I am trying to configure a static route on my Mikrotik HAP AC lite, but it doesn't seem to take.
Current Version: 3.24.10.0
Hardware Type: (ath79/mikrotik) mikrotik (routerboard-952ui-5ac2nd)
I first added the route by hand and it worked perfectly. It shows up in the routing table and I can send packets over it:
Current Version: 3.24.10.0
Hardware Type: (ath79/mikrotik) mikrotik (routerboard-952ui-5ac2nd)
I first added the route by hand and it worked perfectly. It shows up in the routing table and I can send packets over it:
root@w6dlk-hap-private:~# route add -net 192.168.169.0 netmask 255.255.255.0 gw 10.242.70.99 br-lan root@w6dlk-hap-private:~# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 172.19.9.1 0.0.0.0 UG 0 0 0 br-wan 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 br-dtdlink 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 wlan1 10.242.70.96 0.0.0.0 255.255.255.248 U 0 0 0 br-lan 172.19.9.0 0.0.0.0 255.255.255.0 U 0 0 0 br-wan 192.168.169.0 10.242.70.99 255.255.255.0 UG 0 0 0 br-lan root@w6dlk-hap-private:~# ping 192.168.169.1 PING 192.168.169.1 (192.168.169.1): 56 data bytes 64 bytes from 192.168.169.1: seq=0 ttl=64 time=1.769 ms 64 bytes from 192.168.169.1: seq=1 ttl=64 time=1.276 ms 64 bytes from 192.168.169.1: seq=2 ttl=64 time=1.732 ms ^C --- 192.168.169.1 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 1.276/1.592/1.769 ms
I know this won't persist across a reboot, wo I edited /etc/aredn_include/static_routes and appended:
config route 'openvpn'
option interface 'br-lan'
option target '192.168.169.0/24'
option netmask '255.255.255.0'
option gateway '10.242.70.99'
I then rebooted the node. It didn't show up in the routing table, and of course wouldn't pass packets. I also tried adding it to /etc/config/network and rebooted with the same result. What am I doing wrong?
Thanks!
--Dave
Thanks!
--Dave
Nobody else dropped you a reply, so I'll give it a shot.
To answer your original question directly, I'm not sure if the change you're attempting to make is possible without custom firmware. AREDN builds are largely immutable for reliability, so the changes you're attempting to make not saving across reboots tracks with my understanding of its design.
I think the question we might need to ask is: are there alternative ways to accomplish this networking operation within the firmware constraints?
If 192.168.169.0/24 is a local subnet reachable on LAN, you can get to if from AREDN using layer 2 routing, so a defined static route to a VPN tunnel isn't necessary. Traffic will reach your router on layer 2, then pass to other subnets/VLANs using the subnet's default gateway. If it's not a local subnet, you can accomplish the same idea with a Wireguard or OpenVPN tunnel external to AREDN where you can properly define static routes on your home network.