blog-rekahsoft-ca/posts/mikrotik-hap-ac-openwrt-installation.md

6.4 KiB

title author date description tags
Installing OpenWrt on the Mikrotik hap-ac Collin J. Doering 2019-12-01 Use dnsmasq to provide a dhcp+tftp server in order to netboot OpenWrt on Mikrotik hap-ac routers general, hardware, networking, dhcp, tftp, OpenWrt, mikrotik

Recently I purchased a Mikrotik hap-ac router as I am in the process of moving away from the unify access points I currently use in my home network. The main reasons for this is the numerous GPL violations, the introduction of a call home feature without telling users, as well as the lack of deeper control that only comes with open source software. In any case, the end goal is to leverage Openwisp as the wireless access point controller, and OpenWrt powered access points everywhere in the house. One nice thing about using OpenWrt is that my older Unify AC-LR, also supports it, so I can use a similar process to the one I will describe in this article to leverage my older equipment in the case I do not sell it right away.

This article will detail how to install OpenWrt on the Mikrotik hap-ac router, but will save setup of the access points as well as Openwisp to another article.

Though there is a guide provided within the OpenWrt wiki regarding installation onto Mikrotik (and other) devices, I found that it was not as clear as it could be, mainly due the many options mentioned, but none clearly demonstrated. Here I would like provide clear and concise instructions on how to install OpenWrt on the Mikrotik hap-ac, though the process could be used for any netboot installation of OpenWrt (with some modification).

The high-level process is quiet simple, and the OpenWrt does do a good job of describing this in its wiki. Here is the TLDR:

  1. Ensure router/device will utilize netboot upon start. This will vary per router/device.
  2. Run local dhcp server and tftp server, ensuring the appropriate firmware file is referenced as dhcp option 66.
  3. Ensure router/device is plugged into computer running the dhcp+tftp server.
  4. Reboot the router and keep an eye on the dhcp/tftp server logs to confirm the router gets an ip address from the local dhcp server, as well as downloads the firmware binary referenced by dhcp option 66.

Now luckily dnsmasq provides both a dhcp and tftp server, which is easy to configure and use. First, ensure dnsmasq is installed, and place the following in /etc/dnsmasq.conf.

port=0
interface=enp0s20f0u2u4
bind-interfaces
dhcp-range=192.168.0.11,192.168.0.150,12h
dhcp-boot=openwrt-18.06.5-ar71xx-mikrotik-rb-nor-flash-16M-ac-initramfs-kernel.bin
dhcp-option-force=66,192.168.0.10
enable-tftp
tftp-root=/srv/tftp

Make sure to change the interface to match which one you are using to connect to the router. Additionally, create a folder to store tftp files and download the appropriate firmware binaries to this directory, referencing them correctly in the dnsmasq configuration dhcp-boot and tftp-root

mkdir /srv/tftp
chown dnsmasq:dnsmasq /srv/tftp

Finally, we need to start the dnsmasq service, power cycle the router and watch the log output from the dnsmasq service.

Assuming you are using systemd, you would do this like so:

sudo systemctl start dnsmasq
sudo journalctl -fu dnsmasq

Below is a sample of the log output I received when netbooting my Mikrotik hap-ac:

Nov 20 21:02:04 rekahsoft-work dnsmasq[23837]: dnsmasq: syntax check OK.
Nov 20 21:02:04 rekahsoft-work systemd[1]: Started A lightweight DHCP and caching DNS server.
Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: started, version 2.80 DNS disabled
Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: compile time options: IPv6 GNU-getopt DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile
Nov 20 21:02:04 rekahsoft-work dnsmasq[23839]: DBus support enabled: connected to system bus
Nov 20 21:02:04 rekahsoft-work dnsmasq-dhcp[23839]: DHCP, IP range 192.168.0.11 -- 192.168.0.150, lease time 12h
Nov 20 21:02:04 rekahsoft-work dnsmasq-dhcp[23839]: DHCP, sockets bound exclusively to interface enp0s20f0u2u4
Nov 20 21:02:04 rekahsoft-work dnsmasq-tftp[23839]: TFTP root is /srv/tftp
Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPDISCOVER(enp0s20f0u2u4) 74:4d:28:f0:40:28
Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPOFFER(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28
Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPREQUEST(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28
Nov 20 21:02:17 rekahsoft-work dnsmasq-dhcp[23839]: DHCPACK(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28
Nov 20 21:02:19 rekahsoft-work dnsmasq-tftp[23839]: sent /srv/tftp/openwrt-18.06.5-ar71xx-mikrotik-rb-nor-flash-16M-ac-initramfs-kernel.bin to 192.168.0.108
Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPDISCOVER(enp0s20f0u2u4) 74:4d:28:f0:40:28
Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPOFFER(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28
Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPREQUEST(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28
Nov 20 21:02:42 rekahsoft-work dnsmasq-dhcp[23839]: DHCPACK(enp0s20f0u2u4) 192.168.0.108 74:4d:28:f0:40:28

You'll notice that first the router receives an IP address via DHCP followed by the appropriate firmware binary being sent to the device. At this point, the router will be running OpenWrt, though completely ephemerally until it is permanently installed (either via the web interface or via ssh). I was unable to do the installation via the web interface as when net booting, device board auto-recognition did not work correctly (with a message saying "Sysupgrade is not yet supported on unknown."), which required me dropping the appropriate board version into /some/path/to/the/board/file/openwrt (see this form post). Since I was already there, I proceeded to complete the installation via command-line, though it would have been just as easy to go back to the web ui.

There we have it! OpenWrt installed onto a Mikrotik hap-ac router. Easy peasy, thanks to dnsmasq!