Mi6WAN Client Config

These instructions are a work in progress

Understanding What Mi6WAN Is and Isn’t

  • Who can use it?
    • Anyone with a valid Amateur Radio license can use our network
  • What can it be used for?
    • Primarily the network is intended to serve as an emergency communications system
    • Encrypted Traffic is not allowed
    • Commercial traffic is prohibited

Integration With An Existing Network

Integrating Mi6WAN with an existing network is not a simple task an involves complex networking concepts and may be beyond the capabilities of your home networking equipment. These default starter configs will take a blank client modem and set the radio to connect up to our PtMP network and provide a simple router that can be connected to a computer or other router to provide access to the Mi6WAN/AMPR 44 Network

Default/Clear Client Device

  • Reset the device to a blank configuration with no defaults first. Once completed you can paste ether of the below configs depending on frequency of device.
    /system reset-configuration no-defaults=yes
  • 5.9Ghz Client Configuration

  • Paste the following config for Mi6WAN 5.9Ghz client radio devices. Make note of generated passwords
    /system routerboard settings set boot-device=try-ethernet-once-then-nand
    /system logging action set 3 bsd-syslog=no name=remote remote=44.103.0.13 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
    /system logging add action=remote disabled=no prefix="" topics=info
    /system logging add action=remote disabled=no prefix="" topics=warning
    /system logging add action=remote disabled=no prefix="" topics=error
    /snmp set enabled=yes contact="W8CMN Mi6WAN"
    /snmp community set [ find default=yes ] addresses=44.103.0.0/16,44.15.0.0/16,198.105.224.0/21,192.168.0.0/16 name=mi6public
    /snmp community add addresses=44.103.0.0/16,44.15.0.0/16,192.168.0.0/16 name=hamwan
    /system clock set time-zone-autodetect=no time-zone-name=America/Detroit
    /system ntp client set enabled=yes primary-ntp=44.103.0.31 secondary-ntp=198.105.224.25
    /ip ssh set allow-none-crypto=yes always-allow-password-login=yes forwarding-enabled=remote
    /tool romon set enabled=yes secrets=W8CMN
    /ip firewall filter remove [find dynamic=no]
    /ip firewall address-list add address=44.103.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=44.15.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=198.105.224.0/21 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=192.168.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=10.0.0.0/8 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=172.16.0.0/12 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall filter add action=accept chain=input comment="Allow Mi6-Allowed-Manage List to input" dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp src-address-list=mi6-allowed-manage
    /ip firewall filter add action=accept chain=input dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp src-address=44.103.0.0/16
    /ip firewall filter add action=drop chain=input comment="Drop else to input chain for managment" dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp disabled=no
