Adding OpenWrt support for Mikrotik hAP ac 3 [RBD53iG-5HacD2Hn]

I tried but that did not work. The device successfully passed DHCP, downloaded the file via TFTP, but I was never able to reach it on the OWRT default IP. Have no serial access yet, so cant confirm what went wrong.

FYI,this is a hAP ac³ LTE6 kit version but as to my knowledge it is exactly the same as the hAP ac³ plus a mini-PCI port. So theoretically it should boot with the hAP ac³ initramfs image.

MOD: after adding serial, this is what I see:

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.1-00096
S - IMAGE_VARIANT_STRING=DAABANAZA
S - OEM_IMAGE_VERSION_STRING=CRM
S - Boot Config, 0x00000021
S - Core 0 Frequency, 0 MHz
B -       262 - PBL, Start
B -      1341 - bootable_media_detect_entry, Start
B -      1682 - bootable_media_detect_success, Start
B -      1697 - elf_loader_entry, Start
B -      5104 - auth_hash_seg_entry, Start
B -      7269 - auth_hash_seg_exit, Start
B -    577861 - elf_segs_hash_verify_entry, Start
B -    694158 - PBL, End
B -    694183 - SBL1, Start
B -    782768 - pm_device_init, Start
D -         6 - pm_device_init, Delta
B -    784289 - boot_flash_init, Start
D -     45976 - boot_flash_init, Delta
B -    834463 - boot_config_data_table_init, Start
D -      3864 - boot_config_data_table_init, Delta - (419 Bytes)
B -    841647 - clock_init, Start
D -      7561 - clock_init, Delta
B -    853733 - CDT version:2,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0
B -    857221 - sbl1_ddr_set_params, Start
B -    862207 - cpr_init, Start
D -         2 - cpr_init, Delta
B -    866699 - Pre_DDR_clock_init, Start
D -         4 - Pre_DDR_clock_init, Delta
D -     13147 - sbl1_ddr_set_params, Delta
B -    879977 - pm_driver_init, Start
D -         2 - pm_driver_init, Delta
B -    951827 - sbl1_wait_for_ddr_training, Start
D -        30 - sbl1_wait_for_ddr_training, Delta
B -    967591 - Image Load, Start
D -    143575 - QSEE Image Loaded, Delta - (267732 Bytes)
B -   1111668 - Image Load, Start
D -      1445 - SEC Image Loaded, Delta - (2048 Bytes)
B -   1121955 - Image Load, Start
D -     16696 - APPSBL Image Loaded, Delta - (29260 Bytes)
B -   1139070 - QSEE Execution, Start
D -        58 - QSEE Execution, Delta
B -   1145198 - SBL1, End
D -    453125 - SBL1, Delta
S - Flash Throughput, 1853 KB/s  (299459 Bytes,  161589 us)
S - DDR Frequency, 672 MHz

Event when the TFTP upload of the initramfs file is done, nothing changes on the serial output.

MOD2: after changing the boot order from try-nand_then_ethernet to try_ethernet_then_nand the unit booted to initramfs successfully.

Next question is if I can just sysupgrade the unit? this is the mtd table:

root@OpenWrt:/tmp# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00080000 00010000 "Qualcomm"
mtd1: 00080000 00010000 "RouterBoot"
mtd2: 00002000 00010000 "hard_config"
mtd3: 00007e24 00010000 "dtb_config"
mtd4: 00001000 00010000 "soft_config"

Can i use this for flashing ROS > V6.46.6 ? Any other way ?

If you have any working OpenWRT devices already (this isn't your first to flash), the tftp server built into stock OpenWRT already handles booting newer Mikrotik devices just fine. It supports bootp (the ancient technology Mikrotik uses instead of DHCP booting) right out of the box. I've done that for ages, and didn't even realize/notice there was an issue with flashing the newer firmwares for over a year.

Unfortunately that's no help if this is your first OpenWRT device, but if it's not, that's very much the way to go.

1 Like

There is a solution for windows:

This modified tftpd64 does bootp and tftp so it can be used to feed OWRT initramfs (or other) images to MikroTik devices. Important thing is to make sure the device is on version 6 ROS and bootloader, and not version 7.

