my tildelog

a blog about tildes

How (not) to setup a router, the continuing misadventures of a fearless maaneeack

March 08, 2023 — ~maaneeack

Last year I picked up a Mikrotik hAP ac3 to replace a semi-dying Archer C7 by TP-Link. I tried setting it up with my WISP, and couldn't get it to work. Numerous resets, several nights of fruitless toil and irrtation lead me to shelve it. Especially since the C7 started to behave again. It's running dd-wrt for anyone interested.

Fast forward to last weekend. I found out dishnetwork got hacked by a random youtube video suggestion. Their site and phones are unusable, you can't contact them at all. I've been trying to get away from them for several years now but my family watches stuff on it. This was the final straw. I put in a stop payment with my bank, froze my credit and called the WISP to get my speed upgraded.

But what's that got to do with a router?! I hear you ask. Everything, I decided to see if I couldn't get that stupid hap ac3 working this time. I was trained on NT4 and Cisco, IIS and Windows Server 2000. I can get this thing working, unless it was a dud.

So I started messing with it sunday night. I'm off on sunday & monday nights, so I had all night to work on it and get it set up. I played BitBurner and watched videos for a while instead. Then I got to work.

[Why is obsidian formatting this text when I try to double space between these word-vomits?!]

I hooked it into my router using port 3 on the Mikrotik and started it up. Then I reset it because I forgot how I left it, might as well start fresh. Then I tried to connect following the quickstart guide. It was a struggle, this thing was being flaky as hell. So I reset it again. Then I got into via webfig, set the quickstart and promptly fucked it up by clicking on something too quickly. The webfig was saving/loading and I didn't notice, so I reset it again. See a pattern?

After the 3rd or 4th reset, I started counting them in a slack channel I'm in with some old friends. Regaling them with my technical escapades. You're there thinking I'm shit with tech. I'm here telling you yes I am, but I'm also good with tech and stubborn as hell to boot. It works out, mostly. I finally get winbox connected and get the firmware updated on the router. It works much better, and there's less botnet chances now. But now I'm not getting an IP from it, only IPv6 and it won't reconnect to webfig, app or winbox.

Dear reader, I mentioned I'm stubborn already right? I was trying to bridge the router to my Archer to set it up and play with it. That was dumb and I was dumb to fight it for as long as I did on Sunday...into Monday morning. Once I stopped trying that (after at least two more reboots mind you), I plugged my WAN in. It just fucking worked. I struggled for a few days early last year with that thing. And it just. fucking. worked. this time. I'm guessing it was the firmware update, but who knows.

So it's working, I'm happily following the Mikrotik setup guide and random stuff from bing's AI chat and youtube. Now I'm having an issue with the ssh key pair not logging me automatically without -i identity file, because I gave it a name and didn't give it the ~/.ssh/ bit before the name. Since it worked, and regenerating the key was annoying, I moved the keys to the .ssh folder, setup a host in my ssh config file and just ssh mikrotik to login now. Great, no resets there. I've been fiddling with this thing for the better part of six hours by this time. Where does the time go?

By this point I've got it set up, got it working and am poking around and skipping around the tutorial and asking AIBingchat more questions about things I'm stuck on. I spend an hour trying to get www-ssl working and trying to use a domain locally. I install certbot in wsl2 and try (fail, a lot) to generate a key for a domain I decided to buy and use. Spoiler: I can't use it.

I set up hosting on Dreamhost for the URL and got a certificate for it. It doesn't work. I go to bed!

After an eventful weekend it it seemed to be working fine. I work from home so I started work on Tuesday evening and we're good. I emailed my WISP on Monday to see if their resident Mikrotik guru had any config settings/tips as the speeds were a little slower on this one. During my shift I'm looking through the Firewall guide on Mikrotik's site and seeing what I can do to harden it. Do you see what's about to happen? The self-inflicted gaping wound I'm about to suffer?

I add some rules for ICMP, no problem. A few hours later I have a minute and it's just about time for my break so I add a few more rules from the guide. I hit enter on the last command that didn't go from my paste and hell followed it. The ssh session stops working, things disconnect left and right, I've got fifteen minutes to sort it out. I fight with winbox and the phone app, try DHCP on my ethernet connection after static failed. Nothing. I swap the Archer back in and end up about three minutes late from my break. Then I lock myself out of the phone system we use, so I have to wait 15 minutes to try again.

Suffice it to say, I'm not done yet! Now that work is done, I'm trying IPv6 on my ethernet to see if I can connect to the router. The rules were all for IPv4, so maybe I can avoid another (7th? 8th?) reset. I do have a working backup of the config from Monday night at least, so I won't be a square one. RouterOS seems a little daunting at first, but once you get the hang of their console and getting around webfig or winbox, it's pretty nice.

PS: IPv6 didn't work, reset the router & restored the backup, set up an emergency access port and have a new backup.


November 23, 2022 — ~maaneeack
  • start at bulleted list
  • add things to it
  • I read two chapters & the prologue of Consider Phlebas by Iain M. Banks yesterday morning
  • thing four

tags: keep-this-tag-format, tags-are-optional, beware-with-underscores-in-markdown, example