TFTP (Router-Upgrade)

[Bernd Fröhlich]

I am having trouble upgrading my Draytek Vigour 2760n Router (firmware
1.2.1.1) to the newest "delight" firmware.
First I should install some intermediate firmware and than the final
version.
For PCs there is an upgrade tool, for Mac there is no such tool but you
should be able to upgrade via TFTP.
I got these instructions from the german support:
<http://www.draytek.de/wie-fuehre-ich-ein-firmware-upgrade-unter-mac-os-x-durch.html>
(Although instructions are in german, I guess they are easily
understandable.)

Problem is: I always get a timeout after about 10 secondes when I try to
upload the firmware: <http://bremac.de/timeout.png>.
(tried several times, always the same result).

The support was very helpful and said I can send in the router so that
they can upgrade it, but since I have no backup I want to avoid that if
possible.

Does anyone have an idea why it is not working?
(I tried to raise the timeout with the command "timeout 480" but that
did not help.)

[Jolly Roger]

According to the user guide, you are supposed to start the firmware upgrade
process by logging into the router and going to System Maintenance >
Firmware Upgrade, and then clicking an OK button to start the TFTP
service. See page 271 in this PDF:

<https://www.draytek.co.uk/pdf/UG_Vigor2760_D_V1.01_UK.pdf>

Here's what the router firmware update page looks like:

<https://m.imgur.com/a/38hNM>

Did you do that first?

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[android]

In article <1n5perq.xdhgi41m92j4cN%be...@eaglesoft.de>,

Have you considered to disconnect your LAN from the internet and then
disable all firewalls and retry the by the MF recommended procedure? Or
to borrow a PC?
--
teleportation kills
http://www.giroditalia.it/it/live/

[Jolly Roger]

On 2017-05-08, Bernd Fröhlich <be...@eaglesoft.de> wrote:
> I am having trouble upgrading my Draytek Vigour 2760n Router (firmware
> 1.2.1.1) to the newest "delight" firmware.
> First I should install some intermediate firmware and than the final
> version.
> For PCs there is an upgrade tool, for Mac there is no such tool but you
> should be able to upgrade via TFTP.
> I got these instructions from the german support:
><http://www.draytek.de/wie-fuehre-ich-ein-firmware-upgrade-unter-mac-os-x-durch.html>
> (Although instructions are in german, I guess they are easily
> understandable.)
>
> Problem is: I always get a timeout after about 10 secondes when I try to
> upload the firmware: <http://bremac.de/timeout.png>.
> (tried several times, always the same result).

The above German instructions state (translated):

"If the ACT LED flashes very quickly, your device is in TFTP mode for
approx. 45 seconds"

Perhaps you are waiting too long to do the upload and that is why it's
timing out.

Anyhow, if I were you, I would try the procedure from the user guide I
mentioned in my other reply. It seems more straight-forward to me.

[Bernd Fröhlich]

android <he...@there.was> wrote:

> Have you considered to disconnect your LAN from the internet and then
> disable all firewalls and retry the by the MF recommended procedure?

Yup. Connected the router directly to my MBP, adjusted the network
settings and tried the procedure (several times over).

> Or to borrow a PC?

Only Macs around here.

[Bernd Fröhlich]

Jolly Roger <jolly...@pobox.com> wrote:

> "If the ACT LED flashes very quickly, your device is in TFTP mode for
> approx. 45 seconds"
>
> Perhaps you are waiting too long to do the upload and that is why it's
> timing out.

Connected the router directly to my MBP, adjusted the network settings,
restarted the router and tried the transfer.
So it should be within the timeframe.

The LEDs are still flashing quickly when I get the timeout message.

Maybe I am missing something obvious but at the moment I have no idea
what that might be.

[Bernd Fröhlich]

Jolly Roger <jolly...@pobox.com> wrote:

> According to the user guide, you are supposed to start the firmware
> upgrade process by logging into the router and going to System
> Maintenance > Firmware Upgrade, and then clicking an OK button to start
> the TFTP service. See page 271 in this PDF:

That works for a "normal" firmware upgrade (done it before).
What I am trying now is to go from the "old" firmware that was Unix to a
new firmware that is using DrayOS.

Unfortunately the in-between firmware "dray-uboot_v125.sld" can not be
installed from the router-interface (I tried and got an error "wrong
filename").

[Jolly Roger]

On 2017-05-08, Bernd Fröhlich <be...@eaglesoft.de> wrote:

I doubt it has anything at all to do with the computer you are using,
but to be sure, you could try booting into single user mode and trying
the TFP commands again. That would rule out any software you've
installed interfering with things on the computer side.