1 Like

RBwAPG-5HacD2HnD r3 6.46.8
Linux OpenWrt 5.10.138 #0 SMP Sat Sep 3 02:55:34 2022 armv7l GNU/Linux
ipq40xx/mikrotik arm_cortex-a7_neon-vfpv4'
'OpenWrt 22.03.0 r19685-512e76967f'

What i needed to do additionaly is set MAC<>IP mapping for dnsmasq

and bootp server IP and filename:

Flashing works also with RouterOS > 6.46.6

Got a better solution

just add

bootp-dynamic

to /etc/dnsmasq.conf

and dnsmasq dhcp/bootp will also serve bootp requests:

daemon.info dnsmasq-dhcp[1]: BOOTP(br-lan) 192.168.1.102 2c:c8:1b:6e:XX:XX
daemon.info dnsmasq-tftp[1]: sent /tmp/tmp/owrt.bin to 192.168.1.102

hope this helps someone with MikroTik APs that want to switch from RouterOS to OWRT.

1 Like

I just bricked my hap ac3 lte6-kit.

I had such mtd table:

root@OpenWrt:/tmp# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00080000 00010000 "Qualcomm"
mtd1: 00080000 00010000 "RouterBoot"
mtd2: 00002000 00010000 "hard_config"
mtd3: 00007e24 00010000 "dtb_config"
mtd4: 00001000 00010000 "soft_config"

I loaded latest build via netboot, and did

ubidetach -m 1
ubiformat /dev/mtd1 -y 
ubiattach -m 1
sysupgrade -v openwrt-ipq40xx-mikrotik-mikrotik_hap-ac3-squashfs-nand-sysupgrade.bin

After that, after boot ac3 turn on all lights. There is no packets send on any interface, reset for 5, 10, 15 and 300 seconds does not help.

Is there any option to unbrick it?

First of all, you are in the wrong topic.

https://forum.openwrt.org/t/adding-support-for-mikrotik-hap-ac3-lte6-kit-d53gr-5hacd2hnd/

Second, you loaded the wrong image, with the wrong method. The Hap AC3 is not completely the same as at Hap AC3 LTE6 kit. You need to recover to ROS version 6 via netboot, and then start again based on the commit message of the LTE6 kit and NOT the one you mentioned.

Thank you, you are true.

The only on issue is that mikrotik does not send any packets at all. Netboot is not working. Is there any other options?

For Netinstall, you need to press the reset button for a long time while you are turning the router on. Firs the LED starts as solid blue, then goes to blinking green, then green, then solid blue, this is the point where you can release the reset button. And it only works on Port 1 I believe. And you need to connect the router to the laptop or PC via a single port and if you have multiple network cards, you need to disable them (wifi included), and you need to start Netinstall.exe as administrator.

mtd1: 00080000 00010000 "RouterBoot"
ubiformat /dev/mtd1 -y

well, if i get it right, you killed the loader, so i am afraid there is no more option left

1 Like

Yeah, looks like. Going to service. Thanks 4 all.

Hi there,

I have just converted my hap ac3 to openwrt but i'm facing a few issues I can't find much info about. In routerOS I was using port5 as POE out and WAN ( connected to ptp link ) It seems I can't adjust and config individual ports in OpenWrt as I could with routerOS.

The main reason I'm moving to OpenWRT is I could not see connected devices host names and IPs and easily set static DHCP for all my IOT/Smarthome devices, without a bunch of scripts etc or manually recording each devices mac address etc

OpenWRT nicely lists all this and can set static dhcp etc which is great. I will be setting up 2x wireless VLANs for the iot devices, one VLAN will have internet access and the other blocked completely. ( some devices like to talk to cloud services )

But first thing first is to get my network back up and running correctly, in the mean time I'm using a POE injector and standard WAN until I can change port5 to WAN and POE out. I have searched through the DOCs and can't find anything about changing WAN port to a switch port or splitting up all the swith0 ports etc I even did a search and got 0 results for POE, surely this would just be under the port config and simple enable button or something. I found the POE led option in LED configuration.

I'm new to OpenWRT sorry if this is simple but I did try searching first. Hope I don't have to go back to routerOS

Thanks!

You might be able to do this with switch_vlans in /etc/config/network, but it would be easier to use a snapshot image, where this is already done by the new and much improved ipq40xx switch driver.

This is in /etc/config/system as poe_passtrough, just beware it is on, or off. There is no code built in to hook up auto functionality of passive-poe-capable device connected, turn poe on.

I do not use the webUI, so have no idea where/if anything would be on it.

Hi @johnth

Do you know when this will be available in a main release? I will just leave POE adapter hanging down the wall in the mean time. I was under the impression the snapshots have no gui etc?

Is there plans to have auto functionality? I will check out and use manual function if need be, not point until I can set port5 as the WAN

Edit: I did just upgrade to the latest stable release, but no change to the switch settings or selecting the ports, here is a link to the version I used, was only update a few days ago:

https://downloads.openwrt.org/releases/22.03.3/targets/ipq40xx/mikrotik/

Thanks for your help

I have been trying to follow some tutorials online, for example: https://www.youtube.com/watch?v=FgMnPE3CYo4 but I seem to be missing the WAN port. I can't even get it going using normal wan port as shown in the PIC.

If I change my VLAN2 to use LAN4 untagged and plug into LAN4 I get a connection and DHCP client connects and gets IP etc But can not get it to work correctly on WAN Port/LAN 0 ( HAP AC3 has 5 ports ) Is eth0 port 1? Is this an issue that it's shared with CPU or something?

This will be months, minimum, there is still work to do (on other targets) before the next release can be branched off.

correct, but you can install it through ssh (opkg update; opkg install luci), or have an image built with it included (add luci to then end of Customize installed packages) in the web firmware builder: https://firmware-selector.openwrt.org/?version=SNAPSHOT&target=ipq40xx%2Fmikrotik&id=mikrotik_hap-ac3
usually most trouble for snapshot users is that the kernel module packages don't stay around long, so install them soon if you need them, or update to a newer snapshot if you find something you missed weeks later.

I don't know of anyone working on mikrotik auto passive poe. libgpiod gpiomon is a good start as an example. As a dirty hack, could probably run a polling shell script watching the passive-poe-compat GPIO, if it goes up, powerup the PoE output GPIO, and powerdown PoE on poe-compat down.

It might be eth1 for wan port? Seems that is what the add-support commit says, but I don't remember what the old opinionated qcom driver did, and don't have any devices still running it.

Hi @johnth

Thanks for your help, the snapshot works 100% better, I have all the interfaces available and I plugged in the WAN and it just worked. I have noticed the way todo VLANs has changed and watched updated vid on how to set all that up.

Just a quick question for you if you have time. Basically my setup is Starlink at Main house and have wireless ptp link to 2nd house which connects to this router via WAN. I would ideally like it to still be part of the main network in the house, can access stuff in main house lan and same with second house lan etc

The issues is the DHCP I still want it to act as router in second house and not a dumb access point. If I setup this router to be 192.168.1.2 and main starlink router is 192.168.1.1 this works and I have all access, but the clients connected to OpenWRT don't get DHCP lease so I can't set them as static, see there host names, ips etc they just show up with question mark. I have moved the DHCP range to prevent conflicts with starlink DHCP server. I have also told OpenWRT lan to use 192.168.1.2 as DNS server and no gateway. I have then forwarded the DNS request to 192.168.1.1 But the OpenWRT clients are still using 192.168.1.1 as there DNS.

If I change to complete different subnet (192.168.10.0/24) the DHCP works correctly and I can still access the 192.168.1.1 network, but I can't reach my 192.168.10.0/24 from 192.168.1.0/24 network. I ideally want it all to be on same network so casting and auto discovery and server stuff still work.

Great.

Yes, this gets tricky.
I am happy to try to help. Best to create a new forum topic, tag me there, and maybe include a diagram, as we don't want to talk about things which are not exclusive to hap ac3 here.
I usually build a subnet for each (remote) outbuilding, then set up routing (and firewall access) between them, but you have many options.