-- Leo's gemini proxy

-- Connecting to ecs.d2evs.net:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

Adventures installing OpenWRT

I recently got my MikroTik RB2011U, and I wanted to install OpenWRT on it.

MikroTik RB2011U

The MikroTik RouterBOARD has a "Netinstall" mode, in which it connects to `eth1` and receives a kernel to boot from using TFTP (the Trivial File Transfer Protocol). I ended up with this small script, based on something from the OpenWRT documentation:


# Replace `enp2s0f1` with your ethernet interface



sudo ifconfig enp2s0f1 up

sudo dnsmasq -i enp2s0f1 --dhcp-range=, \
  --dhcp-boot=$TFTP_FILE --enable-tftp --tftp-root=$TFTP_DIR \
  --enable-tftp -d -u $USER -p0 -K --log-dhcp --bootp-dynamic

Once the router attempted to connect to the DHCP server with the hostname `OpenWrt`, I killed the TFTP server.

This worked - the router was now running OpenWRT from RAM.

Then, I disconnected my laptop from `eth1` and plugged it into `eth2`. The OpenWRT initramfs is configured to act as a DHCP server on `eth2` through `eth10`.

At this point, I `ssh`ed into the router:

$ ssh root@OpenWrt

(In the future, commands starting with `$` are on the host computer, and commands starting with `#` are on the router.)

I now had a root shell on the router! So far so good.

I then `scp`ed the OpenWRT sysupgrade[1] onto the router:

$ scp ~/tmp/openwrt/stable.bin root@OpenWrt:/tmp/sysupgrade.bin

and proceeded to `sysupgrade` the router:

# sysupgrade /tmp/sysupgrade.bin
Image metadata not found
Cannot save config while running from ramdisk.
Commencing upgrade. Closing all shell sessions.

At this point, the router closed the SSH connection and entered a boot loop.


That's interesting.

I tried repeating the previous steps, replacing stable (18.06.4) OpenWRT with the snapshot. (The RB2011U v2 is listed as only supported by OpenWRT snapshot.)

No luck.

In vain, I tried pinging the router as it boot looped. It never responded.

This meant that it was crashing and burning *before* networking was initialized. (This also meant that OpenWRT failsafe mode wouldn't help.)

So, I tried to read the kernel logs from flash memory:

# mount /dev/mtdblock6 /mnt
mount: mounting /dev/mtdblock6 on /mnt/ failed: Invalid argument

Maybe I need to specify the filesystem type? JFFS2 seems likely:

# mount -t jffs2 /dev/mtdblock6 /mnt
## (hangs for a *really* long time)
mount: mounting /dev/mtdblock6 on /mnt/ failed: Invalid argument

That last case was interesting, so I pulled up another SSH connection and:

# dmesg | tail -1
[  703.468505] jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not
found at 0x0244003c: 0xa94c instead
[  855.211369] jffs2: Cowardly refusing to erase blocks on filesystem
with no valid JFFS2 nodes
[  855.220100] jffs2: empty_blocks 0, bad_blocks 3, c->nr_blocks 992

It appears that there's no JFFS2 filesystem on /dev/mtdblock6. That makes sense, given:

# cat /proc/mtd | grep mtd6
mtd0: 0000c000 00001000 "routerboot"
mtd1: 00001000 00001000 "hard_config"
mtd2: 00001000 00001000 "bios"
mtd3: 00001000 00001000 "soft_config"
mtd4: 00040000 00020000 "booter"
mtd5: 003c0000 00020000 "kernel"
mtd6: 07c00000 00020000 "ubi"

It would appear that `mtd6` has UBIFS on it, but:

# mount -t ubifs /dev/mtdblock6 /mnt
mount: mounting /dev/mtdblock6 on /mnt/ failed: Invalid argument

At this point, I decided to dump `/dev/mtd6` to my laptop, and do some forensics:

# dd if=/dev/mtd6 | ssh ecs@ dd of=/tmp/mtd6
## blah blah blah fingerprints blah blah blah
ecs@'s password:
253952+0 records in
253952+0 records out
253944+10 records in
253952+0 records out
130023424 bytes (130 MB, 124 MiB) copied, 313.463 s, 415 kB/s

Wait! UBI is `ubi`, not `ubifs`:

# mount -t ubi /dev/mtdblock6 /mnt
mount: mounting /dev/mtdblock6 on /mnt/ failed: No such device


# ls -l /dev/mtdblock6
brw-------    1 root     root       31,   6 Jan  1  1970 /dev/mtdblock6

By this point, I've installed `ubi_reader` on my laptop and I go back there to do some diagnostics:

$ ubireader_list_files mtd6
UBI Fatal: Less than 2 layout blocks found.
$ less mtd6
## UBI#^A^@^@^@...^E^@^@^B...
## ...
## <FF><FF><FF><FF><FF>...

Interesting. It appeared that OpenWRT did not successfully flash, but it failed consistently. (By this time, I had re-flashed OpenWRT quite a few times.)

At this point, it was 5:00 in the morning, so I decided to go to sleep.

Update: I returned that router and bought another one. Same problem. I decided to give up.

[1]: OpenWRT has a `sysupgrade` command which takes a firmware image and installs it. The install procedure for MikroTik RouterBOARDs is to run OpenWRT from RAM using TFTS, then use `sysupgrade` to flash a firmware upgrade.

Back to the home page

-- Response ended

-- Page fetched on Tue Oct 19 14:35:51 2021