Zyxel NBG6817 not pingable after flashing

linuxuser · December 19, 2023, 4:42pm

I would like to flash another configured image.

Already flashed: OpenWrt 23.05.2, r23630-842932a63d

Checking before flashing:

root@NBG6817:~# md5sum /tmp/openwrt-my-23.05.2-710c28fb1cee-ipq806x-generic-zyxe
l_nbg6817-squashfs-sysupgrade.bin 
273bb5b05af1e5a126419012237af49e  /tmp/openwrt-my-23.05.2-710c28fb1cee-ipq806x-generic-zyxel_nbg6817-squashfs-sysupgrade.bin

Checksum was the same as downloaded:


root@NBG6817:~# sysupgrade -n /tmp/openwrt-my-23.05.2-710c28fb1cee-ipq806x-gener
ic-zyxel_nbg6817-squashfs-sysupgrade.bin 
Tue Nov 14 13:51:12 UTC 2023 upgrade: Commencing upgrade. Closing all shell sessions.
Command failed: Connection failed
root@NBG6817:~# Connection to 192.168.178.12 closed by remote host.
Connection to 192.168.178.12 closed.

Looks as always.

The device itself has a constant white light on the left side at the front and a constant green light at the ethernet port.

PC was changed to 192.168.1.46 after flashing.

I rebooted the PC too and switched the Zyxel already 2 times off.

Ethernet cable was put to another ethernet port too.

Any ideas?

Adding:

Now the green LED at the ethernet port blinks

$ ifconfig 
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.46  netmask 255.255.255.0  broadcast 192.168.1.255

So I am in the right net.

$ ping -c5 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.46 icmp_seq=1 Destination Host Unreachable
From 192.168.1.46 icmp_seq=2 Destination Host Unreachable
From 192.168.1.46 icmp_seq=3 Destination Host Unreachable
From 192.168.1.46 icmp_seq=4 Destination Host Unreachable
From 192.168.1.46 icmp_seq=5 Destination Host Unreachable

--- 192.168.1.1 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4059ms
pipe 4

On the backside there is beside the power button a button to swicht wifi on and off. Should this have any influence when I am connected by cable? Tried both WIfi on and off with a ping.

eduperez · December 20, 2023, 6:25am

What do you mean with "configured" exactly?

slh · December 20, 2023, 6:36am

The nbg6817 has a mature and reliable push-button tftp recovery.

linuxuser · December 20, 2023, 8:06am

I mean I used https://firmware-selector.openwrt.org/

with

ath10k-firmware-qca9984 base-files busybox ca-bundle dnsmasq dropbear e2fsprogs firewall4 fstools kmod-ata-ahci kmod-ata-ahci-platform kmod-ath10k-ct kmod-fs-ext4 kmod-gpio-button-hotplug kmod-leds-gpio kmod-nft-offload kmod-phy-qcom-ipq806x-usb kmod-usb-dwc3-qcom kmod-usb-ledtrig-usbport kmod-usb-ohci kmod-usb2 kmod-usb3 libc libgcc libustream-mbedtls logd losetup luci mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail swconfig uboot-envtools uci uclient-fetch urandom-seed urngd wpad-openssl mesh11sd iperf iperf3

Default is:

ath10k-firmware-qca9984-ct base-files busybox ca-bundle dnsmasq dropbear e2fsprogs firewall4 fstools kmod-ata-ahci kmod-ata-ahci-platform kmod-ath10k-ct kmod-fs-ext4 kmod-gpio-button-hotplug kmod-leds-gpio kmod-nft-offload kmod-phy-qcom-ipq806x-usb kmod-usb-dwc3-qcom kmod-usb-ledtrig-usbport kmod-usb-ohci kmod-usb2 kmod-usb3 libc libgcc libustream-mbedtls logd losetup luci mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail swconfig uboot-envtools uci uclient-fetch urandom-seed urngd wpad-basic-mbedtls

What comes in my mind now:
Not sure, but I think the NBG6817 has 2 boot partitions, maybe it tries to boot from the other partition, which should then be 192.168.0.1 Did not ping this address.

slh · December 20, 2023, 8:12am

The IP address does not change based on the booted firmware slot, nor is there a (known) way to toggle the boot order on a non-booting/ bricked device - but you can flash a new -working- factory image via tftp (always to the first slot), as linked to before.

linuxuser · December 20, 2023, 8:52am

Thanks for the clarification.

