OpenWRT

How to flash OpenWRT on hEX PoE Lite (RB750UPr2)

Important note: Flashing OpenWRT permanently breaks PoE out functionality (I have not tested) even after reinstalling RouterOS! PoE does not work on OpenWRT either!

I had significant problem with the official instructions of flashing OpenWRT on the MikroTik hEX PoE Lite as described on the OpenWRT wiki. I used RouterOS 7.4.1 and a Linux host for the flash process.

Specificially, starting the flash process from within RouterOS via System -> RouterBoard -> Settings did not work, neither with the backup bootloader nor without it, neither with DHCP nor with BOOTP. This caused a boot-and-DHCP-request loop with the log shown blow

Steps to flash OpenWRT on the RB750UPr2

… and probably most other RouterOS boards. There is no specific requirement  for the firmware version. RouterOS 6.47 works. RouterOS 7.4.1 works. I didn’t check any one beside that, but most likely it won’t make a difference. Specifically, there is no need to downgrade if using this method! The RouterOS downgrade is only neccessary for some old-ish Windows based flash method.

1 – Connect a ethernet cable from your flashing computer to the first Ethernet connector of the router.

PXE will only work on this specific port and will not work on other ports!

2 – Setup your flashing computer’s IP interface config.

We’ll use eth0 in this example. Be sure to use the correct interface

sudo ifconfig eth0 192.168.1.10 netmask 255.255.255.0

I read somewhere that MikroTiks expect the PXE host to be at IP 192.168.1.10 – this definitively works. Other IP addresses might or might not also work, I didn’t check. Just use that one.

3 – Setup dnsmasq

sudo apt -y install dnsmasq

and then do not forget to stop dnsmasq and remove the default config

sudo systemctl disable --now dnsmasq
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.default.conf

4 – Download the correct image from OpenWRT

Google for OpenWRT + your RouterBoard type, e.g. OpenWRT RB750UPr2. This will lead you to a site like this one. Scroll down and download both the Firmware OpenWrt Install URL and the Firmware OpenWrt Upgrade URLIn the end you will need both anyway, but for now we need the one ending with ...-initramfs-kernel.img!

Save that file with the original name. The name does not matter – what matters is only that you use the correct image, not the ...-sysupgrade.bin for PXE boot! There is absolutely no need to name the file vmlinux etc.

5 – Startup dnsmasq server

In the following command, be sure to set the correct image name in the --dhcp-boot line

sudo /usr/sbin/dnsmasq \
--no-daemon \
--listen-address 192.168.1.10 \
--bind-interfaces \
-p0 \
--dhcp-authoritative \
--dhcp-range=192.168.1.100,192.168.1.200 \
--bootp-dynamic \
--dhcp-boot=openwrt-19.07.10-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin \
--log-dhcp \
--enable-tftp \
--tftp-root=$(pwd)

6 – Reset the router into PXE boot mode

As noted above, resetting via RouterOS did not work for me at all. I can only recommend this method, which I also described in my blogpost How to make MikroTik router boot using PXE (netboot) / BOOTP

  1. Unplug all (!) power supplies from your router. This includes PoE if used. Check if all LEDs are off.
  2. Press the reset button, you should hear a small click sound. Sometimes these are a little bit hard to press, sometimes you think you’ve pressed it but you didn’t since the button is sometimes smaller than the hole. I use tweezers to press it. Keep the reset button pressed until you’ve finished the procedure.
  3. Keep pressing the reset button while plugging in the power supply
  4. While still keeping the reset button pressed, wait for the following phases of reset:
    1. After ~5 seconds one of the LEDs will start to blink
    2. After a further 5 seconds, the LED will stop blinking and turn on permanently
    3. After a further 5 seconds, the LED will turn off permanently.
  5. Only after you see the LED go dark after these three phases (approximately 15 seconds), release the reset button
  6. The router should now boot using PXE

7 – Proceed with OpenWRT

If the reset & PXE boot worked, OpenWRT is running on 192.168.1.1On most MikroTik devices, you need to plugin the Ethernet to one of the LAN ports (typically every port except the first port) in order to access OpenWRT. Note that DHCP is not active by default.

The next step is basically to check if OpenWRT works properly and then install it to the flash using the ...-sysupgrade.bin image which we have downloaded before. This is rather easy and performed using the Web UI, it’s best to check the OpenWRT wiki page for more details.