[JF Mezei]

On 2017-05-08 05:51, Bernd Fröhlich wrote:

> Problem is: I always get a timeout after about 10 secondes when I try to
> upload the firmware: <http://bremac.de/timeout.png>.
> (tried several times, always the same result).

the "tftp" command is a client, not a server. "put" expects a server at
the other end, not a router (which is a tftp client).

you need to run "tftpd" (daemon).

sudo launchctl load -w /System/Library/Launchdaemons/tftp.plist



On yosemite desktop the arguments given to launchd in the above:
<key>ProgramArguments</key>
<array>
<string>/usr/libexec/tftpd</string>
<string>-i</string>
<string>/private/tftpboot</string>

This means you have to place your firmware file in /private/tftpboot and
make sure it is world readable (chnod +o=r <file>)

You'll need to use "sudo" to cp the file over.

you could theoretically run the server manually from command line:

sudo /usr/libexec/tftpd -i /Users/<me>/temp -l

and then place the firmware in the "temp" folder in your home directory.
You can ald add -l to log messages to your screen

In this mode, tftpd should just "hang" while it waits for a connection.
You then all the time you want to get your router to want to fecth the
firmware file from it.

Note: the -i argument specifies a "root" directory that tftp daemon
sees and cannot access files above/outside of that.

So, in above example, if you place "firmware.bin" in your temp folder,
then from the router, you ask it to obtain "firmware.bin".

If you wish to move firmware/config FROM your router to your computer,
you first need to create empty files in that "temp" folder, make sure
they are public read/write (chmod +o=rw ) so that tftpd can write to them.

by design tftpd cannot create files. It is an insecure protocol and
allowing file creation would allow ANYONE to trivially create billions
of files in that directory to fill up your disk.

Without a user argument, tftpd changes its user to "nobody" so it does
not have access to your files, unless they are readable by "nobody".

[Jolly Roger]

JF Mezei <jfmezei...@vaxination.ca> wrote:
> On 2017-05-08 05:51, Bernd Fröhlich wrote:
>
>> Problem is: I always get a timeout after about 10 secondes when I try to
>> upload the firmware: <http://bremac.de/timeout.png>.
>> (tried several times, always the same result).
>
> the "tftp" command is a client, not a server. "put" expects a server at
> the other end, not a router (which is a tftp client).

Please pay attention. As you can plainly see from his screenshot, the
router has a built-in TFTP server. The TFTP client on the Mac connects to
the router's IP address. If there were no TFTP server he would not be able
to connect to it on the router's IP address.

> you need to run "tftpd" (daemon).
>
> sudo launchctl load -w /System/Library/Launchdaemons/tftp.plist

No. He's connecting to the TFTP server already running on the router.
There's no need to run another TFTP server on his Mac.

[JF Mezei]

On 2017-05-08 21:44, Jolly Roger wrote:

> Please pay attention. As you can plainly see from his screenshot, the
> router has a built-in TFTP server.

I could not plainly see the router has a built-in TFTP server and
generally, devices such as modems, routers load software from a remote
tftp server instead of being a tftp server that would accept connections
from anyone to upgrade wiothout any type of permission the devices own
firmware.


I know the german page seems to imply the modem has a tftp server since
their command seems to work. If so, it would be terrible design, and it
would be within the router's config to setup properly. Perhaps to
paliate the lack of security, the tftp server must be activated manually
onto the router and then deactivates after each use.



Secondly: I tried to connect to an IP that has no machine on it (even
less a TFTP server)

bike:tftpboot $ tftp 10.0.24.4
tftp> binary
tftp> put test.txt
Transfer timed out.

tftp>

The screenshot of the OP has the same behaviour. Which means that either
the router does not have a functional tftp server, or some firewall
setting is blocking access to it.

From the mac:

traceroute <IP of router>

would yield an error message if it is unroutable. (aka: IP of MAC not in
same subnet as IP of router).

I am not familiar with the firewall on OS-X and whether it would block
outgoing calls to port 69. (when you run the tftp command, the
connection is attempted at the "put" command).

[Jolly Roger]

JF Mezei <jfmezei...@vaxination.ca> wrote:
> On 2017-05-08 21:44, Jolly Roger wrote:
>
>> Please pay attention. As you can plainly see from his screenshot, the
>> router has a built-in TFTP server.
>
> I could not plainly see the router has a built-in TFTP server

If you had bothered to read the thread you'd know that.

> and
> generally, devices such as modems, routers load software from a remote
> tftp server

Nope. Most download firmware updates over HTTP.

