Jump to: navigation, search

Installing VT SECN Firmware

Author T Gillett


This article describes the available methods for flashing the OpenWrt based Village Telco firmware on to various hardware devices including the Mesh Potato MP-01, Mesh Potato MP02, Ubiquity devices, and a range of TP-Link and other commodity router devices.

For the Mesh Potato MP-01, a specialised software application called PotatoFlash has been developed which allows flashing of the device regardless of what firmware has been installed previously. The PotatoFlash software is intended to be installed on a Linux system such as Ubuntu.

For the MP02, Ubiquity and TP-Link devices, there are two distinct types of flashing.

The first method is used on a new device which is running the original manufacturer's firmware, and is undertaken using the firmware upgrade facility available in the router administration interface. This uses the "factory" version of the firmware file.

The second method is used to re-flash a device which already has an OpenWrt based firmware installed and uses the 'sysupgrade' firmware upgrade facility provided by the OpenWrt software. This uses the "sysupgrade" version of the firmware file.

VT SECN firmware from Ver 2.0 onwards contains a firmware upgrade facility within the web based administration interface which may be used for firmware upgrades.

Flashing the Mesh Potato MP-01

Using Potato Flash software

The basic approach for flashing MP-01 devices is to use the Potato Flash software running on a suitable Linux operating system such as Ubuntu. The software is available as both 32 and 64 bit versions. This installation approach will work with any previously installed version of firmware, even if it is not working correctly.

There is also a similar program available for flashing an MP-01 from a Windows PC, called 'fonflash', maintained by the Gargoyle community.

A guide to using fonflash and links to obtain it available are here:


Download the Potato Flash software from the VT Downloads web site. The software is a single executable file - 'potatoflash'. Copy it into the /usr/bin directory, and give it execute privileges. Note that you will typically need to use sudo to execute these commands.

The firmware required for the MP-01 consists of two files, typically called:


Note that the file names may be extended to include version information.

Download the required files into a suitable working directory.

Connect the MP-01 device to the PC with an Ethernet cable.

Make sure the power supply to the MP-01 is *not* connected.

Open a terminal shell and cd to the working directory, then execute the command:

  sudo potato-flash eth0 openwrt-atheros-root.squashfs  openwrt-atheros-vmlinux.lzma 


The order of the filenames in the command is mandatory.

Your login password will be required to execute the command.

The Ethernet port name may be different to "eth0". Check with ifconfig command.

The software will start by printing some version information on the screen then a series of * characters while it is looking for a response from the MP-01.

At this point, connect the power to the MP-01

The file upload and flashing process will take several minutes to complete, then the device will reboot.

A further several minutes is required for the boot process to fully complete. Accessing the device before this time is likely to result in unexpected behaviour of the device.

Once the device boots up, it will be available to access via the administration web page, and via telnet, at the default IP address (typically, or the Fallback IP address (

Using 32-bit Potato Flash on 64-bit systems

There have been reports of the 64-bit Potato Flash program not working successfully on some Linux PC devices. You can use the 32-bit version on 64-bit Linus systems if you install support for running 32-bit programs as below.

To run a 32-bit executable file on a 64-bit multi-architecture Ubuntu system, you have to add the i386 architecture and install the three library packages libc6:i386, libncurses5:i386, and libstdc++6:i386:

For the potato-flash 32-bit application, you also need libpcap0.8

For Ubuntu 14.04 or later, installation is as follows:

 sudo dpkg --add-architecture i386
 sudo apt-get update
 sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386
 sudo apt-get install libpcap0.8:i386

Using the VT SECN Web interface

VT SECN firmware from Ver 2.0 onwards includes a web page in the administration interface to allow new firmware to be uploaded and the flash process started. This process uses the same two files as used with the potato flash software.

So if the MP to be updated has already been flashed with VT SECN 2.0 or later, simply bring up the web based administration page at the IP address of the device and select the Firmware Upgrade page.

Browse for the two required files and click on the button to upload them to the device. Note that the two file names *must* be entered into the correct fields.

Once the files are successfully uploaded, the flash process will commence. A page will be displayed showing the elapsed time to gauge progress.

Note that the complete process may take up to five minutes to fully complete. Accessing the device before this time is likely to result in unexpected behaviour of the device.

Flashing MP02, TP Link and Ubiquity Devices

Flashing these devices can generally be done simply from their web interface or from the command line in the case of OpenWrt based firmware.

The usual precautions for flashing apply - connect directly to the router with an Ethernet cable, and don't interrupt the power supply or network connection to the router during the process. The whole flashing process takes several minutes to complete.

Initial Flashing

When a specific firmware image is built using the OpenWrt build environment, as is the case for VT SECN firmware, two firmware images are produced - a 'factory' image used for initial flashing, and a 'sysupgrade' image used for subsequent upgrades.

