1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Is it possible to upgrade firmware remotely via VPN?

Discussion in 'Asuswrt-Merlin' started by XIII, Mar 25, 2018.

  1. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    616
    The fact that @RMerlin holds back the source code and the description of the security issues fixed in 384.4_2 to allow us to update our routers first (which I appreciate!) gives me the feeling that I should update all routers in the family ASAP. However, I won’t be able to visit one of them in the timeframe (a couple of days).

    Is it possible to upgrade firmware remotely via VPN instead?

    In this case I would need to update an AC56U running 384.4 to 384.4_2, using OpenVPN.

    I can do it when somebody (non-technical) is nearby the router to physically reset it, if needed.
     
  2. Netbug

    Netbug Regular Contributor

    Joined:
    Nov 21, 2014
    Messages:
    155
    I see no reason why it would not work on the basis as long as you can access the router web-gui which you can if running a vpn server on router and giving yourself access to LAN, however bit risky in my opinion as when router starts to upgrade you will loose connection, also when i upgrade sometimes it says i have to manually reboot. It's only a few days so i would not be too worried and if i were you i would wait til you get back home. As long as aicloud stuff is off and web access from WAN is turned off i would not be to concerned, you just may give yourself a bigger headache if something goes wrong.
     
    Last edited: Mar 25, 2018
  3. martinr

    martinr Very Senior Member

    Joined:
    Nov 27, 2014
    Messages:
    1,303
    Location:
    United Kingdom
    Here’s Merlin’s advice:

    “There's always a chance that a physical power cycle is required after a firmware upgrade since you are writing on top of a live filesystem. Never do so unless you have someone on site ready to do so if necessary.”

    https://www.snbforums.com/threads/update-remotely.44694/#post-381909

    And you indicated you had that possibility covered. Of course, this would not be possible with a firmware upgrade that Merlin had specified a mandatory reset to factory default settings.

    You’re obviously someone who likes the thrill of risk!
     
  4. maxbraketorque

    maxbraketorque Senior Member

    Joined:
    Dec 6, 2015
    Messages:
    424
    I have done remote updates by VPN. Make sure to allow the router to download the firmware directly from ASUS rather than you trying to manually upload the firmware. And as was just said, there is a chance that a manual reboot will be needed. In general, its a good idea to do a manual power cycle after any firmware update.
     
  5. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    616
    How does one do that?

    PS: I want to update Asuswrt-Merlin, so it’s not hosted by ASUS.

    PS*2: Still curious how that works for stock firmware.
     
  6. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    28,592
    Location:
    Canada
    I've done it a few times in the past. It should in theory be fine, but if you are unsure or you don't trust your VPN connection, I recommend doing it from a computer within that LAN. That way even if the tunnel were to go down during the firmware upload, the computer doing the upload would still be able to complete the procedure.

    You can temporarily use something like TeamViewer to do this. You need the complete version, but the remote end only need to download the QuickSupport tool from their website.
     
    HuskyHerder and XIII like this.
  7. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    616
    I was actually going to ask whether TeamViewer would be a better option, so thank you for posting this pro-actively.
     
  8. XIII

    XIII Very Senior Member

    Joined:
    Feb 27, 2014
    Messages:
    616
    Finally could try this. Performed an update of 384.4 to 384.4_2 over OpenVPN. The RT-AC56U did indeed request a manual update... (unlike the AC86U and AC68U that I updated locally). However, I was still able to ssh to the router and could reboot it from the command line. Unfortunately the OpenVPN server did not seem to start after that reboot, but I could ssh into it again and could restart the VPN server from the command line (using the search on this forum). Seems OK now?