Browse Source
posts/mikrotik-hap-ac-openwrt-installation.md: New post
article-mikrotik-hap-ac-openwrt
1 changed files with 116 additions and 0 deletions
Split View
Diff Options
+ 116
- 0
posts/mikrotik-hap-ac-openwrt-installation.md
View File
| @@ -0,0 +1,116 @@ | |||
| --- | |||
| title: Installing OpenWrt on the Mikrotik hap-ac | |||
| author: Collin J. Doering | |||
| date: 2019-12-01 | |||
| description: Use dnsmasq to provide a dhcp+tftp server in order to netboot OpenWrt on Mikrotik hap-ac routers | |||
| tags: general, hardware, networking, dhcp, tftp, OpenWrt, mikrotik | |||
| --- | |||
| Recently I purchased a [Mikrotik hap-ac | |||
| router](https://mikrotik.com/product/RB962UiGS-5HacT2HnT) as I am in the process of moving away | |||
| from the unify access points I currently use in my home network. The main reasons for this | |||
| is the numerous [GPL | |||
| violations](https://sfconservancy.org/blog/2019/oct/02/cambium-ubiquiti-gpl-violations/), the | |||
| introduction of a [call home feature](https://news.ycombinator.com/item?id=21430997) without | |||
| telling users, as well as the lack of deeper control that only comes with open source software. | |||
| In any case, the end goal is to leverage [Openwisp](http://openwisp.org/) as the wireless | |||
| access point controller, and OpenWrt powered access points everywhere in the house. One nice | |||
| thing about using OpenWrt is that my older [Unify | |||
| AC-LR](https://store.ui.com/products/unifi-ac-lr), also [supports | |||
| it](https://openwrt.org/toh/ubiquiti/unifiac), so I can use a similar process to the one I will | |||
| describe in this article to leverage my older equipment in the case I do not sell it right | |||
| away. | |||
| This article will detail how to install OpenWrt on the Mikrotik hap-ac router, but will save | |||
| setup of the access points as well as Openwisp to another article. | |||
| <!--more--> | |||
| Though there is [a guide provided within the OpenWrt | |||
| wiki](https://openwrt.org/toh/mikrotik/common) regarding installation onto Mikrotik (and other) | |||
| devices, I found that it was not as clear as it could be, mainly due the many options | |||
| mentioned, but none clearly demonstrated. Here I would like provide clear and concise | |||
| instructions on how to install OpenWrt on the Mikrotik hap-ac, though the process could be used | |||
| for any netboot installation of OpenWrt (with some modification). | |||
| The high-level process is quiet simple, and the OpenWrt does do a good job of describing this | |||
| in its wiki. Here is the TLDR: | |||
| 1. Ensure router/device will utilize netboot upon start. This will vary per router/device. | |||
| 2. Run local `dhcp` server and `tftp` server, ensuring the appropriate firmware file is | |||
| referenced as `dhcp` `option 66`. | |||
| 3. Ensure router/device is plugged into computer running the `dhcp+tftp` server. | |||
| 4. Reboot the router and keep an eye on the `dhcp`/`tftp` server logs to confirm the router | |||
| gets an ip address from the local dhcp server, as well as downloads the firmware binary | |||
| referenced by `dhcp option 66`. | |||
| Now luckily [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) provides both a `dhcp` and | |||
| `tftp` server, which is easy to configure and use. First, ensure `dnsmasq` is installed, and | |||
| place the following in `/etc/dnsmasq.conf`. | |||
| ``` | |||
| port=0 | |||
| interface=enp0s20f0u2u4 | |||
| bind-interfaces | |||
| dhcp-range=192.168.0.11,192.168.0.150,12h | |||
| dhcp-boot=openwrt-18.06.5-ar71xx-mikrotik-rb-nor-flash-16M-ac-initramfs-kernel.bin | |||
| dhcp-option-force=66,192.168.0.10 | |||
| enable-tftp | |||
| tftp-root=/srv/tftp | |||
| ``` | |||
| Make sure to change the `interface` to match which one you are using to connect to the router. | |||
| Additionally, create a folder to store `tftp` files and download the appropriate firmware binaries | |||
| to this directory, referencing them correctly in the `dnsmasq` configuration `dhcp-boot` and | |||
| `tftp-root` | |||
| ```shell | |||
| mkdir /srv/tftp | |||
| chown dnsmasq:dnsmasq /srv/tftp | |||
| ``` | |||
| Finally, we need to start the `dnsmasq` service, power cycle the router and watch the log | |||
| output from the `dnsmasq` service. | |||
| Assuming you are using `systemd`, you would do this like so: | |||
| ```shell | |||
| sudo systemctl start dnsmasq | |||
| sudo journalctl -fu dnsmasq | |||
| ``` | |||
| Below is a sample of the log output I received when netbooting my Mikrotik hap-ac: | |||
| ``` | |||
| Nov 20 21:02:04 rekahsoft-work dnsmasq[23837]: dnsmasq: syntax check OK. | |||
| Nov 20 21:02:04 rekahsoft-work systemd[1]: Started A lightweight DHCP and caching DNS server. | |||
| Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: started, version 2.80 DNS disabled | |||
| Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: compile time options: IPv6 GNU-getopt DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile | |||
| Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: DBus support enabled: connected to system bus | |||
| Nov 20 21:02:04 rekahsoft-work dnsmasq-dhcp[23839]: DHCP, IP range 192.168.0.11 -- 192.168.0.150, lease time 12h | |||
| Nov 20 21:02:04 rekahsoft-work dnsmasq-dhcp[23839]: DHCP, sockets bound exclusively to interface enp0s20f0u2u4 | |||
| Nov 20 21:02:04 rekahsoft-work dnsmasq-tftp[23839]: TFTP root is /srv/tftp | |||
| Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPDISCOVER(enp0s20f0u2u4) 74:4d:28:f0:40:28 | |||
| Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPOFFER(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 | |||
| Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPREQUEST(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 | |||
| Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPACK(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 | |||
| Nov 20 21:02:19 rekahsoft-work dnsmasq-tftp[23839]: sent /srv/tftp/openwrt-18.06.5-ar71xx-mikrotik-rb-nor-flash-16M-ac-initramfs-kernel.bin to 192.168.0.108 | |||
| Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPDISCOVER(enp0s20f0u2u4) 74:4d:28:f0:40:28 | |||
| Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPOFFER(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 | |||
| Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPREQUEST(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 | |||
| Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPACK(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 | |||
| ``` | |||
| You'll notice that first the router receives an IP address via `DHCP` followed by the | |||
| appropriate firmware binary being sent to the device. At this point, the router will be running | |||
| OpenWrt, though completely ephemerally until it is permanently installed (either via the web | |||
| interface or via ssh). I was unable to do the installation via the web interface as when net | |||
| booting, device board auto-recognition did not work correctly (with a message saying | |||
| "Sysupgrade is not yet supported on unknown."), which required me dropping the appropriate | |||
| board version into `/some/path/to/the/board/file/openwrt` (see [this form | |||
| post](https://forum.openwrt.org/t/mikrotik-rb952ui-5ac2nd/33635)). Since I was already there, I | |||
| proceeded to complete the installation via command-line, though it would have been just as easy | |||
| to go back to the web ui. | |||
| There we have it! OpenWrt installed onto a Mikrotik hap-ac router. Easy peasy, thanks to `dnsmasq`! | |||