A few months ago, I had successfully updated the firmware on my Thomson TG585 v8 router to version 8.2.7.8 when I also found out that I could connect to it via telnet, as per my previous post.
Recently, due to connectivity problems, my ISP requested that I perform a factory reset on the device. After solving those connectivity problems, I realised that access via telnet was not possible anymore. The weird thing was that I had not changed any settings on either router or computer, so this problem got really puzzling.
Finally, I found the reason why this was happening, as well as a working solution from member ZhenXlogic over the Greek forum at www.adslgr.com which I replicate here, in English, for those of you that could not easily find a solution, yet. The steps are easy.
First, save your current router settings by visiting the web interface over at 192.168.1.254 and selecting the left icon “Thomson Gateway”. Once inside, click on “Configuration” and then choose to “Save or Restore Configuration”. Then click on “Backup Configuration Now…” and select the location where user.ini will be saved.
Now with your favourite text editor, open the file user.ini and carefully browse inside, until you find the section [servmgr.ini] where you will see the problem itself: the new settings of the router have restrictions on the IP addresses that will access it via telnet, as seen in this output of mine:
[ servmgr.ini ] ifadd name=PPTP group=lan ifadd name=HTTP group=lan ifadd name=HTTPs group=lan ifadd name=HTTPs group=wan ifadd name=FTP group=lan ifadd name=FTP group=wan ifadd name=TELNET group=lan ifadd name=TELNET group=wan ifadd name=DNS-S group=lan ifadd name=MDAP group=lan ifadd name=SSDP group=lan ifadd name=PING_RESPONDER group=lan ipadd name=HTTPs ip=212.251.87.4 ipadd name=HTTPs ip=62.1.46.29 ipadd name=HTTPs ip=62.1.46.30 ipadd name=HTTPs ip=10.24.11.19 ipadd name=HTTPs ip=10.24.11.20 ipadd name=FTP ip=212.251.87.4 ipadd name=FTP ip=62.1.46.29 ipadd name=FTP ip=62.1.46.30 ipadd name=FTP ip=10.24.11.19 ipadd name=FTP ip=10.24.11.20 ipadd name=TELNET ip=62.1.46.29 ipadd name=TELNET ip=62.1.46.30 ipadd name=TELNET ip=10.24.11.19 ipadd name=TELNET ip=10.24.11.20 ipadd name=TELNET ip=212.251.87.4 modify name=PPTP state=enabled modify name=SNTP state=enabled modify name=SLA_ICMP_PING state=enabled modify name=SLA_UDP_PING state=disabled modify name=HTTP state=enabled modify name=HTTPs state=enabled modify name=WEBF state=disabled modify name=TFTP-C state=disabled modify name=FTP state=enabled modify name=TELNET state=enabled modify name=RIP state=disabled modify name=IGMP-Proxy state=enabled modify name=DNS-S state=enabled modify name=DNS-C state=enabled modify name=DHCP-S state=enabled modify name=MDAP state=enabled modify name=CWMP-C state=enabled qoslabel=Management modify name=CWMP-S state=enabled modify name=SSDP state=enabled modify name=GRE state=disabled modify name=IPIP state=disabled modify name=IP_COMMANDS state=enabled modify name=PING_RESPONDER state=enabled mapadd name=HTTP port=www-http mapadd name=HTTPs port=443 mapadd name=HTTPI intf=LocalNetwork port=www-http mapadd name=HTTPI intf=LocalNetwork port=1080 mapadd name=HTTPI intf=LocalNetwork port=httpproxy mapadd name=FTP port=ftp mapadd name=TELNET port=telnet mapadd name=DNS-S port=dns mapadd name=MDAP port=3235 mapadd name=SSDP port=1900
As you can see, unless you set the IP of your computer to the above specific values in highlighted red, the router will not allow access to its telnet console. For some reason, the developers of the Thomson firmware forgot to include the router’s default IP subnet, i.e. 192.168.1.xxx completely.