Error log when starting the PXE flash via RouterOS

See above for the procedure that works. This error occured when I didn’t start the PXE process via the Reset button

dnsmasq-dhcp: 1534706347 vendor class: Mips_boot
dnsmasq-dhcp: 1534706347 DHCPDISCOVER(eth1) dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 1534706347 tags: eth1
dnsmasq-dhcp: 1534706347 DHCPOFFER(eth1) 192.168.1.100 dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 1534706347 requested options: 1:netmask, 3:router
dnsmasq-dhcp: 1534706347 bootfile name: rb-nor-flash-16M-initramfs-kernel.bin
dnsmasq-dhcp: 1534706347 next server: 192.168.1.10
dnsmasq-dhcp: 1534706347 sent size:  1 option: 53 message-type  2
dnsmasq-dhcp: 1534706347 sent size:  4 option: 54 server-identifier  192.168.1.10
dnsmasq-dhcp: 1534706347 sent size:  4 option: 51 lease-time  1h
dnsmasq-dhcp: 1534706347 sent size:  4 option: 58 T1  30m
dnsmasq-dhcp: 1534706347 sent size:  4 option: 59 T2  52m30s
dnsmasq-dhcp: 1534706347 sent size:  4 option:  1 netmask  255.255.255.0
dnsmasq-dhcp: 1534706347 sent size:  4 option: 28 broadcast  192.168.1.255
dnsmasq-dhcp: 1534706347 sent size:  4 option:  3 router  192.168.1.10
dnsmasq-dhcp: 4257818828 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 4257818828 vendor class: Mips_boot
dnsmasq-dhcp: 4257818828 DHCPDISCOVER(eth1) dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 4257818828 tags: eth1
dnsmasq-dhcp: 4257818828 DHCPOFFER(eth1) 192.168.1.100 dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 4257818828 requested options: 1:netmask, 3:router
dnsmasq-dhcp: 4257818828 bootfile name: rb-nor-flash-16M-initramfs-kernel.bin
dnsmasq-dhcp: 4257818828 next server: 192.168.1.10
dnsmasq-dhcp: 4257818828 sent size:  1 option: 53 message-type  2
dnsmasq-dhcp: 4257818828 sent size:  4 option: 54 server-identifier  192.168.1.10
dnsmasq-dhcp: 4257818828 sent size:  4 option: 51 lease-time  1h
dnsmasq-dhcp: 4257818828 sent size:  4 option: 58 T1  30m
dnsmasq-dhcp: 4257818828 sent size:  4 option: 59 T2  52m30s
dnsmasq-dhcp: 4257818828 sent size:  4 option:  1 netmask  255.255.255.0
dnsmasq-dhcp: 4257818828 sent size:  4 option: 28 broadcast  192.168.1.255
dnsmasq-dhcp: 4257818828 sent size:  4 option:  3 router  192.168.1.10
dnsmasq-dhcp: 1683968382 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 1683968382 vendor class: Mips_boot
dnsmasq-dhcp: 1683968382 DHCPDISCOVER(eth1) dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 1683968382 tags: eth1
dnsmasq-dhcp: 1683968382 DHCPOFFER(eth1) 192.168.1.100 dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 1683968382 requested options: 1:netmask, 3:router
dnsmasq-dhcp: 1683968382 bootfile name: rb-nor-flash-16M-initramfs-kernel.bin
dnsmasq-dhcp: 1683968382 next server: 192.168.1.10
dnsmasq-dhcp: 1683968382 sent size:  1 option: 53 message-type  2
dnsmasq-dhcp: 1683968382 sent size:  4 option: 54 server-identifier  192.168.1.10
dnsmasq-dhcp: 1683968382 sent size:  4 option: 51 lease-time  1h
dnsmasq-dhcp: 1683968382 sent size:  4 option: 58 T1  30m
dnsmasq-dhcp: 1683968382 sent size:  4 option: 59 T2  52m30s
dnsmasq-dhcp: 1683968382 sent size:  4 option:  1 netmask  255.255.255.0
dnsmasq-dhcp: 1683968382 sent size:  4 option: 28 broadcast  192.168.1.255
dnsmasq-dhcp: 1683968382 sent size:  4 option:  3 router  192.168.1.10
dnsmasq-dhcp: 424531201 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 424531201 vendor class: Mips_boot
dnsmasq-dhcp: 424531201 DHCPDISCOVER(eth1) dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 424531201 tags: eth1
dnsmasq-dhcp: 424531201 DHCPOFFER(eth1) 192.168.1.100 dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 424531201 requested options: 1:netmask, 3:router
dnsmasq-dhcp: 424531201 bootfile name: rb-nor-flash-16M-initramfs-kernel.bin
dnsmasq-dhcp: 424531201 next server: 192.168.1.10
dnsmasq-dhcp: 424531201 sent size:  1 option: 53 message-type  2
dnsmasq-dhcp: 424531201 sent size:  4 option: 54 server-identifier  192.168.1.10
dnsmasq-dhcp: 424531201 sent size:  4 option: 51 lease-time  1h
dnsmasq-dhcp: 424531201 sent size:  4 option: 58 T1  30m
dnsmasq-dhcp: 424531201 sent size:  4 option: 59 T2  52m30s
dnsmasq-dhcp: 424531201 sent size:  4 option:  1 netmask  255.255.255.0
dnsmasq-dhcp: 424531201 sent size:  4 option: 28 broadcast  192.168.1.255
dnsmasq-dhcp: 424531201 sent size:  4 option:  3 router  192.168.1.10
dnsmasq-dhcp: 3459997603 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3459997603 vendor class: Mips_boot
dnsmasq-dhcp: 3459997603 DHCPDISCOVER(eth1) dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 3459997603 tags: eth1
dnsmasq-dhcp: 3459997603 DHCPOFFER(eth1) 192.168.1.100 dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 3459997603 requested options: 1:netmask, 3:router
dnsmasq-dhcp: 3459997603 bootfile name: rb-nor-flash-16M-initramfs-kernel.bin
dnsmasq-dhcp: 3459997603 next server: 192.168.1.10
dnsmasq-dhcp: 3459997603 sent size:  1 option: 53 message-type  2
dnsmasq-dhcp: 3459997603 sent size:  4 option: 54 server-identifier  192.168.1.10
dnsmasq-dhcp: 3459997603 sent size:  4 option: 51 lease-time  1h
dnsmasq-dhcp: 3459997603 sent size:  4 option: 58 T1  30m
dnsmasq-dhcp: 3459997603 sent size:  4 option: 59 T2  52m30s
dnsmasq-dhcp: 3459997603 sent size:  4 option:  1 netmask  255.255.255.0
dnsmasq-dhcp: 3459997603 sent size:  4 option: 28 broadcast  192.168.1.255
dnsmasq-dhcp: 3459997603 sent size:  4 option:  3 router  192.168.1.10
dnsmasq-dhcp: 657189184 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 657189184 vendor class: Mips_boot
dnsmasq-dhcp: 657189184 DHCPDISCOVER(eth1) dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 657189184 tags: eth1
dnsmasq-dhcp: 657189184 DHCPOFFER(eth1) 192.168.1.100 dc:2c:6e:d7:60:9d 
dnsmasq-dhcp: 657189184 requested options: 1:netmask, 3:router
dnsmasq-dhcp: 657189184 bootfile name: rb-nor-flash-16M-initramfs-kernel.bin
dnsmasq-dhcp: 657189184 next server: 192.168.1.10
dnsmasq-dhcp: 657189184 sent size:  1 option: 53 message-type  2
dnsmasq-dhcp: 657189184 sent size:  4 option: 54 server-identifier  192.168.1.10
dnsmasq-dhcp: 657189184 sent size:  4 option: 51 lease-time  1h
dnsmasq-dhcp: 657189184 sent size:  4 option: 58 T1  30m
dnsmasq-dhcp: 657189184 sent size:  4 option: 59 T2  52m30s
dnsmasq-dhcp: 657189184 sent size:  4 option:  1 netmask  255.255.255.0
dnsmasq-dhcp: 657189184 sent size:  4 option: 28 broadcast  192.168.1.255
dnsmasq-dhcp: 657189184 sent size:  4 option:  3 router  192.168.1.10
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot
dnsmasq-dhcp: 3031796432 available DHCP range: 192.168.1.100 -- 192.168.1.200
dnsmasq-dhcp: 3031796432 vendor class: Mips_boot

