There are some things I need in order to effectively use these devices as CPE. I’d love to see these on the roadmap as future features, or see some peoples workarounds or means of doing what I’m doing.
Basically what I’m looking for is to treat the routers the same way a cable modem or an ATA is treated. They should be able to pull configs on restart from a provisioning server in a secure way.
- effective random in scripts and/or random time option for scheduler
- I need this so I can make the CPE phone home at different times rather than doing it all at once
- crypto in scripts or crypto verification/decryption of downloaded files
- I need this so I can fetch a config file to the device, decrypt it and apply it. Without this my only secure means of provisioning is to push configs via ssh (I looked at the API and it doesn’t look like it’s encrypted)
It’s preferable that they pull the configs via fetch when they checkin because you can kill a device to the point where sshing to it doesn’t work but fetching from it still works. In those circumstances I want the router to still accept updates.
- open sourced flashfig, or instructions on how to flashfig with a normal DHCP and tftp server
- It’s just asinine that all the devices run Linux but require you to have a windows server to provision them. I’ve read that Mikrotik says not many people complain about this, but I strongly suspect there is a silent majority of people who just never create a forum account to complain about it.
The design of the flashfig software requires the mikrotik be on the same subnet as the provisioning host. DHCP and tftp don’t have these limitations.
The design of the software requires you only plugin one router at a time, forcing you to provision your devices serially. DHCP and tftp don’t have these limitations.
I strongly suspect that open source DHCP and tftp would work fine, and would overcome the limitations of the flashfig software, but we need documentation on what the mikrotik is expecting from DHCP and what DHCP options it sends.