Messed up trying to downgrade in the persuit of tailscale

Hello, new user here. I was trying to install tailscale on my archer a7, and for whatever reason it wasn't available for the newest version 23.05.4, so I thought I'd go back to 23.05.03 because I could see it there. That flash went well but for some reason the storage was full so I couldn't install it again. I tried clicking the reset in luci but the storage was still full. I went to delete some files in /overlay/upper but it wasn't helping. I thought, maybe I'll try to reflash the original factory image and foolishly ignored the warning thinking "eh, it was fine the first time I put it on". Anyway, now it's bricked and only the power light comes on.
At first I tried following this guide https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset. I set my address as 192.168.1.10

but I can't get the led to flash, and/or they never flash so I can press a button. It's only the power button. When I go to 192.168.1.1 all I get is the text "LuCI - Lua Configuration Interface" and then the page changes to Unable to connect.
Then I tried another guide, tp-link's vendor specific recovery https://openwrt.org/docs/guide-user/troubleshooting/vendor_specific_rescue
I'm able to get something new and a circle led comes on for a couple seconds
I changed my address to 192.168.0.2 but neither http://192.168.0.1 or http://192.168.0.254 open anything. Any idea what I'm doing wrong? Thanks!

Most likely stale cache on the browser.

I would suggest to use the TFTP method and not the browser.

Hello trendy, ah, I was hoping to avoid that as it looks complicated, okay.
Here's what I tried:

[drm@archlinux srv]$ dnsmasq --listen-address=0.0.0.0 --port=0 --enable-tftp --tftp-root=/home/drm/srv/tftp --tftp-no-blocksize --user=root --group=root
dnsmasq: failed to create listening socket for port 69: Permission denied
[drm@archlinux srv]$ sudo dnsmasq --listen-address=0.0.0.0 --port=0 --enable-tftp --tftp-root=/home/drm/srv/tftp --tftp-no-blocksize --user=root --group=root
[drm@archlinux srv]$ netstat -lunp | grep 69
bash: netstat: command not found
[drm@archlinux srv]$ ss -lunp | grep 69
UNCONN 0      0             0.0.0.0:69         0.0.0.0:*                                          
UNCONN 0      0                   *:51531            *:*    users:(("kdeconnectd",pid=6875,fd=69))
UNCONN 0      0                [::]:69            [::]:*                                          
[drm@archlinux srv]$  tftp 0.0.0.0
bash: tftp: command not found
[drm@archlinux srv]$ sudo pacman -S tftp-hpa
[drm@archlinux srv]$ tftp 0.0.0.0
tftp> get ArcherC7v5_tp_recovery.bin
tftp: ArcherC7v5_tp_recovery.bin: Permission denied
tftp> q
sudo tftp 0.0.0.0
tftp> get ArcherC7v5_tp_recovery.bin
Transfer timed out.

I have my address changed to this

and changed the stock file name to ArcherC7v5_tp_recovery.bin and uploaded it to /home/drm/srv/tftp for the dnsmasq command.
There's a couple steps missing from the guide and outdated tools, who should I reach out to let them know netstat is no longer used? Any idea why the tftp server is timing out?

netstat is still used, ss is not dominant on all distributions. But we can update that.
Permission denied means either firewall or some other prohibition from the application to get the file, e.g file permissions.

Oh, can't hurt to have both methods in, thanks for updating that! It did change to timeout when I ran it as sudo, and the permissions in the file are properly set for my user

I do not have a firewall installed with vanilla arch linux. Any idea what I should try?

After you connect to the tftp server give a status command instead of get.

Here is that response to status

[drm@archlinux ~]$ sudo tftp 0.0.0.0
tftp> status
Connected to 0.0.0.0.
Mode: netascii Verbose: off Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> get ArcherC7v5_tp_recovery.bin
Transfer timed out.

tftp> 

is there a way to increase the timeout max? Honestly 25s seems more than sufficient for such a small file so I assume that something else is amiss.

Try with a shorter name. If that doesn't work try with different server, like tftpd-hpa.

Okay I renamed to recover.bin

[drm@archlinux ~]$ sudo tftp 0.0.0.0
[sudo] password for drm: 
tftp> status
Connected to 0.0.0.0.
Mode: netascii Verbose: off Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> get recover.bin
Transfer timed out.

tftp> q

Same thing, so, anyway, I went looking how to start another server and figured I should stop dnsmasq and stumbled upon it not running in the first place? Is that normal for the dnsmasq command for tftp since I don't need its DNS?

[drm@archlinux ~]$ systemctl status dnsmasq
○ dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:dnsmasq(8)

but when I tried to activate it I got an error

[drm@archlinux ~]$ sudo systemctl start dnsmasq.service
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xeu dnsmasq.service" for details.
[drm@archlinux ~]$ systemctl status dnsmasq.service
× dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Fri 2024-10-11 09:29:39 CDT; 12s ago
 Invocation: 0d8cc8025c32451787f55b4265ac798e
       Docs: man:dnsmasq(8)
    Process: 426563 ExecStartPre=/usr/bin/dnsmasq --test (code=exited, status=0/SUCCESS)
    Process: 426565 ExecStart=/usr/bin/dnsmasq -k --enable-dbus --user=dnsmasq --pid-file (code=exited, status=2)
   Main PID: 426565 (code=exited, status=2)

Oct 11 09:29:39 archlinux systemd[1]: dnsmasq.service: Scheduled restart job, restart counter is at 5.
Oct 11 09:29:39 archlinux systemd[1]: dnsmasq.service: Start request repeated too quickly.
Oct 11 09:29:39 archlinux systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Oct 11 09:29:39 archlinux systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.