In order to install an OpenWrt based firmware for the first time on a TP Link, Ubiquity or other commodity router which is running the original manufacturer's firmware, it is generally necessary to flash the device from the "Firmware Upgrade" page in the device's web based configuration interface, using the 'factory' version of the OpenWrt based firmware.

NOTE: When installing new firmware from the OpenWrt LuCI web interface page, or the Ubiquity AirOS Firmware upgrade web page, be sure to un-tick the checkbox that saves the settings, otherwise the new firmware will attempt to run with the original OpenWrt or Ubiquity settings which may produce strange behaviour.

If you do get into this situation, look for the device on the previous OpenWrt or Ubiquity IP address (e.g. on OpenWrt by default) and from there you can reflash the device with a "sysupgrade" image to ensure that it is brought back to a known state of configuration

Some commodity router firmware versions are sensitive to the filename used for the new firmware file. For example some TP Link firmware versions are sensitive to the length of the filename and won't recognise a filename that is too long. You will get a prompt indicating this when you click the Upgrade button. In this case, just rename the file to something shorter, leaving the .bin extension, and try again.

For other device types you may have to use a particular name for the file. If you have a problem, check the OpenWrt Wiki entry for your router for any guidance.

Failsafe Recovery Mechanism

Once a device is flashed with a copy of OpenWrt based firmware, there is a Failsafe mechanism provided which makes it relatively easy to recover from many 'bad flash' scenarios without having to resort to opening the device and accessing the serial port.

VT SECN firmware 'in development' for TP Link and other commodity devices is generally provided only in 'sysupgrade' form, suitable for flashing a device which already has had a copy of OpenWrt installed.

The reason for taking this approach is that it is clearly not feasible to test every type of device for a successful flash from the original manufacturer's firmware.

For firmware that is still in development, it is better to flash a new device with a known good, stable version of an OpenWrt based firmware (e.g. OpenWrt or SECN firmware that is labelled Stable), which then provides a good recovery mechanism in case of a subsequent bad flash, thus minimising the risk of a flashing the device with faulty firmware, and the attendant possibility of 'bricking' the device.

Flashing Generic OpenWrt Firmware

The OpenWrt project provides stable firmware files for all supported devices, and these are accessible at:


The Barrier Breaker (14.07) and Chaos Calmer (15.05) firmware for all supported devices devices is located here:


For the devices typically supported by the SECN firmware, the OpenWrt firmware is located here:


The firmware upgrade may be performed either by using the Firmware Upgrade page in the OpenWrt LuCI web interface, or alternatively by transferring the firmware file to /tmp on the device using scp or wget, then using the 'sysupgrade' utility from the command line as follows:

 sysupgrade -v -n <required-filename>

NOTE: The -n flag means that the configuration of the device will not be preserved across the flash process, so the device will boot up with the default parameters (IP address etc) of the firmware. This is the recommended approach.

It is generally NOT RECOMMENDED to preserve the settings across the flashing process!

Preserving the device configuration is done by preserving the files in /etc/config, and so should be used with great caution, particularly if there has been a significant change to the firmware from old to new, as the new configuration files may have changed significantly, thus leaving your device in a somewhat indeterminate state.

Flashing 'sysupgrade' Firmware

Once a device has been flashed with a copy of the OpenWrt based firmware (either OpenWrt or VT SECN), subsequent flashing needs to use the 'sysupgrade' version of the firmware. This can be done either from the command line or using the web based administration interface in VT SECN firmware Ver 2.0 or later.

Command Line Sysupgrade

To use the sysupgrade command line utility, copy the required sysupgrade firmware file to the /tmp directory on the device using scp.

Open a terminal session on the device, change to the /tmp directory and execute the sysupgrade command as follows:

 cd /tmp
 sysupgrade -v -n ./<filename-squashfs-sysupgrade.bin>

The firmware will be upgraded and the device will restart. Note that the restart process will take several minutes to fully complete and accessing the device before this time may result in unexpected behaviour.

See note above about using the -n flag and preserving the device configuration.

Firmware Upgrade Web Page

VT SECN Firmware from Ver 2.0 onwards includes a Firmware Upgrade page in the web based administration interface.

To upgrade a previously installed VT SECN firmware, select the Firmware Upgrade page, browse your filesystem for the required 'sysupgrade' firmware file, and enter it into the filename field.

Then copy the MD5 checksum for the file and enter it into the checksum field. This step is optional but is highly recommended to avoid loading a corrupted file which may 'brick' the device.

Click on the Upload button. The firmware will be uploaded and the checksum verified. If all is well, select whether to retain settings (such as IP address and password) with the checkbox, then click the Upgrade button and the flashing process will commence.

A screen will be displayed showing the elapsed time as a progress measure. The upgrade will take several minutes to complete and accessing the device before this time may result in unexpected behaviour.