Mi6WAN-Client-Config

Mi6WAN Client Config

These instructions are a work in progress

Understanding What Mi6WAN Is and Isn’t

Who can use it?
- Anyone with a valid Amateur Radio license can use our network

What can it be used for?
- Primarily the network is intended to serve as an emergency communications system
- Encrypted Traffic is not allowed
- Commercial traffic is prohibited

Integration With An Existing Network

Integrating Mi6WAN with an existing network is not a simple task an involves complex networking concepts and may be beyond the capabilities of your home networking equipment. These default starter configs will take a blank client modem and set the radio to connect up to our PtMP network and provide a simple router that can be connected to a computer or other router to provide access to the Mi6WAN/AMPR 44 Network

Default/Clear Client Device

Reset the device to a blank configuration with no defaults first. Once completed you can paste ether of the below configs depending on frequency of device.
```
/system reset-configuration no-defaults=yes
```

5.9Ghz Client Configuration

Paste the following config for Mi6WAN 5.9Ghz client radio devices. Make note of generated passwords

/system routerboard settings set boot-device=try-ethernet-once-then-nand
/system logging action set 3 bsd-syslog=no name=remote remote=44.15.0.13 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/system logging add action=remote disabled=no prefix="" topics=info
/system logging add action=remote disabled=no prefix="" topics=warning
/system logging add action=remote disabled=no prefix="" topics=error
/snmp set enabled=yes contact="W8CMN Mi6WAN"
/snmp community set [ find default=yes ] addresses=44.15.0.0/16,198.105.224.0/21,192.168.0.0/16 name=mi6public
/snmp community add addresses=44.15.0.0/16,192.168.0.0/16 name=hamwan
/system clock set time-zone-autodetect=no time-zone-name=America/Detroit
/system ntp client set enabled=yes primary-ntp=44.15.0.69 secondary-ntp=44.15.2.2
/ip ssh set allow-none-crypto=yes always-allow-password-login=yes forwarding-enabled=remote
/tool romon set enabled=yes secrets=W8CMN
/ip firewall filter remove [find dynamic=no]
/ip firewall address-list add address=44.15.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall address-list add address=198.105.224.0/21 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall address-list add address=192.168.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall address-list add address=10.0.0.0/8 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall address-list add address=172.16.0.0/12 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall filter add action=accept chain=input comment="Allow Mi6-Allowed-Manage List to input" dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp src-address-list=mi6-allowed-manage
/ip firewall filter add action=accept chain=input dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp src-address=44.103.0.0/16
/ip firewall filter add action=drop chain=input comment="Drop else to input chain for managment" dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp disabled=no
/ip service set telnet address="" disabled=no
/ip service set ftp address="" disabled=no
/ip service set www address="" disabled=no
/ip service set ssh address="" disabled=no
/ip service set www-ssl address="" disabled=no
/ip service set api address="" disabled=no
/ip service set winbox address="" disabled=no
/ip service set api-ssl address="" disabled=yes
/ip dhcp-server remove [find]
/ip dhcp-server network remove [find]
/ip dhcp-client remove [find]
/ip address remove [find interface~"^wlan1"]
/ip dns set allow-remote-requests=no
/user set admin password=
/user add name=w8cmn password= group=full
/file print file=key-rsa-w8cmn-mon.txt
:delay 2s
/file set key-rsa-w8cmn-mon.txt contents="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHYdheMLoSn113JriQ4k8mTfwy4i1LN/CfW1CwipR1PYrTN6xsY9OizP6O4XOdFsl3FRYBwnS9o1b6Vn1S+gD08Jkt6VjEmlfkYShsSatlTvWCiJBtyfFnqk3HW1FeVwafRXUIJMN3VsZpoMu9v5gyhqY9iy5Q4qoj1pCE/PH3TvpznBuqKYOBt+SwGybYEUIFZ3VkKd7PFK54oJXPa0ecehz40xo8xEULzzAJZ+++sJFmwaymFf9RMpiFLe5v49Wumq+OF5GoBzYIWfH0JAe+i3XV6EU7eOpnXbnFxnwXkk1RP0tj3yZpT29qHntEsk8n6IoLI3rynNuJJAZvJW9V w8cmn@mon.mi6wan.net"
:delay 10s
/user ssh-keys import public-key-file=key-rsa-w8cmn-mon.txt user=w8cmn
/interface wireless channels add band=5ghz-a/n frequency=5920 list=Mi6WAN5.9 name=Sector1-5 width=5
/interface wireless channels add band=5ghz-a/n frequency=5900 list=Mi6WAN5.9 name=Sector2-5 width=5
/interface wireless channels add band=5ghz-a/n frequency=5880 list=Mi6WAN5.9 name=Sector3-5 width=5
/interface wireless channels add band=5ghz-a/n frequency=5920 list=Mi6WAN5.9 name=Sector1-10 width=10
/interface wireless channels add band=5ghz-a/n frequency=5900 list=Mi6WAN5.9 name=Sector2-10 width=10
/interface wireless channels add band=5ghz-a/n frequency=5880 list=Mi6WAN5.9 name=Sector3-10 width=10
/snmp set location=somewhere
/ip dhcp-client add add-default-route=yes dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip address add address=192.168.88.1/24 interface=ether1
/ip pool add name=dhcp-pool ranges=192.168.88.100-192.168.88.199
/ip dhcp-server network add address=192.168.88.0/24 dns-server=44.24.244.1,44.24.245.1 gateway=192.168.88.1
/ip dhcp-server add address-pool=dhcp-pool interface=ether1 name=dhcp disabled=no
/ip firewall nat add chain=srcnat action=masquerade out-interface=wlan1
/system script add dont-require-permissions=no name=name-device owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global IDENTITY [interface wireless get wlan1 mac-address]\r\n/system identity set name=\"W8CMN-\$IDENTITY\"\r\n/interface wireless set 0 radio-name=\"W8CMN-\$IDENTITY\"\r\n"
:delay 2s
/system script run name-device
:delay 2s
/interface wireless set 0 band=5ghz-a/n channel-width=10mhz country=no_country_set disabled=no frequency=auto frequency-mode=superchannel scan-list="Mi6WAN5.9" ssid=Mi6WAN station-roaming=enabled wireless-protocol=nv2