So I went here and followed the instructions to edit the config file https://netbeez.net/blog/read-only-tftp-dnsmasq/ now I get new errors, woo, progress!

[drm@archlinux ~]$ systemctl restart dnsmasq
[drm@archlinux ~]$ cd /home/drm/srv/tftp
[drm@archlinux tftp]$ ls -l
total 6260
-rw-r--r-- 1 drm drm 6409144 Oct  7 17:00 recover.bin
[drm@archlinux tftp]$ sudo chown dnsmasq recover.bin
[drm@archlinux tftp]$ ls -l
total 6260
-rw-r--r-- 1 dnsmasq drm 6409144 Oct 11 09:58 recover.bin
[drm@archlinux tftp]$ tftp
(to) 0.0.0.0
tftp> get recover.bin
tftp: recover.bin: Permission denied
tftp> q
[drm@archlinux tftp]$ sudo tftp
(to) 0.0.0.0
tftp> get recover.bin
Error code 2: cannot access /home/drm/srv/tftp/recover.bin: Permission denied
tftp> 
[drm@archlinux tftp]$ systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; disabled; preset: disabled)
     Active: active (running) since Fri 2024-10-11 09:58:00 CDT; 3min 49s ago
 Invocation: 18761f2480844ea6b7e048ca0fd15aaa
       Docs: man:dnsmasq(8)
    Process: 458651 ExecStartPre=/usr/bin/dnsmasq --test (code=exited, status=0/SUCCESS)
   Main PID: 458660 (dnsmasq)
      Tasks: 1 (limit: 76846)
     Memory: 852K (peak: 2.1M)
        CPU: 48ms
     CGroup: /system.slice/dnsmasq.service
             └─458660 /usr/bin/dnsmasq -k --enable-dbus --user=dnsmasq --pid-file

Oct 11 09:58:00 archlinux systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server...
Oct 11 09:58:00 archlinux dnsmasq[458651]: dnsmasq: syntax check OK.
Oct 11 09:58:00 archlinux systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
Oct 11 09:58:00 archlinux dnsmasq[458660]: started, version 2.90 DNS disabled
Oct 11 09:58:00 archlinux dnsmasq[458660]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth>
Oct 11 09:58:00 archlinux dnsmasq[458660]: DBus support enabled: connected to system bus
Oct 11 09:58:00 archlinux dnsmasq-tftp[458660]: TFTP root is /home/drm/srv/tftp secure mode
Oct 11 09:58:00 archlinux dnsmasq-tftp[458660]: warning: /home/drm/srv/tftp inaccessible
Oct 11 09:59:53 archlinux dnsmasq-tftp[458660]: cannot access /home/drm/srv/tftp/recover.bin: Permission denied

strangely, after running sudo tftp the file changed to be 0 bytes, like it broke it. I think we're closer here than with tftpd-hpa, any idea what's wrong now?

It seems to me like a permission issue. You should not only have correct permissions on the file, but in the folder(s) as well.

Are

[drm@archlinux ~]$ sudo chown dnsmasq /home/drm/srv/tftp
[drm@archlinux ~]$ sudo chown dnsmasq /home/drm/srv/tftp/recover.bin

not the right commands? The file still shows drm as owner

and does the same 0 byte thing after attempting to get.

They are the right commands.
Move the tftp root folder in /tmp and make it globally accessible.

If you do unbrick it, you can forget about running tailscale on it. You need at least 256MB ram, preferably a faster/multicore cpu too.

I was worried about that, my knowledge on network hardware is lacking. Is it correct that you're better off separating your access point, router, and modem? Would there be noticable improvements on a gig down/60 up cable service compared to a CODA-5712 combo unit provided by the ISP? I hope to get gig up one day when fiber is in the area, but wouldn't that require a special modem? I can't install anything on their unit so at the least I think an access point is necessary? What kind of equipment would you suggest for this use-case?

Hmm okay, so to make it globally available I commented tftp-secure

# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure

and ran

[drm@archlinux ftpd]$ sudo chown 777 recover.bin
[drm@archlinux ftpd]$ sudo chmod 777 recover.bin

I added chmod in case it was permissions and not ownership? Not exactly sure on the difference.
Same thing though now I can get a timeout without running tftp as sudo

[drm@archlinux ftpd]$ tftp 0.0.0.0
tftp> get recover.bin
Transfer timed out.

tftp> status
Connected to 0.0.0.0.
Mode: netascii Verbose: off Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> 

Edit: woops, forgot to put it in the new folder and run systemctl restart dnsmasq I think it's working now, will try on the router

[drm@archlinux ftpd]$ systemctl restart dnsmasq
[drm@archlinux ftpd]$ tftp 0.0.0.0
tftp> status
Connected to 0.0.0.0.
Mode: netascii Verbose: off Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp> get recover.bin
tftp> 

Edit 2:
Okay, so I plugged the tftp server's ethernet into the router's 1st lan port. It did the arrows for a while and there's more lights now, but luci doesn't seem to be accessible and

[drm@archlinux ftpd]$ ssh root@192.168.1.1
ssh: connect to host 192.168.1.1 port 22: Connection timed out

was it successful? Did I do something wrong? Is it just truly bricked?

Maybe this will help you.

Okay, so the two Wi-Fi lights never turn solid green, while everything up to that point follows the guide. Seems it is truly bricked. Could you please suggest what you'd replace it with?

It very much depends on your needs (apart from tailscale), like Wifi capabilities, CPU, amount of flash. It's better to start a new thread explaining these to get more opinions.

Didn't old tailscale have known vularability and that's why it was removed? Wouldn't it be better to upgrade to snapshots/newer (fixed) version of tailscale?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.