Omada help description version: 5.9.9

• Frequently asked questions (FAQ)
  • Omada Dynamic DNS
    • Omada DDNS parameter description
  • DDNS Services integrated in Omada
  • Custom DDNS Services integrated in Omada
    • Create New Dynamic DNS Entry
  • How to get root password?
    • Reboot device with reboot -f
    • Why would I need root password?
    • Why is it a bad idea if router is publicly reachable over ssh?
  • How to run Omada Discovery Utility on Linux?
    • Example with Ubuntu 22.04

Dynamic DNS (Dynamic Domain Name Service) allows assigning a fixed domain name to a dynamic WAN IP address of your gateway, which enables the Internet hosts to access the device or the hosts in LAN using the domain names. DDNS is usually offered by the DDNS provider such as DynDNS, No-IP, Peanuthull, Comexe and Custom. DDNS providers offer users the DDNS client. TP-Link gateway has been equipped with some common DDNS client. After users log in to the DDNS client, the router’s changing WAN port IP is bound with a certain domain name address. The domain name address is the one that the user registered at the DDNS service provider.

• Service Provider: Select your service provider of Dynamic DNS. The Controller supports:

  • DynDNS
  • No-IP
  • Peanuthull
  • Comexe
  • Custom
    • Namecheap (Guides/FAQs: Official Namecheap DDNS Knowledgebase)
    • FreeDNS
    • ...

• Status: Click the checkbox to enable the Dynamic DNS entry.

• Interface: Select the WAN port which the Dynamic DNS entry applies to.

• Username:Enter your username for the service provider. If you haven’t registered at the service provider, clickGo To Register

• Password: Enter your password for the service provider.

• Domain Name: Enter the domain name provided by your service provider. Remote users can use the domain name to access your local network through WAN port.

• Update Interval: Select how often the WAN IP address is automatically updated.

• Update URL: Enter the URL provided by your DDNS service provider in format of

  http://[USERNAME]:[PASSWORD]@api.cp.easydns.com/dyn/tomato.php?hostname=[DOMAIN]&myip=[IP]

  The router will automatically update user information to the service provider.

• Following service provider are integrated in Omada:

  Service Provider	Homepage
  DynDNS	https://account.dyn.com/
  No-IP	https://www.noip.com/
  Peanuthull	http://www.oray.cn/
  Comexe	https://www.comexe.cn/

• Custom service provider (not integrated in omada, but can be used as custom service provide)

• Any service provider using [USERNAME], [PASSWORD] and [DOMAIN] can be used, here are few frequently used providers:

  Service Provider	Guides/FAQ's/URL's	IPv4	IPv6	Update URLs
  FreeDNS	- Interface V1 - Interface V2 - Update Interface v2 Tips	yes	yes	- V1: http://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP] - V2: http://[USERNAME]:[PASSWORD]@sync.afraid.org/u/?h=[DOMAIN]&ip=[IP] - V2 inline: http://sync.afraid.org/u/?u=[USERNAME]&p=[PASSWORD]&h=[DOMAIN]&ip=[IP]
  Namecheap	- DDNS Documentation	yes	no	IPv4: http://dynamicdns.park-your-domain.com/update?host=[USERNAME]&domain=[DOMAIN]&password=[PASSWORD]&ip=[IP]

• Custom service provider which do not work with current Omada version, but might be available in future. Reason why it can not be used is very simple, it is because Omada developers made mandatory use of [USERNAME], [PASSWORD] and [DOMAIN] in Update-URL field. In following example, I use [TOKEN] which is currently not available in Omada. But Omada developers will either create token field and in case it is used Update-URL should allow only [TOKEN]. Other possibility is if omada Developers do not make mandatory use of variables in Update-URL field. This solution would work, since one could enter token into password field and use just [PASSWORD].

  Service Provider	Guides/FAQ's/URL's	IPv4	IPv6	Update URLs
  ClouDNS	- DDNS Documentation	yes	yes	- IPv4: https://ipv4.cloudns.net/api/dynamicURL/?q=[TOKEN] - IPv6: https://ipv6.cloudns.net/api/dynamicURL/?q=[TOKEN]
  FreeDNS token	- Interface V1 - Interface V2 - Update Interface v2 Tips	yes	yes	- V1: https://freedns.afraid.org/dynamic/update.php?[TOKEN]/ - V2: http://sync.afraid.org/u/[TOKEN]/

1. click "Create New Dynamic DNS Entry" button and create Custom service provider:

   

2. Enter your parameters for ddns service with FreeDNS

   You can use Username and Password, inline or Username and Password. (for more info, check Omada DDNS service Parameters)

   

3. Click "Create"

   

