--- title: Installing OpenWrt on the Mikrotik hap-ac author: Collin J. Doering date: 2019-12-01 description: Use dnsmasq to provide a dhcp+tftp server in order to netboot OpenWrt on Mikrotik hap-ac routers tags: general, hardware, networking, dhcp, tftp, OpenWrt, mikrotik --- Recently I purchased a [Mikrotik hap-ac router](https://mikrotik.com/product/RB962UiGS-5HacT2HnT) as I am in the process of moving away from the unify access points I currently use in my home network. The main reasons for this is the numerous [GPL violations](https://sfconservancy.org/blog/2019/oct/02/cambium-ubiquiti-gpl-violations/), the introduction of a [call home feature](https://news.ycombinator.com/item?id=21430997) without telling users, as well as the lack of deeper control that only comes with open source software. In any case, the end goal is to leverage [Openwisp](http://openwisp.org/) as the wireless access point controller, and OpenWrt powered access points everywhere in the house. One nice thing about using OpenWrt is that my older [Unify AC-LR](https://store.ui.com/products/unifi-ac-lr), also [supports it](https://openwrt.org/toh/ubiquiti/unifiac), so I can use a similar process to the one I will describe in this article to leverage my older equipment in the case I do not sell it right away. This article will detail how to install OpenWrt on the Mikrotik hap-ac router, but will save setup of the access points as well as Openwisp to another article. Though there is [a guide provided within the OpenWrt wiki](https://openwrt.org/toh/mikrotik/common) regarding installation onto Mikrotik (and other) devices, I found that it was not as clear as it could be, mainly due the many options mentioned, but none clearly demonstrated. Here I would like provide clear and concise instructions on how to install OpenWrt on the Mikrotik hap-ac, though the process could be used for any netboot installation of OpenWrt (with some modification). The high-level process is quiet simple, and the OpenWrt does do a good job of describing this in its wiki. Here is the TLDR: 1. Ensure router/device will utilize netboot upon start. This will vary per router/device. 2. Run local `dhcp` server and `tftp` server, ensuring the appropriate firmware file is referenced as `dhcp` `option 66`. 3. Ensure router/device is plugged into computer running the `dhcp+tftp` server. 4. Reboot the router and keep an eye on the `dhcp`/`tftp` server logs to confirm the router gets an ip address from the local dhcp server, as well as downloads the firmware binary referenced by `dhcp option 66`. Now luckily [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) provides both a `dhcp` and `tftp` server, which is easy to configure and use. First, ensure `dnsmasq` is installed, and place the following in `/etc/dnsmasq.conf`. ``` port=0 interface=enp0s20f0u2u4 bind-interfaces dhcp-range=192.168.0.11,192.168.0.150,12h dhcp-boot=openwrt-18.06.5-ar71xx-mikrotik-rb-nor-flash-16M-ac-initramfs-kernel.bin dhcp-option-force=66,192.168.0.10 enable-tftp tftp-root=/srv/tftp ``` Make sure to change the `interface` to match which one you are using to connect to the router. Additionally, create a folder to store `tftp` files and download the appropriate firmware binaries to this directory, referencing them correctly in the `dnsmasq` configuration `dhcp-boot` and `tftp-root` ```shell mkdir /srv/tftp chown dnsmasq:dnsmasq /srv/tftp ``` Finally, we need to start the `dnsmasq` service, power cycle the router and watch the log output from the `dnsmasq` service. Assuming you are using `systemd`, you would do this like so: ```shell sudo systemctl start dnsmasq sudo journalctl -fu dnsmasq ``` Below is a sample of the log output I received when netbooting my Mikrotik hap-ac: ``` Nov 20 21:02:04 rekahsoft-work dnsmasq[23837]: dnsmasq: syntax check OK. Nov 20 21:02:04 rekahsoft-work systemd[1]: Started A lightweight DHCP and caching DNS server. Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: started, version 2.80 DNS disabled Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: compile time options: IPv6 GNU-getopt DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: DBus support enabled: connected to system bus Nov 20 21:02:04 rekahsoft-work dnsmasq-dhcp[23839]: DHCP, IP range 192.168.0.11 -- 192.168.0.150, lease time 12h Nov 20 21:02:04 rekahsoft-work dnsmasq-dhcp[23839]: DHCP, sockets bound exclusively to interface enp0s20f0u2u4 Nov 20 21:02:04 rekahsoft-work dnsmasq-tftp[23839]: TFTP root is /srv/tftp Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPDISCOVER(enp0s20f0u2u4) 74:4d:28:f0:40:28 Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPOFFER(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPREQUEST(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPACK(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 Nov 20 21:02:19 rekahsoft-work dnsmasq-tftp[23839]: sent /srv/tftp/openwrt-18.06.5-ar71xx-mikrotik-rb-nor-flash-16M-ac-initramfs-kernel.bin to 192.168.0.108 Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPDISCOVER(enp0s20f0u2u4) 74:4d:28:f0:40:28 Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPOFFER(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPREQUEST(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPACK(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28 ``` You'll notice that first the router receives an IP address via `DHCP` followed by the appropriate firmware binary being sent to the device. At this point, the router will be running OpenWrt, though completely ephemerally until it is permanently installed (either via the web interface or via ssh). I was unable to do the installation via the web interface as when net booting, device board auto-recognition did not work correctly (with a message saying "Sysupgrade is not yet supported on unknown."), which required me dropping the appropriate board version into `/some/path/to/the/board/file/openwrt` (see [this form post](https://forum.openwrt.org/t/mikrotik-rb952ui-5ac2nd/33635)). Since I was already there, I proceeded to complete the installation via command-line, though it would have been just as easy to go back to the web ui. There we have it! OpenWrt installed onto a Mikrotik hap-ac router. Easy peasy, thanks to `dnsmasq`!