Locked out of RV320 admin interface with "Bad Gateway"

Details

I have a Cisco RV320 Small Business router. Lovely little device, too bad its support is now limited.

Being the obsessive-compulsive fellow that I am, I set it up quite a while back with a self-signed certificate that my browser was configured to recognize, to avoid silly messages from the browser about it being unable to authenticate the site.

Once the old certificate expired, however, I managed to generate a new one that was invalid. Too bad I didn't notice until it was too late... and then, I was no longer able to access its browser-based admin interface.

The device still worked fine, but it was no longer possible to change its configuration. Bloody annoying, to say the least. Worse yet, even a forced factory reset failed to clear the broken certificate, so the device was mostly bricked.

Now I am a good boy, I practice what I preach, and in this case, given that this router for me is a mission critical piece of equipment, I had a backup: An identical (and identically configured) device as a drop-in replacement. So continuity was assured, and I could deal with the broken device at my leisure.

That leisurely moment came earlier today, when I took the misconfigured device, set it up with a laptop, and began to work.

The steps were simple in principle. I learned that it was possible to fully reset the device by performing an emergency boot and then loading an older version of the firmware. But it didn't work. After many tries, a piece of advice in one of the online conversations about this failure mode caught my attention: Someone mentioned disabling the Windows firewall.

And that was it. Once I disabled the firewall, TFTP did its thing, and the router came back to life.

Just in case I ever run into this problem again, here are the specific steps that I needed to do to make this happen.

Prerequisites

Make sure that the computer you will be using has a) a copy of an older version of the RV320 firmware, e.g., RV32X_v1.3.2.02_20160923-code.bin; b) a copy of the latest version, RV32X_v1.5.1.13_20201027-code.bin; and c) your most recent saved configuration (you did save your configuration before you messed up the router, didn't you?)

Make sure that computer you will be using has tftp; if it is a windows machine, it means that the "tftp client" optional Windows feature is enabled, and you can run tftp from the command prompt.

Now the actual steps

  1. Set up the router and a computer, plugged into the router's LAN-1 port via Ethernet.
  2. Configure the computer's Ethernet connection with a manually assigned IP address, 192.168.1.100.
  3. Disable the Windows firewall!
  4. Power cycle the router, holding down its recessed reset button with a pin, for at least ~10 seconds.
  5. Verify that you can ping 192.168.1.1 from the computer.
  6. From a command prompt, run tftp -i 192.168.1.1 put RV32X_v1.3.2.02_20160923-code.bin
  7. If the transfer is successful, tftp will let you know. Wait for the router to reboot.
  8. Verify that you can connect to the admin interface at https://192.168.1.1 using the default password.
  9. Through the admin interface, perform a factory reset, deleting certificates.
  10. Once the router is back online, log on to it again through the browser.
  11. Through the admin interface, upgrade to RV32X_v1.5.1.13_20201027-code.bin
  12. Verify reboot. Log on again. Check the firmware version.
  13. Now upload your saved configuration.
  14. While the device reboots reset network settings if needed (e.g., DHCP). Don't forget to re-enable the firewall.

That should do it. Worked for me.

See also this discussion.