application to stop the TFTP server. | - Click "Stop TFTP" or quit the application to stop the TFTP server. | ||
| - Precautions : keep this app firewalled //(and allow only LAN based TFTP)//, or disable this app when you are done working with TFTP, or disable this app when you pause to goto other work. Do not keep this app continuously running. | - Precautions : keep this app firewalled //(and allow only LAN based TFTP)//, or disable this app when you are done working with TFTP, or disable this app when you pause to goto other work. Do not keep this app continuously running. | ||
| - | \\ \\ | + | \\ |
| + | === PumpKIN.app (on macOS): === | ||
| - | |||
| - | === PumpKIN.app (on macOS): === | ||
| This app '' | This app '' | ||
| * It is developed by Michael Krelin ( // | * It is developed by Michael Krelin ( // | ||
| * The '' | * The '' | ||
| * Precautions : keep this app firewalled //(and allow only LAN based TFTP)//, or disable this app when you are done working with TFTP, or disable this app when you pause to goto other work. Do not keep this app continuously running. | * Precautions : keep this app firewalled //(and allow only LAN based TFTP)//, or disable this app when you are done working with TFTP, or disable this app when you pause to goto other work. Do not keep this app continuously running. | ||
| - | \\ \\ | + | \\ |
| - | + | ||
| === Tools/Pkgs via Pkg-Mngr (on macOS): === | === Tools/Pkgs via Pkg-Mngr (on macOS): === | ||
| Line 125: | Line 110: | ||
| if you have MacPorts pkg-mngr, then run**:** <code bash> $ sudo port install inetutils dnsmasq </ | if you have MacPorts pkg-mngr, then run**:** <code bash> $ sudo port install inetutils dnsmasq </ | ||
| * the '' | * the '' | ||
| - | \\ \\ | + | \\ |
| + | ==== Setting up a TFTP server on Windows ==== | ||
| - | + | While there is a command line TFTP **client** feature in Windows, Microsoft has stopped shipping a tftp **server** for security reasons. A third party tftp server will therefore be required. | |
| - | ==== On Windows ==== | + | |
| - | While there is a command line TFTP **client** feature in Windows, Microsoft has stopped shipping a tftp **server** for security reasons. | + | |
| The built-in client tftp feature can be installed from an administrator cmd.exe command prompt as follows: < | The built-in client tftp feature can be installed from an administrator cmd.exe command prompt as follows: < | ||
| - | \\ \\ | + | \\ |
| Regardless of which TFTP server below that you choose to use, you will need to open a local firewall rule to allow inbound client TFTP connections from the local subnet. For security reasons, only traffic from the local LAN subnet should be allowed. Start a cmd.exe prompt as admin then run: | Regardless of which TFTP server below that you choose to use, you will need to open a local firewall rule to allow inbound client TFTP connections from the local subnet. For security reasons, only traffic from the local LAN subnet should be allowed. Start a cmd.exe prompt as admin then run: | ||
| < | < | ||
| Line 144: | Line 128: | ||
| Place the file you want to send (the firmware file usually) in the same folder where you find the **Tftpd64** program file. The folder exposed through TFTP can be changed by clicking on Browse button, but in most situations you don't need to do that. | Place the file you want to send (the firmware file usually) in the same folder where you find the **Tftpd64** program file. The folder exposed through TFTP can be changed by clicking on Browse button, but in most situations you don't need to do that. | ||
| - | Configure your ethernet | + | Configure your Ethernet |
| - | This application might stop listening on the local TCP port that you need it at the moment | + | This application might stop listening on the local UDP port at the very moment |
| * Disable [[https:// | * Disable [[https:// | ||
| netsh interface ipv6 set global dhcpmediasense=disabled</ | netsh interface ipv6 set global dhcpmediasense=disabled</ | ||
| Line 157: | Line 141: | ||
| Now the TFTP server is online and ready, and the file(s) in it can be accessed as normal. | Now the TFTP server is online and ready, and the file(s) in it can be accessed as normal. | ||
| \\ \\ | \\ \\ | ||
| - | |||
| - | |||
| === Tiny PXE (on Windows): === | === Tiny PXE (on Windows): === | ||
| [[http:// | [[http:// | ||
| \\ \\ | \\ \\ | ||
| + | === Solarwinds TFTP Server === | ||
| - | === Solarwinds TFTP Server === | ||
| A free TFTP server for Windows can be downloaded [[https:// | A free TFTP server for Windows can be downloaded [[https:// | ||
| Line 170: | Line 152: | ||
| * Under File | Configure | Security, set "Send files" as the only permissible action. | * Under File | Configure | Security, set "Send files" as the only permissible action. | ||
| * Change the local LAN IP address of your computer to the static IP that your router expects. | * Change the local LAN IP address of your computer to the static IP that your router expects. | ||
