-- Leo's gemini proxy
-- Connecting to ecs.d2evs.net:1965...
-- Sending request
-- Meta line: 20 text/gemini
I recently got my MikroTik RB2011U, and I wanted to install OpenWRT on it.
The MikroTik RouterBOARD has a "Netinstall" mode, in which it connects to `eth1` and receives a kernel to boot from using TFTP (the Trivial File Transfer Protocol). I ended up with this small script, based on something from the OpenWRT documentation:
#!/bin/sh # Replace `enp2s0f1` with your ethernet interface # Serve TFTP from $TFTP_DIR/$TFTP_FILE TFTP_DIR=~/tmp/openwrt TFTP_FILE=stable.elf sudo ifconfig enp2s0f1 192.168.1.10 up sudo dnsmasq -i enp2s0f1 --dhcp-range=192.168.1.100,192.168.1.200 \ --dhcp-boot=$TFTP_FILE --enable-tftp --tftp-root=$TFTP_DIR \ --enable-tftp -d -u $USER -p0 -K --log-dhcp --bootp-dynamic
Once the router attempted to connect to the DHCP server with the hostname `OpenWrt`, I killed the TFTP server.
This worked - the router was now running OpenWRT from RAM.
Then, I disconnected my laptop from `eth1` and plugged it into `eth2`. The OpenWRT initramfs is configured to act as a DHCP server on `eth2` through `eth10`.
At this point, I `ssh`ed into the router:
$ ssh root@OpenWrt
(In the future, commands starting with `$` are on the host computer, and commands starting with `#` are on the router.)
I now had a root shell on the router! So far so good.
I then `scp`ed the OpenWRT sysupgrade onto the router:
$ scp ~/tmp/openwrt/stable.bin root@OpenWrt:/tmp/sysupgrade.bin
and proceeded to `sysupgrade` the router:
# sysupgrade /tmp/sysupgrade.bin Image metadata not found Cannot save config while running from ramdisk. Commencing upgrade. Closing all shell sessions.
At this point, the router closed the SSH connection and entered a boot loop.
I tried repeating the previous steps, replacing stable (18.06.4) OpenWRT with the snapshot. (The RB2011U v2 is listed as only supported by OpenWRT snapshot.)
In vain, I tried pinging the router as it boot looped. It never responded.
This meant that it was crashing and burning *before* networking was initialized. (This also meant that OpenWRT failsafe mode wouldn't help.)
So, I tried to read the kernel logs from flash memory:
# mount /dev/mtdblock6 /mnt mount: mounting /dev/mtdblock6 on /mnt/ failed: Invalid argument
Maybe I need to specify the filesystem type? JFFS2 seems likely:
# mount -t jffs2 /dev/mtdblock6 /mnt ## (hangs for a *really* long time) mount: mounting /dev/mtdblock6 on /mnt/ failed: Invalid argument
That last case was interesting, so I pulled up another SSH connection and:
# dmesg | tail -1 [ 703.468505] jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found at 0x0244003c: 0xa94c instead [ 855.211369] jffs2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes [ 855.220100] jffs2: empty_blocks 0, bad_blocks 3, c->nr_blocks 992
It appears that there's no JFFS2 filesystem on /dev/mtdblock6. That makes sense, given:
# cat /proc/mtd | grep mtd6 mtd0: 0000c000 00001000 "routerboot" mtd1: 00001000 00001000 "hard_config" mtd2: 00001000 00001000 "bios" mtd3: 00001000 00001000 "soft_config" mtd4: 00040000 00020000 "booter" mtd5: 003c0000 00020000 "kernel" mtd6: 07c00000 00020000 "ubi"
It would appear that `mtd6` has UBIFS on it, but:
# mount -t ubifs /dev/mtdblock6 /mnt mount: mounting /dev/mtdblock6 on /mnt/ failed: Invalid argument
At this point, I decided to dump `/dev/mtd6` to my laptop, and do some forensics:
# dd if=/dev/mtd6 | ssh email@example.com dd of=/tmp/mtd6 ## blah blah blah fingerprints blah blah blah firstname.lastname@example.org's password: 253952+0 records in 253952+0 records out 253944+10 records in 253952+0 records out 130023424 bytes (130 MB, 124 MiB) copied, 313.463 s, 415 kB/s
Wait! UBI is `ubi`, not `ubifs`:
# mount -t ubi /dev/mtdblock6 /mnt mount: mounting /dev/mtdblock6 on /mnt/ failed: No such device
# ls -l /dev/mtdblock6 brw------- 1 root root 31, 6 Jan 1 1970 /dev/mtdblock6
By this point, I've installed `ubi_reader` on my laptop and I go back there to do some diagnostics:
$ ubireader_list_files mtd6 UBI Fatal: Less than 2 layout blocks found. $ less mtd6 ## UBI#^A^@^@^@...^E^@^@^B... ## ... ## <FF><FF><FF><FF><FF>...
Interesting. It appeared that OpenWRT did not successfully flash, but it failed consistently. (By this time, I had re-flashed OpenWRT quite a few times.)
At this point, it was 5:00 in the morning, so I decided to go to sleep.
Update: I returned that router and bought another one. Same problem. I decided to give up.
: OpenWRT has a `sysupgrade` command which takes a firmware image and installs it. The install procedure for MikroTik RouterBOARDs is to run OpenWRT from RAM using TFTS, then use `sysupgrade` to flash a firmware upgrade.
-- Response ended
-- Page fetched on Tue Oct 19 14:35:51 2021