To remedy this situation, you simply need to add the line below as the first entry for TELNET, in order to allow the current router’s IP subnet (static or DHCP) computers to connect to it:
ipadd name=TELNET ip=192.168.1.[1-100]
In my example, I restrict the range from 1 to 100 but you can also set it from 1 to 200, accordingly. Therefore, insert this entry with your text editor back in the [servmgr.ini] section, like I did:
[ servmgr.ini ] ifadd name=PPTP group=lan ifadd name=HTTP group=lan ifadd name=HTTPs group=lan ifadd name=HTTPs group=wan ifadd name=FTP group=lan ifadd name=FTP group=wan ifadd name=TELNET group=lan ifadd name=TELNET group=wan ifadd name=DNS-S group=lan ifadd name=MDAP group=lan ifadd name=SSDP group=lan ifadd name=PING_RESPONDER group=lan ipadd name=HTTPs ip=212.251.87.4 ipadd name=HTTPs ip=62.1.46.29 ipadd name=HTTPs ip=62.1.46.30 ipadd name=HTTPs ip=10.24.11.19 ipadd name=HTTPs ip=10.24.11.20 ipadd name=FTP ip=212.251.87.4 ipadd name=FTP ip=62.1.46.29 ipadd name=FTP ip=62.1.46.30 ipadd name=FTP ip=10.24.11.19 ipadd name=FTP ip=10.24.11.20 ipadd name=TELNET ip=192.168.1.[1-100] ipadd name=TELNET ip=62.1.46.29 ipadd name=TELNET ip=62.1.46.30 ipadd name=TELNET ip=10.24.11.19 ipadd name=TELNET ip=10.24.11.20 ipadd name=TELNET ip=212.251.87.4 modify name=PPTP state=enabled modify name=SNTP state=enabled modify name=SLA_ICMP_PING state=enabled modify name=SLA_UDP_PING state=disabled modify name=HTTP state=enabled modify name=HTTPs state=enabled modify name=WEBF state=disabled modify name=TFTP-C state=disabled modify name=FTP state=enabled modify name=TELNET state=enabled modify name=RIP state=disabled modify name=IGMP-Proxy state=enabled modify name=DNS-S state=enabled modify name=DNS-C state=enabled modify name=DHCP-S state=enabled modify name=MDAP state=enabled modify name=CWMP-C state=enabled qoslabel=Management modify name=CWMP-S state=enabled modify name=SSDP state=enabled modify name=GRE state=disabled modify name=IPIP state=disabled modify name=IP_COMMANDS state=enabled modify name=PING_RESPONDER state=enabled mapadd name=HTTP port=www-http mapadd name=HTTPs port=443 mapadd name=HTTPI intf=LocalNetwork port=www-http mapadd name=HTTPI intf=LocalNetwork port=1080 mapadd name=HTTPI intf=LocalNetwork port=httpproxy mapadd name=FTP port=ftp mapadd name=TELNET port=telnet mapadd name=DNS-S port=dns mapadd name=MDAP port=3235 mapadd name=SSDP port=1900
Notice the entries in orange, where TELNET is enabled for access via wired (lan) and wireless (wan) computers, at the default port 23:
ifadd name=TELNET group=lan ifadd name=TELNET group=wan modify name=TELNET state=enabled mapadd name=TELNET port=telnet
Now that you’re at it, you can disable (unbind) the router’s SIP port mapping to allow your own SIP devices to work perfectly, as per my older post. Simply remove the line below from section [connection.ini] within user.ini:
bind application=SIP port=5060-5060
You can also disable the WPS functionality by setting the proper field inside [wireless.ini] section:
wps config ssid_id=0 state=enabled
to:
wps config ssid_id=0 state=disabled
Once saved, you need to upload the new configuration back to the router. Thus, you need to visit again the web interface over at 192.168.1.254 and select the left icon “Thomson Gateway”. Right under, click on “Configuration” and then choose to “Save or Restore Configuration”. Then click on “Restore Configuration Now…” and point to the modified user.ini to be uploaded.
The device will reboot in order to apply the new settings; in a couple of minutes, you shall have telnet access!
I have a question… I follow this steps (I only have telnet group=lan and telnet group=wan, so my modem has not telnet ip=62.1.46.29 and the others ip address) but I can not connect me to the web site anymore. Sorry for me english, I need to improve it.
Hi there, this is an old article and I no longer have this TG585 v8 modem, so if you cannot access the setup page of the modem or Internet in general, you’d better do a hard-reset to the modem (and maybe start over).
But you did not say what exactly you want to do. Normally, to allow Telnet (for specific actions, be careful) you’d save the default modem configuration, add 3 lines in the correct location, save it, upload configuration and restart. If you don’t have IP’s as the list above, it may be that your Internet provider changed the configuration of your modem.
If you are sure that you have the exact same TG585 v8 modem, your default home IP range should be 192.168.1.xxx and the above steps are correct, these are the 3 lines to add: The first allows home/local IPs to login, the second enables Telnet itself, third sets default Telnet port to use (e.g. via Linux or PuTTY).
ipadd name=TELNET ip=192.168.1.[1-200]
modify name=TELNET state=enabled
mapadd name=TELNET port=telnet
Hi, each time I want to connect using telnet, a message appears saying: Could not open connection to the host on port 23, connect failed.
Excellent post, thank you so much. I would like to mention though that you have to be logged in to your router with an Administrator account in order to see the “save & restore ” option to access the user.ini
I set DDNS onto my Technicolor router. I can access to the router by Telnet from LAN, but I would like to access also by public IP (on port 23). How can I do it?
I don’t have this router anymore, it was quite an old device, so unfortunately I cannot comment. If you cannot access port 23 by using your ISP’s assigned IP or via some working dynamic DNS service (I also stopped using Dyn since they stopped the free accounts) then it must be some hidden security setting that I don’t know. I suggest you search on-line, there must be an answer by another person who’ve done it. But remember, you’re exposing your router big time!