Upgrade a router running OpenWrt

Last modified on 2018-06-17

Think about how often Linux running on our computers and our phones gets security patches and updates. Now how often do home routers get updated? Ummm … not good!

Let’s go!

I have an old router (TP-Link TL-WDR3600 v1.5) that is running OpenWrt “Barrier Breaker” v14.07 that I upgrade to the latest stable release. Both OpenWrt and the former LEDE project have (re)joined forces and LEDE “Reboot” v17.01.04 is the current OpenWrt stable release with updates.

0. Download firmware

Consult the Table Of Hardware and download the OpenWrt/LEDE sysupgrade firmware specific for my device.

Firmware (as of 2018-06-17) for my TP-Link router: lede-17.01.4-ar71xx-generic-tl-wdr3600-v1-squashfs-sysupgrade.bin

1. Verify firmware

Target architecture (for my router) is ar71xx. Verify the firmware by retrieving the sha256sums and sha256sums.gpg files from the target architecture archive …

$ wget https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/sha256sums
$ wget https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/sha256sums.gpg

Verify signature …

$ gpg --with-fingerprint --verify sha256sums.gpg sha256sums
gpg: Signature made Wed 18 Oct 2017 05:56:19 AM EDT
gpg:                using RSA key 833C6010D52BBB6B
gpg: Can't check signature: No public key

… and check RSA key 833C6010D52BBB6B against OpenWrt/LEDE public keys.

Verify integrity of download …

$ sha256sum -c --ignore-missing sha256sums
lede-17.01.4-ar71xx-generic-tl-wdr3600-v1-squashfs-sysupgrade.bin: OK

2. Sysupgrade

Upgrading an existing OpenWrt router from the web admin GUI, using the instructions found on the Sysupgrading page. Note that when making a big jump between versions like I am doing its strongly recommended not to backup the settings. Go with the default setup and the configuration changes in the new version and make changes post-install.

2.1 Connect to the router (preferably via ethernet).

2.2 Login to the OpenWrt web admin GUI (default IP: and in System->Backup/Flash Firmware, go to Flash new firmware image.

2.3 Uncheck the Keep settings checkbox.

2.4 Double-check that the firmware matches the router model and the filename ends with …-sysupgrade.bin

2.5 In Flash new firmware image, click Choose file to select the firmware, then click Flash image….

Flash firmware

2.6 Next is Flash Firmware - Verify that contains a checksum of the firmware just uploaded to the router.

Flash firmware verify

On OpenWrt versions >15.04 its a sha256 checksum, older versions use a MD5 checksum. I confirm that (in my case, MD5) checksums match …

$ md5sum lede-17.01.4-ar71xx-generic-tl-wdr3600-v1-squashfs-sysupgrade.bin
e3c685101e2b00ffaa4d11398411d457  lede-17.01.4-ar71xx-generic-tl-wdr3600-v1-squashfs-sysupgrade.bin

2.7 If checksums match, click Proceed. This loads the System - Flashing… page with spinning wheel as the new firmware is installed on the router.

2.8 After the firmware has finished installing and the router has rebooted, confirm I can access the web admin GUI. Set a root password. Test logging in via SSH.

LEDE login

3. Settings

I recreate settings for my ISP, static leases for devices, firewall and port forwarding rules, and add services like Dynamic DNS (DDNS).

Happy hacking!