| - | * Follow the procedure for your specific router to trigger its TFTP client to download the firmware image you are hosting. | + | * Follow the procedure for your specific router to trigger its TFTP client to download the firmware image you are hosting. |
| * Watch the Solarwinds console to ensure that the router has downloaded the firmware file. | * Watch the Solarwinds console to ensure that the router has downloaded the firmware file. | ||
| - | Important: Stop and disable | + | <color # |
| < | < | ||
| sc config " | sc config " | ||
| sc stop " | sc stop " | ||
| </ | </ | ||
| - | |||
| - | \\ | ||
| - | ==== On Linux ==== | ||
| \\ | \\ | ||
| + | ==== Setting up a TFTP server on Linux ==== | ||
| + | === dnsmasq (on Linux): === | ||
| + | **dnsmasq** is pre-installed in most distributions. | ||
| + | |||
| + | Create directory where you want to put the recovery image file: <code bash> | ||
| + | bash# mkdir /srv/tftp </ | ||
| + | |||
| + | Put an image file into your directory - actual name will vary: <code bash> | ||
| + | bash# cp ~/ | ||
| - | === Dnsmasq (on Linux): === | + | Run TFTP server: <code bash> |
| + | bash# dnsmasq --listen-address=0.0.0.0 --port=0 --enable-tftp --tftp-root=/srv/tftp --tftp-no-blocksize --user=root --group=root </ | ||
| - | **Dnsmasq** is pre-installed in most distributions. | ||
| - | Put an image file into your directory - actual name will vary. | ||
| - | Then run TFTP server: <code bash> | ||
| - | bash# dnsmasq --port=0 --enable-tftp --tftp-root=/ | ||
| Check if your TFTP server is listening: <code bash> | Check if your TFTP server is listening: <code bash> | ||
| bash# netstat -lunp | grep 69 </ | bash# netstat -lunp | grep 69 </ | ||
| \\ | \\ | ||
| - | + | === atftpd (on Linux): === | |
| - | + | ||
| - | === atftpd (on Linux): === | + | |
| You can also use **atftpd**: | You can also use **atftpd**: | ||
| Line 206: | Line 189: | ||
| </ | </ | ||
| - | Create directory where you want to put the image file: <code bash> | + | Create directory where you want to put the recovery |
| bash# mkdir /srv/tftp </ | bash# mkdir /srv/tftp </ | ||
| Line 221: | Line 204: | ||
| bash# netstat -lunp|grep 69 </ | bash# netstat -lunp|grep 69 </ | ||
| * //If not set, you should try running TFTP server as superuser.// | * //If not set, you should try running TFTP server as superuser.// | ||
| - | \\ \\ | + | \\ |
| + | === Testing TFTP server (on Linux): === | ||
| - | + | **Check that you can in fact pull the file from your TFTP server.** | |
| - | ==== Testing TFTP server ==== | + | Preferably from another computer call your TFTP server IP: (//or if not possible, in same server call IP 0.0.0.0//): <code bash> |
| - | + | ||
| - | **Check that you can in fact pull the file from your TFTP server.**\\ | + | |
| - | Preferably from another computer call your TFTP server IP: (//or if not possible, in same server call IP 0.0.0.0//): <code bash> | + | |
| bash# tftp 192.168.0.66 | bash# tftp 192.168.0.66 | ||
| tftp> get tp_recovery.bin | tftp> get tp_recovery.bin | ||
| Line 234: | Line 215: | ||
| If you have received the file, congratulations, | If you have received the file, congratulations, | ||
| \\ \\ | \\ \\ | ||
| - | + | ===== Troubleshooting | |
| - | + | ||
| - | ===== Troubleshooting ===== | + | |
| TFTP file transfer doesn' | TFTP file transfer doesn' | ||
| Line 246: | Line 225: | ||
| * Check if server IP is set correctly | * Check if server IP is set correctly | ||
| * Make sure server firewall allows inbound TFTP on UDP port 69 | * Make sure server firewall allows inbound TFTP on UDP port 69 | ||
| + | * Check that you have opened up UDP 69 traffic from the local subnet in the host firewall. | ||
| + | * Restart the server if you have just changed the local host IP address. | ||
| TFTP file transfer works from another computer, but not from router: | TFTP file transfer works from another computer, but not from router: | ||
| * Check if server IP is set correctly (same as router is searching for) | * Check if server IP is set correctly (same as router is searching for) | ||
| + | * Check that the host running the TFTP server is using the specific fixed IP address and subnet mask that your router is expecting to use. | ||
| * Try using alternate cable, a crossover cable or alternate switch/ | * Try using alternate cable, a crossover cable or alternate switch/ | ||
| * Try connecting to an alternate port on the router / routers switch | * Try connecting to an alternate port on the router / routers switch | ||
| Line 256: | Line 238: | ||
| * Try an alternate server software, client software or TFTP transfer mode | * Try an alternate server software, client software or TFTP transfer mode | ||
| * If you get some activity, timing can often yield results, power cycle the router and start the transfer earlier or later... | * If you get some activity, timing can often yield results, power cycle the router and start the transfer earlier or later... | ||
| - | \\ | + | * Check that you have downloaded a firmware image that contains " |
| + | * Run a packet sniffing tool like [[https:// | ||