You need mac address of your router, as example

• device's MAC address: AA:BB:CC:DD:EE:FF
• User: admin
  • If in standalone, use the user created on first boot, as example admin
  • If adapted to omada, you can find username under "Site settings -> Site -> Device account"

[MAC ADDRESS][USER] needs to be hashed with md5 and first 16 signs are root password. This would be example how one can get and print root password for ability to copy&paste it in one line:

echo -n "AA:BB:CC:DD:EE:FFadmin" | md5sum | cut -b 1-16
b4020407a61e8b9a

This is how it looks like with er605v1 v1.3.0*:

root@rock8:~# ssh er605 -l root
[email protected]'s password: 


BusyBox v1.22.1 (2023-04-23 16:38:59 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 BARRIER BREAKER (Barrier Breaker, unknown)
 -----------------------------------------------------
  * 1/2 oz Galliano         Pour all ingredients into
  * 4 oz cold Coffee        an irish coffee mug filled
  * 1 1/2 oz Dark Rum       with crushed ice. Stir.
  * 2 tsp. Creme de Cacao
 -----------------------------------------------------
root@ER605:~#

er605v2 looks a little bit different:

$ ssh er605 -l root
[email protected]'s password: 

>

Commands available on current er605v2:

Commands available:
  help                                                 Show available commands
  exit                                                 Exit from current mode
  enable                                               Turn on privileged commands
  disable                                              Turn off privileged commands

If you type and run: enable, then you can run configuration command to configure er605v2 over ssh:

Commands available:
  help                                                 Show available commands
  exit                                                 Exit from current mode
  enable                                               Turn on privileged commands
  disable                                              Turn off privileged commands
  configure                                            Enter configuration mode

To reboot device:

1. connect over SSH to your router

2. Run:

   reboot -f

• Sometimes one wants to have root access as most commands in terminal can be only executed by root user, like as example ping or iperf.
• To reboot a device over ssh as there is no other possibility to reboot without reseting it to factory defaults. With last few versions of omada SDN and firmware for er605 v1, router gets often in disconnected state despite that it is connected and reachable over wan ports.
• If router is is adapted to omada and located far away *then it is handy to run commands over ssh simply reboot router over SSH. Please take note that latest versions of er605v2 is different to er605v1.

Because tplink uses a process for root password which can be automated. It is somehow ok if only consumer routers would be affected by this security issue, but if you run omada controller with business (only in name) products, then it is somehow a "cold" shower for admins if they are aware that everybody can get easily "root access" if device is physically reachable and a mac address on the back side can be backed up.

Knowing that some company officially states it uses tp-link hardware, then anybody can walk to the company and if any tp-link device is physically accessable, then one could gain root access over that device.

• tp-link support and forum staff never revealed how to run omada discovery utility on Linux and this question was not replied several times, latest example here.
• I used to run it with Oracle's JDK 1.8.0 241, you still can download linux version from SourceForge. Alternative download link of same file on ufile.io for the case that SourceForge does not work for some reason.
• It does not work with OpenJDK.

When I used omada, I was running omada discovery utility on linux and after years tp-link did not manage to inform its users about how to run omada discovery utility on linux, this guide should resolve this mystery. I was running it on ubuntu, it also works with any other linux distribution as long as have correct JDK 1.8.0 from Oracle, discovery utility does not work with OpenJDK.

1. Extract downloaded Oracle's JDK 1.8.0 241 to some folder

   • in this guide I export it to: /opt/jdk with java's binary folder: /opt/jdk/jdk1.8.0_241/bin

2. create launcher script, here is example

   • where JAVA_HOME and JAVA_BIN variables are set to the folder where you extracted Oracle's JDK 1.8.0 241
   • with path ~/bin/OmadaDiscoveryUtility:

   cat <<EOF | tee ~/bin/OmadaDiscoveryUtility
   #!/bin/bash
   # change default java with: sudo update-alternatives --config java
   # example: /opt/jdk/jdk1.8.0_241/bin/java -jar /opt/bin/omada-discovery-utility-5.0.8.jar
   # default folder on ubuntu: /usr/lib/jvm/java-*
   export JAVA_HOME=/opt/jdk/jdk1.8.0_241
   export JAVA_BIN=$JAVA_HOME/bin/java
   
   $JAVA_BIN -jar /opt/bin/omada-discovery-utility-5.0.8.jar
   EOF
   
   chmod +x ~/bin/OmadaDiscoveryUtility

3. Start omada discovery via terminal launching your script ~/bin/OmadaDiscoveryUtility

You can create desktop icons/launchers which run your script if you do not want to open terminal each time, please reffer to your distribution's manual about how to create desktop shortcuts.