Upgrading TP-Link Archer C7 v2 from 21.02.1 to 23.05.0 remotely

This is a placeholder topic for a future upgrade of the router.

Background: I am still in the Philippines, but my mother still lives in Russia. She still has a TP-Link Archer C7 v2 with OpenWrt 21.02.1, r16325-88151b8303 installed. I have remote access to the unit, but returning to Russia is completely out of the question for obvious safety reasons. If I screw anything up, there is no way to recover.

The ISP provides plain old DHCP + DHCPv6 with prefix delegation (but needs a MAC changed from the default). However, the router runs quite some non-default stuff: PPtP VPN for censorship circumvention, mwan3 for applying the policy regarding which devices go through the VPN and which don't, dynamic DNS client (just in case - the ISP reserves the right to change the IP, but did not do it in the past 2 years), and a WireGuard VPN to my home in the Philippines. mwan3 has some firewall trickery because of IPv6. The 5 GHz WiFi is not used because the laptop only supports 2.4 GHz, and everything else is on the wired connection.

The router needs to be upgraded to a supported version, but I have seen enough stories where something was wrong after upgrading and preserving settings.

I have another TP-Link Archer C7 v2 locally.

Would the below be a sensible procedure? If not - what would you recommend as an alternative?

  • Make a backup, and, just in case, a tarball of everything in /etc, for future reference
  • Use the Firmware Selector to build a custom image containing the minimum stuff to get a working connection (i.e. the defaults + luci-app-ddns),
  • While building the image, add a custom startup script that enables the WiFi and sets the correct security settings, sets the correct WAN MAC, sets the correct LAN IP network, sets the correct root password, adds my SSH key, configures dynamic DNS, allows SSH on the WAN zone, and allows connecting from WAN to LAN over IPv6 (so that I maintain my access to the laptop)
  • Test the image locally without keeping the settings
  • Flash that image on the remote router without keeping the settings
  • Configure the VPNs and mwan3 manually according to what is in the backup

I have not tested the proposal outlined above.

You really need a backup plan like another router or your mother being able to use the internet without a router.
Having an identical unit brings in another posibility (possibly expensive) by configuring the unit in your premises and shipping it over to your mother.

The backup plan of shipping the router would have been of course much better, but it has already failed. It is literally impossible to ship anything due to sanctions. All postal services (even the state ones) reject everything, even documents.

A USB Ethernet adapter exists, and plugging the ISP's cable into it might be a viable choice if the current router ends up being bricked.

1 Like

You could eventually use the laptop as gateway for any small twicks in case router boots but the internet is not up.
I would tend to keep the remote config as close as possible to defaults having only the wifi and wireguard configured as a management connection and the downside would be that you risk breaking the router when you bring up you other networking services...

Well...there is no perfect plan and you could just live dangerously :slight_smile: and test the upgrade with your local unit then press the red button :red_circle: