This page describes common procedures across MikroTik RouterBoard routers. If you edit / add information about a specific model, please consider linking to this page to avoid repeating common instructions.
OpenWrt is not compatible with the bootloader of RouterOS v7. Do NOT upgrade the firmware on your device to RouterOS v7 or, if you did, downgrade to RouterOS Firmware v6 before installing OpenWrt. RouterOS doesn't allow to downgrade below factory firmware version, but OpenWrt boots and works fine with versions up to 6.49.10 or beyond. Confirmed working: 6.47.10 (tested on SXTsq 5 ac), 6.49.10 (tested on SXTsq 2nD).
TL;DR
RouterBoards can netboot OpenWrt initramfs .elf (.bin in some instances) images via TFTP. This RAM-based initramfs OpenWrt image is first used to validate the desired OpenWrt version operates properly without overwriting any existing image in the NAND or NOR flash of the RouterBoard.
Once you have verified OpenWrt is working on your MikroTik hardware, use the LuCI web interface to permanently flash the appropriate sysupgrade .bin image into the flash of the RouterBoard. In this way, an initial installation is treated exactly the same as a subsequent OpenWrt upgrade. Prior versions of OpenWrt required a subsequent upgrade to once again boot OpenWrt using initramfs: with the current version of OpenWrt that now uses Unsorted Block images (UBI), the initial flash and subsequent upgrades can be performed directly in-place from the LuCI web interface.
After OpenWrt is installed to Flash, depending on the model, some platform configuration may be needed. This is explained in the model specific wiki pages.
Note: this step seems to be optional, at least for routers, since their license is tied directly to the hardware. Still, do this just in case.
Before you start installing OpenWrt, save your RouterOS License .key file. This will allow you to use Mikrotik's NetInstall to re-install RouterOS.
The bootloader from RouterOS v7 is not compatible with OpenWrt. If you have it, you will be able to netboot your device and flash OpenWrt, but after it reboots it will go straight to netboot again. If this happens to you, restore RouterOS using Netinstall, downgrade to RouterOS v6, and install OpenWrt again.
To check the version of your bootloader from RouterOS, go to System → Routerboard in the web interface or run /system routerboard print
and look for “current firmware”. If the version is below 7, you are all set. If it is 7.*, downgrade RouterOS to v6 before proceeding.
If you have already booted an OpenWrt initramfs, to see the bootloader version run cat /sys/firmware/mikrotik/hard_config/booter_version
.
The first supported version of OpenWrt for a particular model should be listed on the OpenWrt Table of Hardware
If the OpenWrt table of hardware says 'trunk', the model specific page should explain if 'trunk' already contains the necessary patches for your model or if you need to compile and patch OpenWrt yourself. Compilation / patching is explained further down in this document. If the documentation is old, then the model may work already in a newer release.
If your RouterBoard is not supported in the latest release, consider compiling the required patches to make your RouterBoard work with the latest release and install that (as described below).
Since an initramfs image is just a temporary image (only loaded into RAM), it is safe to test a particular version of OpenWrt by netbooting (using DHCP/BOOTP/TFTP) and downloading the initramfs image.
When you power down your RouterBoard after loading an initramfs file, OpenWrt will simply vanish: a power down and reboot of the RouterBoard will revert to the prior version of firmware that is still in flash of the RouterBoard.
If the RAM-based initramfs version you have selected works for you, feel free to try other versions of OpenWrt, such as Latest release or snapshot.
Once you are happy with the RAM-based operation of OpenWrt, proceed to the step of flashing OpenWrt in order to permanently write OpenWrt into your RouterBoard.
Note: MikroTik's bootloader (routerboot) may have a size limitation for TFTP images, approximately 7MiB. If it refuses to accept an initramfs image above that size (it will proceed to boot whatever was already installed in the device), that could be the reason.
The latest OpenWrt images can be downloaded from https://downloads.openwrt.org/
There will be just two images needed to install OpenWrt for any particular Mikrotik RouterBoard hardware platform:
To determine the precise file names needed for your specific RouterBoard model, please refer to:
Routerboards contain the Mikrotik RouterBoot netboot bootloader that will boot over the network and run an OpenWrt initramfs file. The initramfs file is a single file with the whole OpenWrt package: kernel plus filesystem. A RouterBoard has at least three flash partitions: bootloader, kernel and ubi. The MikroTik bootloader is preserved even after OpenWrt is installed into NAND or NOR flash.
The RouterBoard RouterBoot supports two different boot protocols when netbooting a RouterBoard:
Various TFTP servers for various OS are documented here.
To comply with the DHCP/BOOTP need of RouterBoot here are some extra detailed instructions.
Note: Don't forget to change USER, IFNAME, IP/DHCP IP-range and file name/folder path for your needs and replace openwrt-19.07-*-initramfs-* with the appropriate filename.
#!/bin/bash IFNAME=enp1s0 /sbin/ip addr replace 192.168.1.10/24 dev $IFNAME /sbin/ip link set dev $IFNAME up /usr/sbin/dnsmasq \ --no-daemon \ --listen-address 192.168.1.10 \ --bind-interfaces \ -p0 \ --dhcp-authoritative \ --dhcp-range=192.168.1.100,192.168.1.200 \ --bootp-dynamic \ --dhcp-boot=openwrt-19.07-*-initramfs-* \ --log-dhcp \ --enable-tftp \ --tftp-root=$(pwd)
$ chmod +x loader.sh
# ./loader.sh
Copy openwrt-19.07-*-initramfs-* file to your TFTP server location. Set up your BOOTP server to point to your TFTP server as the next-server and to that file as the bootfile.
Reconfigure your PC Ethernet to a static IP at 192.168.1.10
The freeware Tiny PXE server is a DHCP/TFTP server that implements the RFC951 BOOTP capability. To enable Tiny PXE's rfc951 BOOTP capabilities, rfc951=1 must be set in the [dhcp] section of the Tiny PXE config.ini file.
Select the OpenWrt initramfs file as the Boot file Filename, un-check the gPXE or iPXE Filename option, select the Option 54 IP address for the ethernet cable you have connected to the RouterBoard, and put Tiny PXE Online.
if you have problems running Tiny PXE, you may need to turn off your firewall, run Tiny PXE as administrator, or disable all other ethernet/bluetooth/wifi in Network Connections.
It is especially important to ensure only one DHCP/BOOTP/TFTP server is running on your network while attempting a netboot since BOOTP has no support for Proxy DHCP or authoritative DHCP - so be sure to disconnect from any other routers before running Tiny PXE.
Connect the ethernet 1 port of your routerboard (typically the WAN port) to a network configured to reach the DHCP/BOOTP/TFTP server that you have set up.
The RouterBoard default boot protocol is BOOTP. You can change the RouterBoot boot protocol from BOOTP to DHCP by using the COM port or RouterOS, as documented in this list of netboot methods. Warning. Not all RouterBoard devices can boot OpenWRT via DHCP.
The instructions in this wiki tend to assume you have changed the netboot protocol to DHCP since DHCP netboot is supported by all DHCP servers.
However, if you have chosen to use a DHCP/BOOTP/TFTP netboot server that supports rfc951 BOOTP such as dnsmasq or Tiny PXE (with rfc951=1 set in the [dhcp] section of the config.ini), any of these netboot methods will work fine without any changes to the Routerboot boot protocol.
When a boot protocol is set in RouterBoot, it is remembered: any of the methods here that force a netboot will then use the BOOTP or DHCP boot protocol previously selected in RouterBoot.
This method will work on all RouterBoards, including RouterBoards without a serial port. It is certainly the simplest approach to perform a netboot if using an rfc951 BOOTP-capable DHCP/BOOTP/TFTP server.
Most RouterBoard models generate a short beep when an image begins to netboot or load from flash (unless the RouterBoard has been put in 'silent mode' from the RouterBoot menu). So if you are running without a connection to the serial console COM port to view boot activity from a terminal window, you can use the beep to know when RouterBoot has successfully started to load an image (either a netboot image or the existing flash image).
If you are using dnsmasq or Tiny PXE as your netboot PXE DHCP/BOOTP/TFTP server, you can watch its information/log window to see exactly when the DHCP/BOOTP/TFTP server begins uploading the initramfs file to the RouterBoard (TFTPd:DoReadFile shows up in the information/log window): this will be the same time the RouterBoard beeps.
To enable a netboot using the Reset button:
If your RouterBoard model has a serial COM port, you can connect to it as a console terminal to netboot the routerboard via TFTP.
If your RouterBoard does NOT have a serial COM port, it may still have a COM port on the motherboard: if you try soldering a cable, the RouterBoot bootloader may or may not support that serial port.
If you cannot use your serial COM port for any reason, a simple alternative is to use a DHCP/BOOTP/TFTP server that supports rfc951 BOOTP (rather than DHCP) netboot and use the Reset button to force a netboot (see Method 1 above).
To enable a netboot using the serial COM port:
More information at: http://wiki.mikrotik.com/wiki/Manual:Netinstall#OPTIONAL:_Configuring_RouterBOARD_with_COM_port
If you have not yet installed OpenWrt onto Flash, you should reboot the routerboard via TFTP from the RouterOS web configuration interface.
Connect a PC to a LAN port (port 2...). Log into the web interface of RouterOS and set router to boot from ethernet once with DHCP:
Save
Shutdown RouterBoard and next turn power off and on (don't reboot because on some devices “System -→ Reboot” does not perform a correct TFTP boot; you must use instead “System -→ Shutdown” and unplug/replug the router). This will boot OpenWrt from TFTP once. The boot protocol setting will stay persistent across reboots, but the next reboot will be again from NAND (the bootloader resets this parameter after booting from TFTP once). Once you have installed OpenWrt, RouterOS will have been deleted, so you will need to use one of the previous methods to netboot from TFTP.
After the DHCP/BOOTP/TFTP netboot of the initramfs image, connect your PC to one of the LAN ports of your RouterBoard.
You cannot connect to the RouterBoard via WiFi with the TFTP netbooted image of OpenWrt because the initramfs version of OpenWrt has WiFi disabled.
After the RAM-based intiramfs version of OpenWrt has netbooted, you should be able to ping your RouterBoard LAN ports at IP address 192.168.1.1
If you have trouble accessing 192.168.1.1 on your RouterBoard LAN port when it is running OpenWrt, try any of the following:
After successfully using a web browser to connect to the OpenWrt LuCI web interface at 192.168.1.1:
Congratulations: you have now successfully flashed OpenWrt into your RouterBoard!
If you got problems while flashing because of (supposed) bad blocks, you could try to use the netinstall-tool from mikrotik (only windows ... ).
It will reduce the number of bad blocks. mikrotik wiki
There is also a nice netinstall-howto here.
Check if the LEDs light up according to their desired functions (eg: under RouterOS). LED configuration is found in /etc/config/system. Depending on model, OpenWrt may have initialized the LEDs correctly. If not, the model specific wiki page should explain how to configure LEDs in /etc/config/system.
By default, OpenWrt tries to set up wired/wireless interfaces so that there is one routed WAN interface which is typically the first wired ethernet port and the remaining wired ethernet port and wireless interfaces are bridged into a LAN. This setup is partially done under the hood and partially it shows up in /etc/config/network and can be seen via linux CLI commands, for example 'ifconfig -a':
br-lan this is the linux software bridge interface representing the 'lan'. It should by default have IP address 192.168.1.1. It is created by the 'config interface lan' section in /etc/config/network. The 'option ifname' lists one or more wired interfaces that are included in the bridge. The wireless interface(s) seem to be added to the bridge under the hood. Use 'brctl show' to list all interfaces bound to br-lan.
eth0, eth1,... are ethernet interfaces. They may each be attached directly to an ethernet port or to a switch. Use 'swconfig show' to see which ethernet is connected to a switch.
ethN.M is a VLAN on a switched ethernet.
If you solder the UART pins on the board, you can enable the serial console, adding this line to /etc/inittab:
ttyS0::askfirst:/bin/ash --login
You are done now with common OpenWrt procedures for routerboards. Refer to more specific instructions for your individual routerboard, then proceed to first steps with OpenWrt if you do not know them yet:
Note: Don't forget to change USER, IFNAME, IP/DHCP IP-range and file name/folder path for your needs and replace openwrt-22.03-*-initramfs-* with the appropriate filename.
