TR069 with FreeACS

TheKitchen · January 17, 2017, 2:47am

Hi All,

With the recent support of TR069 of in 6.38 I was unable to find much documentation on setting up a ACS server to work with Mikrotik. After some trial and error I managed to get a working lab environment going so thought I would forward the steps I took for anyone interested. Please note this setup is strictly for labing and as such has major security flaws for a production environment I strongly recommend following http://wiki.mikrotik.com/wiki/Manual:TR069-client and http://wiki.mikrotik.com/wiki/Tr069-best-practices when you are ready to move to production.

Install FreeACS
FreeACS, installed on Unbuntu 14.04.5 LTS (GNU/Linux 3.13.0-107-generic x86_64) VM. I noticed some problems with running the the install script so have added a few steps to install some requirements manually.

Install tomcat7, Java and SQL5.5
sudo apt-get update
sudo apt-get install tomcat7
sudo apt-get install default-jre
sudo apt-get install mysql-server-5.5
Download and install the FreeACS Script
cd ~ && wget http://freeacs.com/download/install-or-update-freeacs-ubuntu.sh
chmod 755 install-or-update-freeacs-ubuntu.sh && sudo ./install-or-update-freeacs-ubuntu.sh
(I believe the script trys to install and run the most recent version of mysql instal of 5.5 which causes the prechecks to fail at the end of the installation which is why we manually install it)
We now proceed to the steps outlined in http://freeacs.com/download/Fusion%20Installation.pdf, I ignored some steps and made slightly different changes to others so I will do a run down of my version of this walkthrough

a) Restart mySQL
service mysql restart

b) Edit the tomcat7 configuration details
nano /var/lib/tomcat7/conf/catalina.properties (find the string “common.loader” and append “,${catalina.base}/common,${catalina.base}/common/.properties" to it, the end result should look like: "common.loader=${catalina.base}/lib,${catalina.base}/lib/.jar,${catalina.home}/lib,${catalina.home}/lib/.jar,${catalina.home}/common/classes,${catalina.home}/common/.jar,${catalina.base}/common,${catalina.base}/common/*.properties”)

nano /etc/init.d/tomcat7 (Find the line beginning with “# Required-Start:”
and append “$mysql” to it.)

nano /var/lib/tomcat7/common/xaps-stun.properties (find “primary.ip =” and enter the public/external IP address of your machine.)

c) Restart tomcat
service tomcat7 restart

d) Port forwarding and Firewall configuration
These ports will need to be mapped to the local address of your Unbuntu Machine (For more information refer to 5.3 of http://freeacs.com/download/Fusion%20Installation.pdf)
80 TCP
8080 TCP
443 TCP
69 TCP
3306 TCP
3479 UDP
3480 UDP
9116 UDP

e) Fire up a browser and navigate to http://:8080/web if you see a login page login with admin/xaps, if successfull I suggest immediately changing the default login credentials via the GUI under permission at the top.

CPE Configuration

Download and install the TR069 package to your router via the extra packages .zip, for the hEX series you can use http://download2.mikrotik.com/routeros/6.38.1/all_packages-mipsbe-6.38.1.zip, check http://www.mikrotik.com/download for other models, extract the zip and then upload the TR069 package to your router and reboot.
Once the router boots back up add the lines below to your configuration, this will allow connectivity from your CPE to your newly installed TR069 server, this will also ensure your CPE constantly polls to the ACS Server and supplies a unique UnitID/Username to the server.

\

Set TR069 Username to Ether1 mac address

/system script
add name=identity owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=“delay 10;
\n:local macaddress [/interface get ether1 mac-address]
\n:local tidymac
\n
\n:for i from=0 to=([:len $macaddress] - 1) do={
\n :local char [:pick $macaddress $i]
\n :if ($char = ":") do={
\n :set $char ""
\n }
\n :set tidymac ($tidymac . $char)
\n}
\n:put $tidymac; /tr069-client set acs-url=http:///tr069 enabled=yes password= periodic-inform-enabled=yes periodic-inform-interval=30s username=$tidymac”

###Lower polling interval
/system script
add name=Inter owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=“/tr069-client set periodic-inform-interval=30s”

/system scheduler
add name=UnitID on-event=identity policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup

/system scheduler
add interval=5s name=Poll on-event=Inter start-time=startup

Reboot your CPE and you should now be able to manage your device in FreeACS

Managing CPE

Login to FreeACS, navigate to support → search, then press the search button. Your new CPE should show up with the MAC Address as the unit ID, you should now be able to manage the router via TR069. You can create profiles via easy provisioning → profile for customer configs using TR069 parameters, you can push these profiles to your CPE but location your CPE via support → search → go to unit configuration.

Running Router OS Scripts
a)
Create your config via routerOS CLI, export to a text document and save the file as filename.alter. upload the file via “Files & Scripts” in FreeACS, upload and save the file using the TR069_Script as the file type.

b)
Go to “advanced provisioning” → job → create new job

Type: TR069 Script
Group: All profiles (or create a customer group via advanced provisioning group)
Script: (the script you just uploaded)

c)
Advanced provisioning → job → job overview, select your newly created job and run start, this will now push the RouterOS CLI to your CPE

normis · January 17, 2017, 10:18am

Thanks for the guide, I am going to sticky this

janisk · January 17, 2017, 1:56pm

what is the meaning of this? Is there any reason why you are setting periodic-inform-interval=30s every 5 seconds? This part does not make any sense. At least without further comment. Why not simply set periodic-inform-interval=5s?