> I know the german page seems to imply the modem has a tftp server

The user guide I mentioned and linked to says it. But you don't read...

> Perhaps to
> paliate the lack of security, the tftp server must be activated manually
> onto the router and then deactivates after each use.

You do have to start the TFTP server from the router configuration page, as
indicated by the user guide.

> Secondly: I tried to connect to an IP that has no machine on it (even
> less a TFTP server)
>
> bike:tftpboot $ tftp 10.0.24.4

>> binary

>> put test.txt
> Transfer timed out.
>

> The screenshot of the OP has the same behaviour. Which means that either
> the router does not have a functional tftp server, or some firewall
> setting is blocking access to it.

No, but it does have to be turned on.

[Bernd Fröhlich]

Bernd Fröhlich <be...@eaglesoft.de> wrote:

> I got these instructions from the german support:
> <http://www.draytek.de/wie-fuehre-ich-ein-firmware-upgrade-unter-mac-os-x-
> durch.html> (Although instructions are in german, I guess they are easily
> understandable.)

Those instructions were missing one very important bit: You have to do a
factory reset first!
After having done that everything worked as described.

[android]

In article <1n5rk75.gipm53gjd8kuN%be...@eaglesoft.de>,

The foundation stone makes the building... ;-)
--
teleportation kills

[Jolly Roger]

Huh?? Those instructions do tell you to do the reset:

Turn off the device.
Press with a pointed object (Kulli or office clip) into the "Factory Reset"
opening on the back of the unit.
Press and hold this button and turn the unit on.
Release the reset button after approx. 3-5 seconds.

If the ACT LED flashes very quickly, your device is in TFTP mode for
approx. 45 seconds

And is accessible via the IP address "192.168.1.1".

The reset must enable the TFTP server automatically. But as I said, the
user guide says you can also enable it by going to the router config page
and clicking a button. ; )

Anyway, glad you got it working.

[Bernd Fröhlich]

Jolly Roger <jolly...@pobox.com> wrote:

> Huh?? Those instructions do tell you to do the reset:
>
> Turn off the device.
> Press with a pointed object (Kulli or office clip) into the "Factory Reset"
> opening on the back of the unit.
> Press and hold this button and turn the unit on.
> Release the reset button after approx. 3-5 seconds.

Yes, but that is NOT a factory reset (although it uses the same
pinhole).
A REAL factory reset is to press a clip into that hole for 5 seconds
while the router is ON.

After that the above procedure is working.

[Jolly Roger]

I think you need to read those last two instructions above again slowly.
That's exactly what it says: hold the Factory Reset button while the
unit is on for 3-5 seconds. ; )

[Bernd Fröhlich]

Jolly Roger <jolly...@pobox.com> wrote:

> On 2017-05-09, Bernd Fröhlich <be...@eaglesoft.de> wrote:
> > Jolly Roger <jolly...@pobox.com> wrote:
> >
> >> Huh?? Those instructions do tell you to do the reset:
> >>
> >> Turn off the device.
> >> Press with a pointed object (Kulli or office clip) into the "Factory Reset"
> >> opening on the back of the unit.
> >> Press and hold this button and turn the unit on.
> >> Release the reset button after approx. 3-5 seconds.
> >
> > Yes, but that is NOT a factory reset (although it uses the same
> > pinhole).
> > A REAL factory reset is to press a clip into that hole for 5 seconds
> > while the router is ON.
>
> I think you need to read those last two instructions above again slowly.
> That's exactly what it says: hold the Factory Reset button while the
> unit is on for 3-5 seconds. ; )

Nope it says "Press and hold this button AND TURN THE UNIT ON."

Whereas the manual page 218 reads:

"Hardware Reset
WHILE THE ROUTER IS RUNNING (ACT LED blinking), press the Factory Reset
button and hold for more than 5 seconds. When you see the ACT LED blinks
rapidly, please release the button. Then, the router will restart with
the default configuration."

For me (and obviously for the router) those two make a big difference.

[Jolly Roger]

Then why do they say it will do a factory reset in both cases? I'm
skeptical (you probably just didn't really hold the button down as well
as you thought), but whatever you say. : )

[JF Mezei]

Suggestion: make sure you understand exactly how the TFTP server on your
device is turned on and more importantly, how it is turned OFF.

As this is a serious security vulnerability, understanding ALL means to
turn the TFTP server ON is important, and ensuring that you understand
how it turns off after being used equally important.

You also want to block port 69 from the WAN interface in the router's
config so that even if TFTP server is running, access from the Internet
would be blocked.