Locked out from WRT1900ACS on Chaos Calmer

Dear forum,
I accidentally locked myself out when I unchecked "masquerading" and "MSS clamping" in the firewall zone settings. Very embarrassing.
The router and software has worked well for several years. I think it is a ACSv2 version, if I remember correctly. There was something special with it anyway, but following the instructions on this forum, everything installed nicely.
How can I undo those last changes that locked me out?

Thanks very much for any help,

https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset via mount_root you can mount the overlay and change faulty settings - or firstboot it instead.

Thank you for reaching out slh!
The power LED blinking does not match the described pattern. It rather directly goes into slow blink and trying to press either the refresh or reset button occasionally or fiercely during the startup process does not seem to have any effect. My CC version is 15.05 and if I understand correctly, it only supports telnet in failsafe mode. I only get a "no route to host" when trying to connect. Looks like it never enters failsafe mode, since the wireless indicators light up eventually.
Would it be better to just download a fresh version and start all over?


I have no experience with Linksys mvebu devices myself, but in general you use the WPS button to enter failsafe mode - the trick is usually to press it many times (don't hold it down, spam the button) immediately after powering on the router.

In the worst case you should always be able to boot into the alternative firmware installation (Linksys specific, but I think switching it on and off 4 times before it finished booting, to toggle the boot order) or to upload a new one via tftp - these would have the disadvantage that you would lose your settings though, so the normal failsafe environment with mount_root might be better

This implies you edited WAN. The web GUI is not accessible from WAN by default anyway.

  • Can you access the device via LAN ports?

If so, you can get back to the firewall screen and recheck MSS Clamping and Masquerade.

Thanks for reaching out!
Those settings were the last ones I changed before I was locked out, but there were other changes as well. I was trying to add a DMZ, but should have read a tutorial first instead of experimenting...
I have disconnected the router and hooked it up directly to a PC with a LAN cable. The PC is set to The router responds to ping on, but does not enter failsafe mode. No route to host error for both ssh and telnet Listening with sudo tcpdump -Ani enp2s0 port 4919 and udp as suggested here on the forum, produces nothing. I wish it had a usb port!