#!/bin/bash USER=user IFNAME=enp1s0 /sbin/ip addr replace 192.168.1.10/24 dev $IFNAME /sbin/ip link set dev $IFNAME up /usr/sbin/dnsmasq --user=$USER \ --no-daemon \ --listen-address 192.168.1.10 \ --bind-interfaces \ -p0 \ --dhcp-authoritative \ --dhcp-range=192.168.1.100,192.168.1.200 \ --bootp-dynamic \ --dhcp-boot=openwrt-19.07-*-initramfs-* \ --log-dhcp \ --enable-tftp \ --tftp-root=$(pwd)
$ chmod +x loader.sh
# ./loader.sh
scp openwrt-*mikrotik*-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/
sysupgrade -n /tmp/openwrt-*-mikrotik*-squashfs-sysupgrade.bin
~/.ssh/known_hosts
)Installing and upgrading OpenWrt on a RouterBoard is basically just a couple steps:
The detailed 8 steps process below is updated to reflect the new 'UBI' style firmware images of version 18 OpenWrt that now make it very easy to flash the RouterBoard directly from the LuCI web interface. Many of the board-specific wiki's here in OpenWrt have yet to be updated to reflect this new, simpler process. Use this description of the Step-By-Step Installation Process to get an idea how relatively simple it is to install and upgrade OpenWrt - and feel free to give it a try since the initramfs version of OpenWrt is just a RAM image that will not affect your RouterOS if you decide NOT to flash the permanent sysupgrade.bin file into your RouterBoard. If you do flash OpenWrt into your RouterBoard, you can revert back to RouterOS at a later time using Mikrotik's NetInstall utility - as long as you saved your RouterOS license file (export your .key license file) before you permanently install (flash) OpenWrt. (For non-windows users, MikroTik claims that it runs on Linux with Wine (superuser permissions are required).
To install OpenWrt (works on all OpenWrt supported RouterBoards, using V18 or later OpenWrt):
Windows
in your PC: see below.any other OS
in your PC: see below below. sysupgrade
command.Once you have OpenWrt running, you'll probably want to reset your PC's Ethernet back to DHCP instead of the 'forced' static IP addresses you used during the install of OpenWrt.
If your model is not yet supported by trunk, you need to download compile and patch OpenWrt sources. Always check if the model specific wiki instructions could already be obsolete and the necessary patches have already been integrated before embarking into compilation.
Full instructions are at Build system – Installation. The following is a mostly a cheat sheet specifically for routerboards.
OpenWrt sources are available via two release management systems, svn and git. If the model specific instructions specified one, use that, otherwise use git (faster).
# Find/make some directory: mkdir mikrotik cd mikrotik # Get Barrier Breaker (14.07) git clone git://git.openwrt.org/14.07/openwrt.git # Alternatively, get trunk (latest build) git clone git://git.openwrt.org/openwrt.git # git created openwrt directory. All further compile commands # have to be entered from that directory cd openwrt # Patch the kernel as needed wget ... -O patchfile patch -u -p0 < patchfile # Set up compilation to build AR71XX images for routerboards as well as initramfs echo CONFIG_TARGET_ar71xx=y > .config echo CONFIG_TARGET_ar71xx_mikrotik=y >> .config echo CONFIG_TARGET_ROOTFS_INITRAMFS=y >> .config echo CONFIG_TARGET_INITRAMFS_COMPRESSION_NONE=y >> .config # make defconfig creates the rest of the config file. make defconfig # -j parallel compilation may cause problems, but usually it does not. # choose the number according to the number of your CPU cores make -j 6
Instead of creating .config manually (most easy), you can use the curses CLI (after patching)
make kernel_menuconfig -> Target = AR7XXX -> Subtarget = Mikrotik device with NAND flash -> Target Images = ramdisk'' -> save, exit # Normally you do not need this, but if there are specific kernel options required: make kernel_menuconfig # compile normally make -j 6
It can be advantageous to explicitly use the kernel configuration used to build the images on openwrt.org:
Example with 14.07:
git clone git://git.openwrt.org/14.07/openwrt.git cd openwrt # Optional, this is the commit from which stock kernels where built for 14.07. # there should be a better label for this in 14.07, but there is none. git reset --hard 14cb884013ff7034c7bdd19ba704b252095039ad # Use exactly the config as stock image: wget https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/mikrotik/config.ar71xx_mikrotik mv config.ar71xx_mikrotik .config # Patch as needed now .. # Compile make -j 6
After compilation, the images are in bin/ar71xx. Copy them to your tftp and http server location (including renaming) accordingly to tftp-boot/install them as explained before.