    /ip service set telnet address="" disabled=no
    /ip service set ftp address="" disabled=no
    /ip service set www address="" disabled=no
    /ip service set ssh address="" disabled=no
    /ip service set www-ssl address="" disabled=no
    /ip service set api address="" disabled=no
    /ip service set winbox address="" disabled=no
    /ip service set api-ssl address="" disabled=yes
    /ip dhcp-server remove [find]
    /ip dhcp-server network remove [find]
    /ip dhcp-client remove [find]
    /ip address remove [find interface~"^wlan1"]
    /ip dns set allow-remote-requests=no
    /user set admin password=
    /user add name=w8cmn password= group=full
    /file print file=key-rsa-w8cmn-mon.txt
    :delay 2s
    /file set key-rsa-w8cmn-mon.txt contents="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHYdheMLoSn113JriQ4k8mTfwy4i1LN/CfW1CwipR1PYrTN6xsY9OizP6O4XOdFsl3FRYBwnS9o1b6Vn1S+gD08Jkt6VjEmlfkYShsSatlTvWCiJBtyfFnqk3HW1FeVwafRXUIJMN3VsZpoMu9v5gyhqY9iy5Q4qoj1pCE/PH3TvpznBuqKYOBt+SwGybYEUIFZ3VkKd7PFK54oJXPa0ecehz40xo8xEULzzAJZ+++sJFmwaymFf9RMpiFLe5v49Wumq+OF5GoBzYIWfH0JAe+i3XV6EU7eOpnXbnFxnwXkk1RP0tj3yZpT29qHntEsk8n6IoLI3rynNuJJAZvJW9V w8cmn@mon.mi6wan.net"
    :delay 10s
    /user ssh-keys import public-key-file=key-rsa-w8cmn-mon.txt user=w8cmn
    /interface wireless channels add band=5ghz-a/n frequency=5920 list=Mi6WAN5.9 name=Sector1-5 width=5
    /interface wireless channels add band=5ghz-a/n frequency=5900 list=Mi6WAN5.9 name=Sector2-5 width=5
    /interface wireless channels add band=5ghz-a/n frequency=5880 list=Mi6WAN5.9 name=Sector3-5 width=5
    /interface wireless channels add band=5ghz-a/n frequency=5920 list=Mi6WAN5.9 name=Sector1-10 width=10
    /interface wireless channels add band=5ghz-a/n frequency=5900 list=Mi6WAN5.9 name=Sector2-10 width=10
    /interface wireless channels add band=5ghz-a/n frequency=5880 list=Mi6WAN5.9 name=Sector3-10 width=10
    /snmp set location=somewhere
    /ip dhcp-client add add-default-route=yes dhcp-options=hostname,clientid disabled=no interface=wlan1
    /ip address add address=192.168.88.1/24 interface=ether1
    /ip pool add name=dhcp-pool ranges=192.168.88.100-192.168.88.199
    /ip dhcp-server network add address=192.168.88.0/24 dns-server=44.24.244.1,44.24.245.1 gateway=192.168.88.1
    /ip dhcp-server add address-pool=dhcp-pool interface=ether1 name=dhcp disabled=no
    /ip firewall nat add chain=srcnat action=masquerade out-interface=wlan1
    /system script add dont-require-permissions=no name=name-device owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global IDENTITY [interface wireless get wlan1 mac-address]\r\n/system identity set name=\"W8CMN-\$IDENTITY\"\r\n/interface wireless set 0 radio-name=\"W8CMN-\$IDENTITY\"\r\n"
    :delay 2s
    /system script run name-device
    :delay 2s
    /interface wireless set 0 band=5ghz-a/n channel-width=10mhz country=no_country_set disabled=no frequency=auto frequency-mode=superchannel scan-list="Mi6WAN5.9" ssid=Mi6WAN station-roaming=enabled wireless-protocol=nv2
  • 2.397Ghz Client Configuration