2.397Ghz Client Configuration

Paste the following config for Mi6WAN 2.397Ghz client radio devices. Make note of generated passwords

/system routerboard settings set boot-device=try-ethernet-once-then-nand
/system logging action set 3 bsd-syslog=no name=remote remote=44.15.0.13 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/system logging add action=remote disabled=no prefix="" topics=info
/system logging add action=remote disabled=no prefix="" topics=warning
/system logging add action=remote disabled=no prefix="" topics=error
/snmp set enabled=yes contact="W8CMN Mi6WAN"
/snmp community set [ find default=yes ] addresses=44.15.0.0/16,198.105.224.0/21,192.168.0.0/16 name=mi6public
/snmp community add addresses=44.15.0.0/16,192.168.0.0/16 name=hamwan
/system clock set time-zone-autodetect=no time-zone-name=America/Detroit
/system ntp client set enabled=yes primary-ntp=44.15.0.69 secondary-ntp=44.15.2.2
/ip ssh set allow-none-crypto=yes always-allow-password-login=yes forwarding-enabled=remote
/tool romon set enabled=yes secrets=W8CMN
/ip firewall filter remove [find dynamic=no]
/ip firewall address-list add address=44.15.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall address-list add address=198.105.224.0/21 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall address-list add address=192.168.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall address-list add address=10.0.0.0/8 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall address-list add address=172.16.0.0/12 comment=mi6-allowed-manage list=mi6-allowed-manage
/ip firewall filter add action=accept chain=input comment="Allow Mi6-Allowed-Manage List to input" dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp src-address-list=mi6-allowed-manage
/ip firewall filter add action=accept chain=input dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp src-address=44.103.0.0/16
/ip firewall filter add action=drop chain=input comment="Drop else to input chain for managment" dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp disabled=no
/ip service set telnet address="" disabled=no
/ip service set ftp address="" disabled=no
/ip service set www address="" disabled=no
/ip service set ssh address="" disabled=no
/ip service set www-ssl address="" disabled=no
/ip service set api address="" disabled=no
/ip service set winbox address="" disabled=no
/ip service set api-ssl address="" disabled=yes
/ip dhcp-server remove [find]
/ip dhcp-server network remove [find]
/ip dhcp-client remove [find]
/ip address remove [find interface~"^wlan1"]
/ip dns set allow-remote-requests=no
/user set admin password=
/user add name=w8cmn password= group=full
/file print file=key-rsa-w8cmn-mon.txt
:delay 2s
/file set key-rsa-w8cmn-mon.txt contents="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHYdheMLoSn113JriQ4k8mTfwy4i1LN/CfW1CwipR1PYrTN6xsY9OizP6O4XOdFsl3FRYBwnS9o1b6Vn1S+gD08Jkt6VjEmlfkYShsSatlTvWCiJBtyfFnqk3HW1FeVwafRXUIJMN3VsZpoMu9v5gyhqY9iy5Q4qoj1pCE/PH3TvpznBuqKYOBt+SwGybYEUIFZ3VkKd7PFK54oJXPa0ecehz40xo8xEULzzAJZ+++sJFmwaymFf9RMpiFLe5v49Wumq+OF5GoBzYIWfH0JAe+i3XV6EU7eOpnXbnFxnwXkk1RP0tj3yZpT29qHntEsk8n6IoLI3rynNuJJAZvJW9V w8cmn@mon.mi6wan.net"
:delay 10s
/user ssh-keys import public-key-file=key-rsa-w8cmn-mon.txt user=w8cmn
/interface wireless channels add band=2ghz-b/g/n frequency=2397 list=Mi6WAN2.4 name=Channel-2-10 width=10
/interface wireless channels add band=2ghz-b/g/n frequency=2402 list=Mi6WAN2.4 name=Channel-1-5 width=5
/interface wireless channels add band=2ghz-b/g/n frequency=2397 list=Mi6WAN2.4 name=Channel-2-5 width=5
/interface wireless channels add band=2ghz-b/g/n frequency=2402 list=Mi6WAN2.4 name=Channel-1-10 width=10
/snmp set location=somewhere
/ip dhcp-client add add-default-route=yes dhcp-options=hostname,clientid disabled=no interface=wlan1
/ip address add address=192.168.88.1/24 interface=ether1
/ip pool add name=dhcp-pool ranges=192.168.88.100-192.168.88.199
/ip dhcp-server network add address=192.168.88.0/24 dns-server=44.24.244.1,44.24.245.1 gateway=192.168.88.1
/ip dhcp-server add address-pool=dhcp-pool interface=ether1 name=dhcp disabled=no
/ip firewall nat add chain=srcnat action=masquerade out-interface=wlan1
/system script add dont-require-permissions=no name=name-device owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global IDENTITY [interface wireless get wlan1 mac-address]\r\n/system identity set name=\"W8CMN-\$IDENTITY\"\r\n/interface wireless set 0 radio-name=\"W8CMN-\$IDENTITY\"\r\n"
:delay 2s
/system script run name-device
:delay 2s
/interface wireless set 0 band=2ghz-b/g/n channel-width=10mhz country=no_country_set disabled=no frequency=auto frequency-mode=superchannel scan-list="Mi6WAN2.4" ssid=Mi6WAN station-roaming=enabled wireless-protocol=nv2