TheKitchen · January 18, 2017, 12:25am

Hello,
Good question! I noticed when the Mikrotik would connect to FreeACS the periodic inform interval would keep getting changed for some reason. I tried making some changes to the default profile in FreeACS and disabling the parameter all together but the periodic interval kept changing. The script was more of a dirty work around to keep setting the periodic inform interval back to 30 seconds, not a Mikrotik problem I think, ill edit the post once I fix the problem.

This is what i’m seeing from the syslog in freeacs:
Added unit parameter Device.ManagementServer.PeriodicInformInterval with value 87020
ProvMsg: Written to CPE: Device.ManagementServer.PeriodicInformInterval = 87020

AlexeyIlinsky · January 20, 2017, 7:06am

We’ve built our own tiny ACS for plug and play provisioning of CPEs the only one thing I miss now is turn upload / download files (Hotspot HTML files or binary backups back forward via TR069)

janisk · January 20, 2017, 1:47pm

We might look into this. But for now, you can upload vendor specific script containing /tool/fetch to download all the required files.

AlexeyIlinsky · January 20, 2017, 5:56pm

Thanks, that’s what i thought I’d do

sergejs · February 1, 2017, 1:28pm

14.04 is rather old version, and the FreeACS installation script seems to work only for sql5.5, and it does not work with 16.04 (LTS) or current Ubuntu version.

juliokato · February 1, 2017, 5:11pm

I configured a ubuntu 14.04 server with freeACS without problems but I am not able to upload any configuration. The server only reports file transfer failure.

I can reboot the RB and also reset to factory default but I can not even upload configuration or firmware.

RB is running version 3.8.1 but it has no debug or log for TR069.

I tried version 6.39rc20 (Release candidate) and it also does not work.

I will configure the GenieACS server to test. But I think MK needs to develop the TR069-client better.

sergejs · February 2, 2017, 6:08am

juliokato, currently 16.04 is LTS version, and it is possible to find 14.04, but I’m not sure about the security for 3 years old version and applications.

I will configure the GenieACS server to test. But I think MK needs to develop the TR069-client better.

What other “better” options do you need?

AlexeyIlinsky · February 2, 2017, 7:01am

By the way one of my lab routers upgraded from 38.1 to 39rc20 via tr069 and Tr069 client stopped working. Shows enabled but doesn’t send any 1 Boot anymore.

Previous post author probably believes that MT should develope better ACS. We could not find open source acs flexible enough and it wasn’t a big deal to make in house development of server side

sergejs · February 2, 2017, 10:40am

Alexei, please make sure you have the same problem with the latest rc version, and update us (support@mikrotik.com) with support output file, when client stops working properly.
We do not have any plans to develop our own TR069 server.

juliokato · February 2, 2017, 2:52pm

I also understand that FreeACS is not evolving as much as we want.

GenieACS also follows the same line.

But this is the developers problem of the above products. I’m looking for other ACS servers to evaluate.

What I expect from Mikrotik:

We need the TR069-client to generate log messages and / or debug. We are very much aware of this.

normis · February 2, 2017, 2:53pm

AVsystem and Friendlytech have been very forthcoming. They are commercial solutions, but they are updated often.

sergejs · February 2, 2017, 2:58pm

juliokato, as we just made initial implementation for TR-069, the feature is under heavy development and many more interesting feature will emerge soon.
Thank you for the feature request!

ilinsky · February 2, 2017, 4:47pm

i perfectly understand that MT is not going to develope ACS. I will send supout ASAP.
I am thinking about developing comercial ACS designed for MT RoS

juliokato · February 2, 2017, 10:42pm

How much does each of these products cost?

zhalex · February 3, 2017, 4:27pm

I have not created any guide yet, but I went through the Ubuntu installation script for FreeACS and installed it on CentOS 7.3.1611 (tomcat7). It looks like it works fine in my test lab through http and https with 6.38.1 (SElinux = Permissive).

It is not related to FreeACS, but related to TR069 in the certain way. Could you tell me, what the best practice is for an implementation simplified skin in Configure Script? I am trying download created skin by using “fetch”. Unfortunately, /tool fetch does not work properly under the user “*sys”, which ownership scheduler task got from Configure Script.

gmobilize · February 7, 2017, 9:10am

Is there anyone, who has successfully got MikrtoTik CPE to work with GenieACS?
As i have two problems right now:
1.Not all device parameters are showing up, for example the summary page shows a lot of blank fields, while expanded view shows the default forced parameters.
I read that some tweaking could be needed on the server side, as maybe the parameter expression could be different.

2.As mentioned on http://wiki.mikrotik.com/wiki/Manual:TR069-client ,ive been trying to push a script to the CPE using “3.Vendor configuration file”, which is simply a /.txt file containing a working ROS Terminal command, with file extension changed to .alter, when i push the file, it shows that the operation was succesful, however, no changes to the CPE`s config are made.

sergejs · February 7, 2017, 9:15am

By the way in the latest rc versions, the particular options were added for TR069,

*) log - added tr069 topic;
*) tr069-client - added traceroute diagnostics support;