  • Paste the following config for Mi6WAN 2.397Ghz client radio devices. Make note of generated passwords
    /system routerboard settings set boot-device=try-ethernet-once-then-nand
    /system logging action set 3 bsd-syslog=no name=remote remote=44.103.0.13 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
    /system logging add action=remote disabled=no prefix="" topics=info
    /system logging add action=remote disabled=no prefix="" topics=warning
    /system logging add action=remote disabled=no prefix="" topics=error
    /snmp set enabled=yes contact="W8CMN Mi6WAN"
    /snmp community set [ find default=yes ] addresses=44.103.0.0/16,44.15.0.0/16,198.105.224.0/21,192.168.0.0/16 name=mi6public
    /snmp community add addresses=44.103.0.0/16,44.15.0.0/16,192.168.0.0/16 name=hamwan
    /system clock set time-zone-autodetect=no time-zone-name=America/Detroit
    /system ntp client set enabled=yes primary-ntp=44.103.0.31 secondary-ntp=198.105.224.25
    /ip ssh set allow-none-crypto=yes always-allow-password-login=yes forwarding-enabled=remote
    /tool romon set enabled=yes secrets=W8CMN
    /ip firewall filter remove [find dynamic=no]
    /ip firewall address-list add address=44.103.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=44.15.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=198.105.224.0/21 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=192.168.0.0/16 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=10.0.0.0/8 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall address-list add address=172.16.0.0/12 comment=mi6-allowed-manage list=mi6-allowed-manage
    /ip firewall filter add action=accept chain=input comment="Allow Mi6-Allowed-Manage List to input" dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp src-address-list=mi6-allowed-manage
    /ip firewall filter add action=accept chain=input dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp src-address=44.103.0.0/16
    /ip firewall filter add action=drop chain=input comment="Drop else to input chain for managment" dst-port=21,22,23,80,443,8080,8291,8728,8728 protocol=tcp disabled=no
    /ip service set telnet address="" disabled=no
    /ip service set ftp address="" disabled=no
    /ip service set www address="" disabled=no
    /ip service set ssh address="" disabled=no
    /ip service set www-ssl address="" disabled=no
    /ip service set api address="" disabled=no
    /ip service set winbox address="" disabled=no
    /ip service set api-ssl address="" disabled=yes
    /ip dhcp-server remove [find]
    /ip dhcp-server network remove [find]
    /ip dhcp-client remove [find]
    /ip address remove [find interface~"^wlan1"]
    /ip dns set allow-remote-requests=no
    /user set admin password=
    /user add name=w8cmn password= group=full
    /file print file=key-rsa-w8cmn-mon.txt
    :delay 2s
    /file set key-rsa-w8cmn-mon.txt contents="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHYdheMLoSn113JriQ4k8mTfwy4i1LN/CfW1CwipR1PYrTN6xsY9OizP6O4XOdFsl3FRYBwnS9o1b6Vn1S+gD08Jkt6VjEmlfkYShsSatlTvWCiJBtyfFnqk3HW1FeVwafRXUIJMN3VsZpoMu9v5gyhqY9iy5Q4qoj1pCE/PH3TvpznBuqKYOBt+SwGybYEUIFZ3VkKd7PFK54oJXPa0ecehz40xo8xEULzzAJZ+++sJFmwaymFf9RMpiFLe5v49Wumq+OF5GoBzYIWfH0JAe+i3XV6EU7eOpnXbnFxnwXkk1RP0tj3yZpT29qHntEsk8n6IoLI3rynNuJJAZvJW9V w8cmn@mon.mi6wan.net"
    :delay 10s
    /user ssh-keys import public-key-file=key-rsa-w8cmn-mon.txt user=w8cmn
    /interface wireless channels add band=2ghz-b/g/n frequency=2397 list=Mi6WAN2.4 name=Channel-2-10 width=10
    /interface wireless channels add band=2ghz-b/g/n frequency=2402 list=Mi6WAN2.4 name=Channel-1-5 width=5
    /interface wireless channels add band=2ghz-b/g/n frequency=2397 list=Mi6WAN2.4 name=Channel-2-5 width=5
    /interface wireless channels add band=2ghz-b/g/n frequency=2402 list=Mi6WAN2.4 name=Channel-1-10 width=10
    /snmp set location=somewhere
    /ip dhcp-client add add-default-route=yes dhcp-options=hostname,clientid disabled=no interface=wlan1
    /ip address add address=192.168.88.1/24 interface=ether1
    /ip pool add name=dhcp-pool ranges=192.168.88.100-192.168.88.199
    /ip dhcp-server network add address=192.168.88.0/24 dns-server=44.24.244.1,44.24.245.1 gateway=192.168.88.1
    /ip dhcp-server add address-pool=dhcp-pool interface=ether1 name=dhcp disabled=no
    /ip firewall nat add chain=srcnat action=masquerade out-interface=wlan1
    /system script add dont-require-permissions=no name=name-device owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global IDENTITY [interface wireless get wlan1 mac-address]\r\n/system identity set name=\"W8CMN-\$IDENTITY\"\r\n/interface wireless set 0 radio-name=\"W8CMN-\$IDENTITY\"\r\n"
    :delay 2s
    /system script run name-device
    :delay 2s
    /interface wireless set 0 band=2ghz-b/g/n channel-width=10mhz country=no_country_set disabled=no frequency=auto frequency-mode=superchannel scan-list="Mi6WAN2.4" ssid=Mi6WAN station-roaming=enabled wireless-protocol=nv2