The Case Of The Satellite Hacked Router

So I just finished writing up the install of using a Mikrotik router, installing OpenWRT, and channel bonding Starlink with 2 DSL. If you get a chance, please https://www.agilicus.com/starlink-bond-zero-trust/ check it out (and while you are there, hit that bell icon in the bottom right!)

I thought I would explain a bit more about the Mikrotik OpenWRT bit. The router I chose was the hEX S. its a 5 port 1GE, and 1 SFP device. It comes with Mikrotik’s OS, which I guess if you know, maybe you love. I neither know nor love it. So, OpenWRT on it goes.

The upgrade to OpenWRT was not complex, but took forever. You setup a DHCP config file, a TFTP server. You then power it on holding a button, wait for a beep, and release. Or so it says. In practice, you have to release the button at a very specific time which is pre-beep. Eventually, loaded.

These devices are good value. ~ $50, 5 x 1G, modern routing OS. The throughput is not stellar, i benchmarked it out to about 600Mbps, so I think maybe its not ideal for everyone. Still, it will fit this bill.

The application here was to, if Starlink is up, use it, else load balance across 2 DSL links. But now that I got the taste for the OpenWRT on non-wifi router… I’m thinking of bigger upgrade plans at home!

Anyway, read the details here and, as always, comments appreciated.


Posted

in

by

Tags:

Comments

3 Responses to “The Case Of The Satellite Hacked Router”

  1. Jayme Snyder

    I know RouterOS pretty well. Not only will (some version of) it reliably do almost everything you could ever want to do (Dynamic ACLs, Basic DPI) and everything you didn’t (PPPoE over VPLS over WiFi as either client or RAS), it has almost no support.
    It’s interface is very easy to walk someone through and use masking the big GPL violation hiding underneath it.
    The way they gave iptables an interface is beautiful. I hope someone copies that.
    Until then, my friends will continue to ask me “how do I do x in mikrotik” and I will show them…
    This is actually a really easy problem to solve in mikrotik… just set the DSL link as a higher metric and use “check-gateway ping” on the lower metric starlink route.
    You can use mark routing mangle rules to also force low value or backdoor traffic through the DSL link’s rout..
    And of course mikrotik supports multi-link PPP and can even bridge the PPP from the DSL to one of the other interface. Oh if you have bell fibe, the GPON SFP will fit a few of the routerboards and you just need to make the pppoe connection on the right vlan subinterface…

  2. Jayme Snyder

    Also the upgrade procedure to openwrt can be very quick with another mikrotik running routeros because it’s trivial to use it as a tftp and dhcp server…
    It supports custom DHCP options right from the UI… these options can apply to the scope or specific lease.

    1. db

      the dhcp/tftp was not the issue, it was the “guessing when is the right time to let this button up’ to cause the mikrotik to issue that fetch.

Leave a Reply

Your email address will not be published. Required fields are marked *