Warning: once you run “make”, it will copy files from the 'target' directory over to 'build_dir' directory including downloading additional software/patches. If you modify/patch files in 'target' after a 'make', those changes will not propagate into 'build_dir'. To experiment with different patches, you either need to modify files in build_dir directly, or run 'make clean' before every make run.
Routerboard bootloader settings are available in the Devicetree at /sys/firmware/mikrotik
.
For example, to see the current silent-boot setting, you can run:
# cat /sys/firmware/mikrotik/soft_config/silent_boot [off] on
and to turn it on, run echo on > /sys/firmware/mikrotik/soft_config/silent_boot
.
See http://wiki.mikrotik.com/wiki/Manual:License.
With existing RouterOS running on your RouterBoard, connect your PC to a LAN port on the RouterBoard (DHCP enabled). Use a web browser to get to the RouterOS login page (default at 192.168.88.1) and download Mikrotik WinBox from your RouterBoard onto your Windows PC. Do NOT try to use the WebFig browser interface to export your license file: it does not have the license export feature. You must use the WinBox Windows application. Execute (double click) the downloaded WinBox to run it from your PC. Use WinBox to export (save) your license .key file to your PC. This will allow you to restore/re-install RouterOS at a later time using Mikrotik's NetInstall.
If you cannot connect to the RouterBoard RouterOS on a LAN port, try resetting the RouterBoard to its default settings: that will ensure you can connect using the ether1 port. Reset the RouterBoard to its default settings by unplugging power, press the Reset button, then plug power back in and continue holding the Reset button for 5 seconds. Now set your PC to a static IP address of 192.168.88.10. Move your Ethernet cable to the ether1 (usually WAN) port on the RouterBoard and get WinBox at 192.168.88.1
If you have an old version of RouterOs/WinBox and a newer version of Windows (such as Windows 10), your WinBox may not be compatible with Windows 10. If so, upgrade your RouterOS so you get a new version of RouterOs/WinBox that is Windows 10 compatible. The latest WinBox is Windows 10 compatible, but the WinBox version must also be compatible with the RouterOS version - so that's why you should consider installing a new RouterOS .npk file (which includes WinBox) if WinBox is not working for you.
It's a good idea to save your RouterOS license .key file (export your license) before starting an install of OpenWrt.
A simple method is to use the Mikrotik WinBox Windows application, as discussed at the top of this page. Otherwise, boot RouterOS and export the key to a file:
/system license output
Then list the files on your device to see which file the .key file was saved:
/file print
On a fresh install, the key file should be #1 (or #0 on a RB433UAH).
Copy contents, alternative 1: to open the editor with file #1, type:
/file edit 1 value-name=contents
Then copy-paste the text in a file on your computer. (this alternative only support text files)
Copy contents, alternative 2: later v5 versions of RouterOS supports uploading files via the fetch command. Example:
fetch address=192.168.0.200 src-path=RJ15-ERX5.key user=ftp mode=ftp password=ftp dst-path=/pub/write/RJ15-ERX5.key upload=yes
Copy contents, alternative 3: download files from web interface. Example
http://192.168.88.1/webfig/#Files
Copy contents, alternative 4: download files via scp. Example
scp admin@192.168.88.1:/RJ15-ERX5 ./RJ15-ERX5
The differences between the obtained key file and a key exported with Winbox are that the SoftwareID line is not present in the latter, and there are no empty lines, so you should probably delete all the empty lines in your file prior to import it for a new installation; the SoftwareID line should not bother the installer (untested).
