Attended Sysupgrade to 23.05.3 - no LUCI, SSH or PING but WIFI working - locked out

hi there,

i have 4 devices that I wanted to upgrade through attended sysupgrade from 23.05.2 to 23.05.3

started with my router AVM 7530 and that went through. no issues

but AVM 1200 Repeater and Xiaomi AX6000 are coming up, I see the wifi but I can't access LUCI, SSH, Ping etc. no chance, all I can do is failsafe mode, sysupgrade 23.05.2 or 23.05.3 but inserting my config puts it into same mode.

any ideas what to do?

Looks like your config is tainted?

tainted?

what is the procedure to do failsafe » sysupgrade and apply config as quick as possible without redoing everything again?

is there a way? I go crazy applying everything by hand again…

i don't understand why the system shows WIFI but I can't ping it or enter ssh / luci

Enter failsafe mode
https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset#entering_failsafe_mode
Likely you need to backuop configuration from mounted root, then proceed with sysupgrade with reset

1 Like

I did that, entered failsafe, installed 23.05.3, entered unconfigured AP, made a reset after that I took my config again and … dead again.

wifi is on but I'm refused to enter ssh and luci.

how is this possible? and why is this happening on 2 different devices?

you need to run firstboot;reboot in recovery mode.

I did the first boot command, now it's reseted on 23.05.3 and I can't use my config backup?

maybe I can copy paste manually from config backup? is there a best practice?

But firstboot should be same as sysupgrade without storing config - dhcp server and luci on 192.168.1.1

it looks like the problem is because of the "dumb AP" where I had to deactivate
firewall dnsmasq odhcpd

and that is being activated again. that's why my router was updated flawless with this services running. now I need to figure out how to disable them through failsafe

Probably you had to add some file to /etc/sysupgrade.conf to keep configuration across upgrade.
You can uninstall those packages and restore your config.

no nothing like this, I had to manually stop and disable firewall dnsmasq odhcpd
but all these services are getting enabled again by updates

you can safely remove fw4, or configure it to accept in all zones all (you can drop forward, the br-xxx does not count as forward)
You have to figure out by trying with dnsmasq, no harm running it on lopback only.
You have to figure out yourself about odhcp,, i think it starts with interface only.

for my dumb ap to be upgradeable do this:

failsafe
mount_root
vim /etc/rc.local

add this

/etc/init.d/firewall stop
/etc/init.d/dnsmasq stop
/etc/init.d/odhcpd stop
/etc/init.d/firewall disable
/etc/init.d/dnsmasq disable
/etc/init.d/odhcpd disable

exit 0

done, then you can access ssh and Luci again

1 Like

It is solved in snapshots where sysupgrade does service state restore.

1 Like

My xiaomi 4AG / 4C as a dAPs, I never disable those firewall/dnsmsq/odhcpd and upgradeable to v23.05.3 or my persional build.

I met one time, I could not access luci / ssh, then I find the problem is my PC could not get the IP from a DHCP server, the solution is either connect the dAP to the main router or set my PC static IP manually.

I prefer to neutralize services in their configs so that sysupgrade from release notes works as is.

how? examples for the 3 of them please :slight_smile:

firewall - set all zones all 3 actions to accept.
dnsmasq - listen only on loopback

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.