IS THERE A WAY I CAN DISABLE THe FAILSAFE MODE in openwrt/lede
i dont wat someone change the settings of my router...
IS THERE A WAY I CAN DISABLE THe FAILSAFE MODE in openwrt/lede
i dont wat someone change the settings of my router...
The effect of pressing a button is that a script in /etc/rc.button is called. You can edit or remove those scripts or chmod -x them.
It can also be disabled in menuconfig
if compiling an image
I figure that if someone has physical access to my network, I've got bigger problems then them struggling to click the button just right to get my router into OpenWRT failsafe mode.
I think you've got a TP-Link router. If so, disabling the OpenWRT failsafe mode isn't going to disable the TP-Link TFTP boot loader.
If you're really wonked about it, put a firewall between the rest of your network and the TP-Link's LAN ports and block 192.168.1.0/24.
While slightly semantical, having physical access to a network and physical access to the router as root are two completely different things, with the semantics depending on the situation and mainly applying to random guests, friends, or family.
Probably best to buy or construct a physical lock that covers the button. Something at the hardware store with a hinge / hasp and some super-glue or the like. You WILL eventually need to use that button so completely eliminating the function is just asking to brick your router eventually.
You could perhaps also have it do all the normal failsafe stuff except enable ssh with a default password or a public key that you've set, at least then you can recover from network misconfiguration while retaining ssh security.
For businesses, this should always be how routers and servers are housed, but for consumers, this is overkill, unless there's specific security reasons for doing so.
Since anyone flashing 3rd party firmware should have a USB-TTL or USB-UART before flashing, there is zero need for a reset button or failsafe mode provided one has a means to access the serial header/pads.
menuconfig
, as there's no point to it if one has access to the serial interface.That's an unreasonable assumption, in my opinion. I've been flashing third-party firmware since the early WRT54g days, and never opened a router to attach a serial cable.
Well, I suspect lots of people do flash firmware without a serial cable, I know I do, so yes, either you need a serial cable, and often to solder headers on the board, or you need something else... like failsafe mode.
So how exactly would you go about unbricking your router if you bricked it from a bad firmware flash?
TFTP from the bootloader
And how do you access the bootloader without a means for TTL communication?
Don't need to, the TP-Link boot loader tries to connect to a TFTP server at a known IP address, or, with some of my long-retired devices, opens a TFTP server that you can "grab" during the boot process.
Don't need to, the bootloader tries to connect to a TFTP server at a known IP address, or, with some of my long-retired devices, opens a TFTP server that you can "grab" during the boot process.
You're making several erroneous assumptions about the vast majority of devices and users based upon your own subjective experience and knowledge.
I'd bet that if you ran a survey of users of third-party software on home routers, you'd find that the vast majority of them them simply download it from OpenWRT, LEDE, DD-WRT, Tomato, what have you, and flash it. I'd further bet that only a tiny fraction have the equipment to make a serial connection and even fewer have ever opened the device and connected it.
I'd bet that if you ran a survey of users of third-party software on home routers, you'd find that the vast majority of them them simply download it from OpenWRT, LEDE, DD-WRT, Tomato, what have you, and flash it. I'd further bet that only a tiny fraction have the equipment to make a serial connection and even fewer have ever opened the device and connected it.
You may very well be correct, but it's definitely not the easiest, or correct, way to go about this. I'll leave it at this:
I believe in having the right tools for the job, as doing so makes one's life far easier when problems arise.
my point has already been answered....by eleminating failsafemode a rc-button....which will prevent someone viewing the configuration inside the router specially the vpn...
i deleted the failsafe mode,is there a chane is will come back
Unless you exclusively disable it in menuconfig
, it will be active upon flashing a new image