From TFTP booted OpenWrt:
cat /proc/mtd # the following expects that kernel is mtd1 and rootfs is mtd2 mkdir /mnt/kernel /mnt/rootfs mount -o ro /dev/mtdblock1 /mnt/kernel mount -o ro /dev/mtdblock2 /mnt/rootfs cd /mnt/kernel tar czf /tmp/mikrotik-kernel.tar.gz . cd /mnt/rootfs tar czf /tmp/mikrotik-rootfs.tar.gz . cd /tmp scp mikrotik* username@your-server:tmp
If you skipped this step but find you need to restore your prior version of RouterOS, you can use the Mikrotik NetInstall utility to re-install a fresh copy of RouterOS. Mikrotik does provide copies of RouterOS .npk files on their website, however you need to be sure to have saved your license key in order to use NetInstall (if NetInstall does not recognize your existing license).
Be sure to use Mikrotik WinBox to export your license key before installing OpenWrt.
/system package downgrade
command or press the “Downgrade” button at System → Packages in the web interface./system routerboard upgrade
command or press the “Upgrade” button at System → Routerboard./system routerboard print
or go to System → Routerboard in the web interface to make sure that you have the “current version” that you expect.These instructions are deprecated since wget2nand is no longer used, but left here for reference. Note “rootfs” has become “ubi” (and allow direct flashing of the NAND or NOR from the LuCI web interface) in the current OpenWrt release.
If wget2nand encounters problems, perform its steps manually from shell.
cat /proc/mtd dev: size erasesize name mtd0: 00040000 00020000 "booter" mtd1: 003c0000 00020000 "kernel" mtd2: 07c00000 00020000 "rootfs"
The following instructions assume that as shown above, kernel is /dev/mtd1 and rootfs /dev/mtd2. If these numbers are different on your model, appropriately change the following commands.
mtd erase /dev/mtd1 mtd erase /dev/mtd2 mkdir /mnt/kernel mkdir /mnt/rootfs mount /dev/mtdblock1 /mnt/kernel mount /dev/mtdblock2 /mnt/rootfs
Copy kernel & rootfs to routerboard:
scp bin/ar71xx/openwrt-ar71xx-mikrotik-vmlinux-lzma.elf root@192.168.1.1:/tmp scp bin/ar71xx/openwrt-ar71xx-mikrotik-DefaultNoWifi-rootfs.tar.gz root@192.168.1.1:/tmp
Flash kernel & rootfs
mv /tmp/openwrt-ar71xx-nand-vmlinux-lzma.elf /mnt/kernel/kernel chmod +x /mnt/kernel/kernel umount /mnt/kernel cd /mnt/rootfs tar -xvzf /tmp/openwrt-ar71xx-mikrotik-DefaultNoWifi-rootfs.tar.gz cd / umount /mnt/rootfs sync
Reboot
Router model specific pages may refer to http://patchwork.openwrt.org/patch/4773/raw/ URLs. That patchwork server was decommissioned in 2014. See https://dev.openwrt.org/ticket/17785 and https://lists.openwrt.org/pipermail/openwrt-devel/2014-December/029786.html.
The new patch server is https://patchwork.ozlabs.org. Patch numbers for the old server seemingly can not be translated to the new patchwork server so they are not accessible anymore. In general, all patches from the old patchserver should have already been integrated into trunk.
Some wiki pages claim that parallel compilation with -j N may fail OpenWrt build. This seems not to be a problem for >= 14.07 and AR71XX builds as for RouterBoards, parallel compile seems to work fine.
Some wiki pages claim that you need to put paths into the OpenWrt build tree into your .bashrc so that compilation works correctly. This does not seem to be the case anymore. No problems encountered.
Routerboard 2011 Switch Fix thread
A Detailed Example of Installing OpenWrt on a Mikrotik RB493G (V18 Style) Written by the author of many of the V18 upgrades to this wiki. Procedure should work on most RouterBoards with only a change to the selected initramfs and sysupgrade.bin file names.
Using Mikrotik NetInstall to Install RouterOS Covers the process of re-installing RouterOS after you have previously installed OpenWrt. You may need to have a copy of your RouterOS license .key file to do this (if NetInstall does not recognize your prior license)