$ sudo nmap -sP 192.168.0.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2023-12-20 09:12 CET
Nmap scan report for 192.168.0.46
Host is up.
Nmap done: 256 IP addresses (1 host up) scanned in 10.51 seconds

and

$ sudo nmap -sP 192.168.1.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2023-12-20 09:13 CET
Nmap scan report for 192.168.1.46
Host is up.
Nmap done: 256 IP addresses (1 host up) scanned in 10.51 seconds

Still confused, while the router shows a constant white light, which seems to be fine.

That's the question, which image is working. When I used https://firmware-selector.openwrt.org/ I saw a few times a red block after compiling. I did not download this. If I did another build immediately after the "red block", it showed a normal built image. But I didn't trust this, looks like it was the same as before. I waited a few hours and built one again, which takes a while.

I don't want to flash the same image again as already flashed. Should I flash the default factory download now?

WIth other devices I had problems when I changed the firmware, then I had to flash again. A custom image was the solution.

https://openwrt.org/toh/zyxel/nbg6817#debricking I know already, but don't understand everything. Years ago I used tftp, I don't remember what I did.

Configure your server to 192.168.1.99

So my linux-pc is the server, right?


$ which tftp 
/usr/bin/tftp

I think this is the client, but I need the server.

$ cat /etc/default/tftpd-hpa
# /etc/default/tftpd-hpa

TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/srv/tftp"
TFTP_ADDRESS=":69"
TFTP_OPTIONS="--secure"

Should I change to:

TFTP_OPTIONS="--secure --create"

Do I have to copy the factory file to TFTP_DIRECTORY="/srv/tftp" ?

Do I have to change the permissions?

drwxr-xr-x 2 root nogroup  6 Nov 11 22:54 .
drwxr-xr-x 3 root root    18 Nov 11 22:54 ..

For my understanding, the factory file must be readable only. So if I copy the file as root, it should be enough?

Copy your firmware file into the tftp root directory and rename it to “ras.bin” (i.e. download it from zyxel directly or OpenWrt -factory image)

I want the tftp-server is running only while flashing and not permanently.

How should I start the server?

Boot up your device holding the WPS (Key) button.

So I start the server on the ṕc.

But what are the details with the Zyxel?

I assume the Zyxel is off.

Do I have to press power and WPS at the same time?

and the router needs to be power-cycled.

This means I press the power button and switch it off and on again?

The tftp window is rather short with 3 seconds

So I have to watch the window and do something?

adding an unmanaged 100 MBit/s switch between the router's LAN port and the tftp server can help significantly.

I fear, I have only Gbit-switch.

frollic · December 20, 2023, 9:00am

could also try zycast, @bmork suspects it works on other devices too

linuxuser · December 20, 2023, 9:05am

Is there a binary, I am not familiar with compiling.

frollic · December 20, 2023, 9:10am

[frollic@atlantis ~]$ wget https://raw.githubusercontent.com/bmork/firmware-utils/dd4ce54ee35cb36197ee61f1e979be4264513e55/src/zycast.c
[frollic@atlantis ~]$ cc zycast.c -o zycast

will produce a zycast binary.

linuxuser · December 20, 2023, 10:09am

Method to flash any NR7101

I just tested the code on one of my NR7101s. Started the tool on a host connected to the LAN port of the NR7101:
bjorn@idefix:/tmp$ /tmp/zycast -i eth0.10 -f openwrt-snapshot-r22900-abec62a54268-ramips-mt7621-zyxel_nr7101-initramfs-recovery.bin -t 10
Press Ctrl+C to stop before rebooting target after upgrade
^C
Closing all files
And then I powered on the NR7101. Console output:

Which IP-address must my pc have?

-i eth0.10

My ethernet-device is probably enp1s0. It depends on the pc, which I will use.

frollic · December 20, 2023, 10:31am

since the application is called zycast, I assume it's a (broad)cast, and IP doesn't really matter.

bmork · December 20, 2023, 11:10am

It's multicast actually. And the source IP could have mattered if the target validated it, so that's a valid question. But it doesn't matter here. Any source IP will work.

slh · December 20, 2023, 12:03pm

tftp works reliably on this device, while zycast would be a gamble with an unknown outcome (and a non-zero risk of hardbricking the device).

linuxuser · December 20, 2023, 12:49pm

I agree with you after reading the zycast thread, especially the password-related-things. I have no idea which password I used with the original firmware.

