Upgrade a router running OpenWrt
Think about how often Linux running on our computers and our phones gets security patches and updates. Now how often do home routers get updated? Ummm … not good!
I have an old router (TP-Link TL-WDR3600 v1.5) that is running OpenWrt “Barrier Breaker” v14.07 that I upgrade to the latest stable release. Both OpenWrt and the former LEDE project have (re)joined forces and LEDE “Reboot” v17.01.04 is the current OpenWrt stable release with updates.
0. Download firmware
Consult the Table Of Hardware and download the OpenWrt/LEDE sysupgrade firmware specific for my device.
Firmware (as of 2018-06-17) for my TP-Link router:
1. Verify firmware
Target architecture (for my router) is
ar71xx. Verify the firmware by retrieving the
sha256sums.gpg files from the target architecture archive …
$ wget https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/sha256sums $ wget https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/sha256sums.gpg
Verify signature …
$ gpg --with-fingerprint --verify sha256sums.gpg sha256sums gpg: Signature made Wed 18 Oct 2017 05:56:19 AM EDT gpg: using RSA key 833C6010D52BBB6B gpg: Can't check signature: No public key
… and check
RSA key 833C6010D52BBB6B against OpenWrt/LEDE public keys.
Verify integrity of download …
$ sha256sum -c --ignore-missing sha256sums lede-17.01.4-ar71xx-generic-tl-wdr3600-v1-squashfs-sysupgrade.bin: OK
Upgrading an existing OpenWrt router from the web admin GUI, using the instructions found on the Sysupgrading page. Note that when making a big jump between versions like I am doing its strongly recommended not to backup the settings. Go with the default setup and the configuration changes in the new version and make changes post-install.
2.1 Connect to the router (preferably via ethernet).
2.2 Login to the OpenWrt web admin GUI (default IP: 192.168.1.1) and in
System->Backup/Flash Firmware, go to Flash new firmware image.
2.3 Uncheck the Keep settings checkbox.
2.4 Double-check that the firmware matches the router model and the filename ends with …-sysupgrade.bin
2.5 In Flash new firmware image, click Choose file to select the firmware, then click Flash image….
2.6 Next is Flash Firmware - Verify that contains a checksum of the firmware just uploaded to the router.
On OpenWrt versions >15.04 its a sha256 checksum, older versions use a MD5 checksum. I confirm that (in my case, MD5) checksums match …
$ md5sum lede-17.01.4-ar71xx-generic-tl-wdr3600-v1-squashfs-sysupgrade.bin e3c685101e2b00ffaa4d11398411d457 lede-17.01.4-ar71xx-generic-tl-wdr3600-v1-squashfs-sysupgrade.bin
2.7 If checksums match, click Proceed. This loads the System - Flashing… page with spinning wheel as the new firmware is installed on the router.
2.8 After the firmware has finished installing and the router has rebooted, confirm I can access the web admin GUI. Set a root password. Test logging in via SSH.
I recreate settings for my ISP, static leases for devices, firewall and port forwarding rules, and add services like Dynamic DNS (DDNS).