 

Posted by Uli Köhler in MikroTik, Networking, OpenWRT

Is tailscale available for OpenWRT 19.07?

No, tailscale can’t be installed using opkg on OpenWRT 19.xx. I have experimentally verified this using a MIPSBE router with OpenWRT 19.07.10.

However, tailscale is available on OpenWRT starting from version 21.02 – source: tailscale package page on OpenWRT.

Posted by Uli Köhler in Headscale, Networking, OpenWRT

Is ZeroTier available for OpenWRT 19.07?

Yes, ZeroTier is available via

opkg update
opkg install zerotier

on OpenWRT 19.07. On my router, which is running OpenWRT 19.07.10 I could install ZeroTier without any modifications or extra package repositories.

Posted by Uli Köhler in OpenWRT, ZeroTier

How to fix OpenWRT SSH Unable to negotiate with … no matching host key type found. Their offer: ssh-rsa

Problem:

When using a modern Linux client to connect with an OpenWRT device using SSH, you an error message like the following:

Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa

Solution:

You can explicitly tell SSH to allow ssh-rsa by using -oHostKeyAlgorithms=+ssh-rsa, for example:

ssh -oHostKeyAlgorithms=+ssh-rsa [email protected]

Using this command should allow you to connect to your OpenWRT device.

Posted by Uli Köhler in Networking, OpenWRT