Could you please answer my questions re tftp.

slh · December 20, 2023, 12:59pm

yes.

tftpd-hpa and the config are fine.

yes, as ras.bin

no.

yes.

linuxuser · December 20, 2023, 1:36pm

Thanks, unfortunately you didn't answer the questions where I am very unsure. I searched the web already, how do I start the ftp-server. I remember it was very easy, what I found is a lot of configuring. I use Ubuntu,

The other thing is how and when I have to press the buttons. Especially I don't understand the thing with 3 seconds.

Sorry I try to avoid trial and error in this situation.

I tried to setup a ftp-connection from my android-phone and got no connection.

linuxuser · December 20, 2023, 4:30pm

Does flashing require a user tftp or can I use "anonymous"?

$ sudo systemctl status tftpd-hpa.service
● tftpd-hpa.service - LSB: HPA's tftp server
     Loaded: loaded (/etc/init.d/tftpd-hpa; generated)
     Active: active (running) since Wed 2023-12-20 17:18:19 CET; 2min 8s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 2111 ExecStart=/etc/init.d/tftpd-hpa start (code=exited, status=0/>
      Tasks: 1 (limit: 13868)
     Memory: 564.0K
        CPU: 10ms
     CGroup: /system.slice/tftpd-hpa.service
             └─2144 /usr/sbin/in.tftpd --listen --user tftp --address :69 --sec>

Dez 20 17:18:19 sz1 systemd[1]: Starting LSB: HPA's tftp server...
Dez 20 17:18:19 sz1 tftpd-hpa[2111]:  * Starting HPA's tftpd in.tftpd
Dez 20 17:18:19 sz1 tftpd-hpa[2111]:    ...done.
Dez 20 17:18:19 sz1 systemd[1]: Started LSB: HPA's tftp server.
lines 1-15/15 (END)

I find different standard configuration:

Default-User admin, nobody
passwort: 1234

Where can I configure this

linuxuser · December 28, 2023, 1:07pm

Hhmm, can't get it work. Maybe there goes something wrong with the setup.

From 192.168.1.99 icmp_seq=78 Destination Host Unreachable

So i have set the IP to 99, but is this net actually active, when the router searches for it?

I use Ubuntu with Network manager. There are different nets, all are set to connect not automatically with priority, but the openwrt-net has priority and connects automatically.

When I swtch off the Zysel, the ethernet-network is disabled. When i put on the Zyxel, the openwrt-net starts, but this takes a while, maybe 3-5 seconds.

This pc has only 1 Ethernet-port. Maybe I should use a PC with more ethernet ports, so I don't loose the ethernet-setup when I switch off the Zyxel.

Following https://openwrt.org/toh/zyxel/nbg6817#debricking

netmask 255.255.255.0

I use 24, but this should be the same.

Boot up your device holding the WPS (Key) button.

Maybe I am doing something wrong here. Tried different things.

How long do I have to press the WPS button?

After the image has been flashed (~30s), the power LED will blink quickly and the router needs to be power-cycled.

Hard to say, if this happened. First it blinked slow then quickly.

After power off / on I cannot ping 192.168.1.1

Can I test the tftp-server somehow with a download?

sudo systemctl status tftpd-hpa.service says the server is running.

Could you please help with tftpd?

linuxuser · December 28, 2023, 1:23pm

I think this is important.

Tried now for pressing the WPS-button for about 3-5 sec, before shorter or longer and after a while 2(!) buttons blinked fast, from the left, the 1st button in white and the 3rd 2.4G button in orange. The blinking did not end and i put off the router after a few minutes.

Now I can ping 192.168.1.1 and enter luci with a browser.

slh · December 28, 2023, 10:22pm

You can avoid this by putting an unmanaged switch between router and tftpd.

15-20s, the procedure starts when you release the button. It's not an exact science (well, it is, but...), you need to experiment with the timing and duration a bit.