Business Community > Controllers > Remote site connected to Controller via VPN – Problem upgrading firmware
< Controllers

Remote site connected to Controller via VPN – Problem upgrading firmware

Remote site connected to Controller via VPN – Problem upgrading firmware

Remote site connected to Controller via VPN – Problem upgrading firmware
Remote site connected to Controller via VPN – Problem upgrading firmware
2025-07-28 18:33:25 - last edited 2025-07-31 22:28:38
Tags: #VPN #Firmware Update #Controller
Model: OC200   ER605 (TL-R605)   ER707-M2  
Hardware Version: V2
Firmware Version: 2.21.6 Build 20250613 Rel.71809

Hi all!

 

I'm currently testing a remote site setup with an ER605 router that communicates with the Omada Controller via VPN as I would prefer not to open any ports and most of the things work great.

 

However, I'm running into an issue when trying to upgrade the firmware on the ER605. I always get the following error: "... failed to upgrade online. Please check your network configuration and make sure the device can access the Controller's HTTPS management port."

 

Has anyone experienced this before or knows what I might be doing wrong? I’ve tried with S2S IPsec, C2S OpenVPN, and even a manual upgrade — I always end up with the same error.

 

Thanks in advance for any help!

 

ER606 v2, 2.2.3 Build 20231201 Rel.32918

ER707-M2 v1, 1.2.3 Build 20240822 Rel.52946

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:Remote site connected to Controller via VPN – Problem upgrading firmware-Solution
2025-07-31 22:28:33 - last edited 2025-07-31 22:28:38

I managed to solve the problem and successfully update the remote site.
I changed the HTTPS port back to the default 443 (it was previously set to 8443) and enabled the Device Management option in the Controller Settings. After that, the remote device was able to complete the update process.

Recommended Solution
  0  
  0  
#6
Options
6 Reply
Re:Remote site connected to Controller via VPN – Problem upgrading firmware
2025-07-28 21:21:41 - last edited 2025-07-28 21:21:48

  @Zazi 

 

Remote sites adopted over a Site-to-site VPN should directly allow firmware upgrades without issues - works on all 4 of my remote sites where the controller is hosted at main site (which is responder to all remote VPNs being the initiator)

 

do you have any WAN IN or WAN out ACLs at either end that could be blocking ports 80 and 443 to the host site controller IP ?

Main: ER8411 x1, SG3428X x1, SG3452 x1, SG2428LP x1, SG3210 x1, SG2218P x1, SG2008P x3, ES208G x1, EAP650 x6 Remote: ER7206 v2 x1, ER605 v2 x3, SG2008P x2, EAP650 x2, ES205G x1 Controller: OC300
  0  
  0  
#2
Options
Re:Remote site connected to Controller via VPN – Problem upgrading firmware
2025-07-28 21:44:41

  @GRL Thank you for your reply. No, I actually turned off all ACL rules to rule out that possibility. I "solved the problem" by resetting the ER605 to factory settings and forgetting it from the controller, then manually upgrading the firmware and readopting it...

 

I will try again tomorrow with a fresh setup using a different ER605.

  0  
  0  
#3
Options
Re:Remote site connected to Controller via VPN – Problem upgrading firmware
2025-07-29 06:34:11

Hi  @Zazi 

 

As per the error message mentioned, "failed to upgrade online. Please check your network configuration and make sure the device can access the Controller's HTTPS management port."

 

I believe you need to open port (tcp 443 by default) to bypass this.

 

Which ports do Omada SDN Controller and Omada Discovery Utility use? (above Controller 5.0.15)

 

 

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#4
Options
Re:Remote site connected to Controller via VPN – Problem upgrading firmware
2025-07-29 17:11:09

I'm also using site-to-site VPN with the controller (OC200) on the responder side (ER707-M2). VPN routing is working – I can access port 8843 from the remote subnet.

I’ve opened TCP 443, even placed OC200 into DMZ (source IP restricted to remote subnet), and I still get the same error when attempting firmware upgrades.

 

I'm running out of ideas..

 

nc -zv 192.168.10.2 8443

Connection to 192.168.10.2 port 8843 [tcp/pcsync-https] succeeded!

  0  
  0  
#5
Options
Re:Remote site connected to Controller via VPN – Problem upgrading firmware-Solution
2025-07-31 22:28:33 - last edited 2025-07-31 22:28:38

I managed to solve the problem and successfully update the remote site.
I changed the HTTPS port back to the default 443 (it was previously set to 8443) and enabled the Device Management option in the Controller Settings. After that, the remote device was able to complete the update process.

Recommended Solution
  0  
  0  
#6
Options
Re:Remote site connected to Controller via VPN – Problem upgrading firmware
2025-08-01 06:55:02

Hi  @Zazi 

 

Glad to hear that you had finally fix it and thanks for your sharing. 

Wish you a happy life and smooth network usage!  >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#7
Options

Information

Helpful: 0

Views: 210

Replies: 6

Tags

VPN Firmware Update Controller
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.