Right now the stable release of OpenWRT is 19.07.7, which does not include support for Mikrotik hAP ac2. The latest dev snapshot does support it, but the latest dev snapshot is not built with Luci, the OpenWRT web admin tool. So for now, we have to do some OpenWRT things by ssh’ing to the router and using the command line. It’ll get simpler whenever a new OpenWRT release is made that includes support for this device.
The biggest difficulty with using a snapshot build is that it tends to get rebuilt as often as daily with the latest code, along with its packages, and the previous builds are not kept. So within a day or so of installing a snapshot build, you might find that none of the packages available are compatible with your now old snapshot build. At that point if you really need to install a new package you have to install the latest snapshot.
It’s simplest after installing a snapshot build to go ahead and immediately install all the packages you think you might want.
This is for installing OpenWRT on a “new” router that doesn’t have OpenWRT on it already. Once this has been done, you can use the normal OpenWRT upgrade process.
Download the OpenWRT files for the router and prepare a script for TFTP/DHCP.
Save the RouterOS key file from the router
Temporarily boot OpenWRT on the router using TFTP/DHCP
Transfer the OpenWRT upgrade file to the router
Install OpenWRT onto the router
Install the Luci web interface.
I’m assuming your computer is a Linux computer using an Ethernet cable to connect to the Internet.
Your computer must have
dnsmasq and a browser installed.
Go to the OpenWRT Mikrotik hAP ac2 page, scroll down to “Installation”, and download both the “Firmware OpenWrt snapshot Install” and “Firmware OpenWrt snapshot Upgrade” files. The filenames will look like openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-initramfs-kernel.bin and openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-squashfs-sysupgrade.bin
In the same directory, create a file
loader.sh starting with the following:
#!/bin/bash USER=root IFNAME=eth0 FILENAME=openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-initramfs-kernel.bin sudo /sbin/ip addr replace 192.168.1.10/24 dev $IFNAME sudo /sbin/ip link set dev $IFNAME up sudo /usr/sbin/dnsmasq --user=$USER \ --no-daemon \ --listen-address 192.168.1.10 \ --bind-interfaces \ -p0 \ --dhcp-authoritative \ --dhcp-range=192.168.1.100,192.168.1.200 \ --bootp-dynamic \ --dhcp-boot=$FILENAME \ --log-dhcp \ --enable-tftp \ --tftp-root=$(pwd)
IFNAME to the interface name of the Ethernet interface on
your computer. (Run
ip a to see your interface names.)
FILENAME to the name of the
initramfs file you downloaded.
Make the script executable:
$ chmod +x loader.sh
The router comes with RouterOS installed and a valid key for it. We want to save that key before we install OpenWRT, so that if we ever want to go back to RouterOS, we don’t have to buy another license for it.
These instructions are adapted from https://openwrt.org/toh/mikrotik/common#saving_mikrotik_routerboard_license_key_without_using_winbox.
With no network cables connected to the router, connect the router to power and wait for it to finish starting.
Connect your computer’s ethernet to the router’s ethernet port 2 (a LAN port).
Visit http://192.168.88.1. You should see RouterOS. If this is the first time, you might need to let it apply the default configuration and restart. Then continue.
In the top right, click the “Terminal” button. You should get a page that looks like a terminal with a command prompt like
At the prompt, copy the key to a file by typing:
/system license output
Now visit http://192.168.88.1/webfig/#Files and you should see a list of files.
Next to the
.keyfile, click the “Download” button and download the file.
Save the key file someplace safe.
Visit http://192.168.88.1. You should see RouterOS.
In the top right, click the “WebFig” button. You should see a page with a long column of links on the left side.
In the left-hand column, click “System”, then “RouterBOARD”.
At the top of the right side, click the “Settings” button.
Change the following settings:
Boot Device: “try-ethernet-once-then-nand”
Boot Protocol: “dhcp”
Force Backup Booter: Checked
Click the “OK” button at the top.
Now the next time the router boots, it’ll look on the network for a boot image. If it fails, it’ll boot RouterOS again. In any case, unless the settings are changed again, it’ll go back to booting RouterOS by default.
Under “System” on the left, click “Shutdown”, and confirm. Wait a little, then unplug power from the router, just to be sure.
Unplug the network cable from the router, then plug it in to the WAN port (port #1).
On your computer, run your loader script to provide a TFTP/DHCP service:
Connect the router power cable. Shortly you should see output from your loader script indicating that the router has downloaded the openwrt file. Keep watching until you see “client provides name: OpenWRT” and a DHCPACK indicating that OpenWRT has accepted an IP address from your DHCP server.
Kill the script using Control-C.
Disconnect the network cable from the router, then plug it into a LAN port again.
Shortly, you should be able to ping 192.168.1.1 from your computer.
Unfortunately, if you’re running a snapshot version of OpenWRT, there’s no web interface to make things simpler from here on.
On your computer, run:
$ scp openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-squashfs-sysupgrade.bin email@example.com:/tmp
Use whatever “sysupgrade” file you had downloaded earlier.
(If you get asked if you’re sure you want to continue, answer “yes”. If you get a warning about remote host identification, you might have to run the suggested command to remove the old ssh key, then try again.)
Ssh into the router:
$ ssh firstname.lastname@example.org
There is no password.
Run “ls” to make sure the openwrt file is there:
root@OpenWRT:~# ls /tmp openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-squashfs-sysupgrade.bin root@OpenWRT:~#
Install OpenWRT by running sysupgrade:
root@OpenWRT:~# sysupgrade /tmp/openwrt-ipq40xx-mikrotik-mikrotik_hap-ac2-squashfs-sysupgrade.bin <timestamp> upgrade: Commencing upgrade. Closing all shell sessions. Connection to 192.168.1.1 closed by remote host. Connection to 192.168.1.1 closed.
Wait several minutes. (Until you hear a beep?)
192.168.1.1and let it run until you start getting responses, then stop it by hitting Control-C:
$ ping 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=35 ttl=64 time=1.75 ms ... ^C
Note that you’re still running a snapshot version of OpenWRT and there’s no web interface yet.
Add another ethernet cable, connecting the router’s WAN port (#1) to the Internet. You should still have a cable connecting your computer to one of the router’s LAN ports.
Ssh into the router from your computer:
$ ssh email@example.com
Update the package list:
root@OpenWRT:~# opkg update
You can download the latest snapshot sysupgrade file and apply it as a normal update through Luci.
Afterward you will have to re-install any additional packages you want, including ssh’ing in to install the Luci web interface.
$ ssh firstname.lastname@example.org # opkg update # opkg install luci luci-theme-openwrt luci-app-sqm luci-app-qos zerotier diffutils
Backup your config before trying this. It didn’t work for me and I had to restore a saved config to recover.
I put a 64GB micro-SD card in the USB slot and followed these instructions to move root to the card so I’d have lots of room.