Recommendations - Remote Firmware Upgrade Options

[RDK]

Hi All;

I've briefly perused the forums and haven't found an overly similar query...

I'm seeking recommendations to remotely upgrade router firmware. Two options currently present themselves to me as viable options,
1) log directly into the router remotely via a router-hosted OpenVPN connection
2) log into the router via a machine on the local network using Team Viewer

Both obviously rely on the router's internet access to perform this function. Are there any major benefits / limitations of either approach? Is there another option available (without physically be present) that might be more suitable?

For context, the router is a RT-AC68U running Asuswrt-Merlin 384.15 (8-Feb-2020).
Is there any reason why I couldn't/shouldn't jump to the latest, or should I be best undertaking several incremental upgrades, say 6-12 months at a time.

Happy to hear your thoughts. Thanks.

 

[Tech Junky]

Both will drop your connection on reboot. If it gets funky you'll need physical access to recover it.

 

[drinkingbird]

Since you won't want to do a "dirty" upgrade to anything in the 386 code base you really have no options for totally unmanned upgrade. Resetting to factory defaults will block internet access until you reconfigure it. So you might be safe going to 384.19 but there is still some risk and not a lot of reward for that small of an upgrade (the recent security vulnerability affects all 384.x).

If there is someone that can be nearby and set up a hotspot on their cell phone, then you can use teamviewer via that to access the PC that is also hardwired to the router, you may be able to pull it off. But you will need to set the hotspot wireless connection as higher priority on the PC to make sure you are using that connection for remote access.

If you do a factory reset you can jump direct from 384.15 to 386.5.1. Best to factory reset both before and after the upgrade, as well as format JFFS.

 

[eibgrad]

Presumably you intend to do a dirty upgrade (if only to reestablish remote access), but imo, it's waaaaay too risky to jump from 384.15 to the latest build. A LOT of changes have been made to the router since the move to 386 and up, including OpenVPN (e.g., VPN Director). I don't even recommend dirty upgrades from the most recent prior firmware, let alone that much of a jump. But if someone told me they were doing an upgrade from 386.4 to 386.5_2, at least it's more reasonable. But with a leap that large, you'll probably be forced to do a factory reset at some point anyway to fix issues, and then you'll lose remote access.

I know some ppl are just risk takers. But I learned my lesson years ago about such long distance upgrades. They're just NOT worth it, esp. if the firmware is working just fine as it is. Engaging in these kinds of upgrades just for the sake of being current doesn't make sense. Not unless you're prepared to lose remote access.

JMTC

 

[RDK]

Thanks all for the comments.

Given the change in code base 384.x to 386.x as pointed out, the only true option is a complete rebuild, reloading all requiring configuration including VPN profiles.

Providing a local machine with prioritised hotspot access would be a good option to at least maintain a virtual presence. If it doesn't go to plan, things will not be fun.

Collectively, I've been convinced to hold-off at this stage, until I can either physically be on-site, or reliably maintain a virtual presence. Now it comes down to assessing the risk of remaining on the old firmware, and the urgency of the upgrade.

 

[drinkingbird]

Thanks all for the comments.

Given the change in code base 384.x to 386.x as pointed out, the only true option is a complete rebuild, reloading all requiring configuration including VPN profiles.

Providing a local machine with prioritised hotspot access would be a good option to at least maintain a virtual presence. If it doesn't go to plan, things will not be fun.

Collectively, I've been convinced to hold-off at this stage, until I can either physically be on-site, or reliably maintain a virtual presence. Now it comes down to assessing the risk of remaining on the old firmware, and the urgency of the upgrade.

If you have WAN remote access enabled on the router, I'd say the upgrade is somewhat urgent based on the details of the vulnerability (maybe less urgent if you have always had a really strong password and have always used https/ssh to access it). If WAN access is disabled for both GUI and SSH, it sounds as though it isn't as critical, especially if you have a good strong password etc.