Mikrotik WAP AC Quick Setup Guide & Guest Network Scripts

mikrotik wap acMikrotik WAP AC – Quick Setup – Guide & Guest Network Scripts

Oh boy, look what just arrived in the mail, a brand new Mikrotik WAP AC, also known as the “RBwAPG-5HacT2HnD”!

I’ve had a blast configuring this awesome little wireless access point.  Unlike exporting/importing a configuration which can cause major issues when imported to new hardware, this script is designed to be run on ANY factory-defaulted WAP AC. Just import the .RSC file (instructions below).

This post will provide three quick-setup scripts for the purpose of rapidly deploying multiple WAPs.

  1. Configure a 2.4GHz Wireless Access Point, connected to your private LAN
  2. Configure a 2.4GHz and 5GHz Wireless Access Point, connected to your private LAN.
  3. Configure a 2.4GHz and 5GHz Wireless Access Point connected to your private LAN, and add an isolated Guest Network, unable to access your internal LAN — Internet Only.
    1. This was a real conundrum, — the majority of isolation guides require a VLAN or bridging the wireless antennas to a separate physical port. I achieved the same goal by putting guest clients in their own subnet, and using firewall rules to block traffic between them. NAT Masquerade rules get both networks internet access through the primary gateway.

Overview

Incredible price, awesome range, ultra-reliable, with 2x 2.4GHz and 3x 5GHz antennas, what’s not to love?

Your average home ISP Router/WAP can only handle 5-10 clients before performance becomes terrible. A Ubiquiti UAP-Pro caps out around 25-30 clients. For the WAP AC, expect a maximum real world healthy-load of 30 clients on 2.4GHz and up to 40 clients on 5GHz) per WAP. This is based on the short-and-sweet rule of 15 clients per antenna.

The interface names are… different on the WAP AC than the WAP. For example, on the WAP: ether1-gateway, is now just ether1 on the WAP AC.

If you want to see what your current settings are, use the New Terminal > “export” command.

Update your packages first! System > Packages > Check For Updates > Release Candidate > Update and Install

Customize the scripts below to your liking. You can use these scripts as-is, just change the SSIDs, Passwords, etc in the variables section to meet your needs, and import.

I had to add a “hack” to the start and end of each command line to let the script continue running if there errors like having a setting already defined. For example, a common error would be “bridge with that name already exists, stopping.”

If you ever get stuck, you can always reset the WAP by holding the Reset Button when connecting power/POE (it only checks at boot), and waiting for the 2GHz and 5GHz lights to blink once, then let go of reset.

Script 1 – 2.4GHz Private LAN

#-----------------------------------#
#Mikrotik WAP AC 2.4GHz LAN Setup Script
#Jan 5th 2017, DanKruseWork (at) gmail (dot) com

#Private WiFi, 1x SSID
#This will be used for the majority of deployments, due to 5GHz having limited range [for any WAP].

#-----------------------------------#
#DIRECTIONS TO DEPLOY
#-----------------------------------#
#After changing your variables below, name this file "config.rsc"
#Using Winbox, drag the file into the root directory of "Files" (button on the left)
#Open "New Terminal" on the left, and run the command /import config.rsc
#You're done!

#######################################
#VARIABLES - Only Change Inside Quotes#
#######################################
#-----Device Name and "admin" Password
:global APName "AP01"
:global RouterPassword "adminpassword"

#-----Private Wireless Network
:global SSID "Company Wireless"
:global Password "companypassword"

#-----Guest Wireless Network
:global GuestSSID "Guest Wireless"
:global GuestPass "guestpassword"

#-----Set Transmitter Power. 12dB is 40' radius, 16dB is 80', 21dB is 120'+.
#Don't go above 21dB to prevent amplifier burn-out.
#If you have enough WAPs to overlap (4+), use 12dB. If you've only got one WAP, go 21dB.
:global TransmitPower "21"

#-----Static IP. Uncomment and edit the line below if you want a static IP on the WAP
#:global StaticIP "192.168.1.247/24"

#-----Roaming / Min-RSSI Kickoff Rules. Uncomment if part of a mesh network (4+ WAPs, walk around and stay connected).
#do { /interface wireless access-list add signal-range=-89..120 } on-error={}
#do { /interface wireless access-list add authentication=no forwarding=no signal-range=-120..-90 } on-error={}


#-----------------------------------#
#CONFIGURATION COMMANDS
#-----------------------------------#
do { /system identity set name="$APName" } on-error={}
do { /user set [find name=admin] password=$RouterPassword } on-error={}
do { /interface bridge add name="bridge"  } on-error={}

#Ethernet Plug
do { /interface bridge port add interface=ether1 bridge=bridge } on-error={}

#2.4GHz Antenna
do { /interface bridge port add interface=wlan1 bridge=bridge } on-error={}
do { /ip address set address=$StaticIP interface=bridge numbers=0 } on-error={}

#Enable DHCP Client on Ethernet Plug
do { /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=bridge } on-error={}
#Disable DHCP Server from breaking your existing network
do { /ip dhcp-server disable 0 } on-error={}

#Disable the default static IP of 192.168.88.1, only use DHCP or manually set static (from variables)
/ip address remove 0

#Set Password for SSID profile
#Group-Key-Update needed for iOS compatibility, default is 5m, set higher.
do { /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys group-key-update=60m wpa2-pre-shared-key=$Password } on-error={}

#Configure 2.4GHz
do { /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge name=wlan1 rx-chains=0,1 ssid=$SSID tx-chains=0,1 tx-power=$TransmitPower tx-power-mode=all-rates-fixed wireless-protocol=802.11 } on-error={}

#Disable 5GHz
do { /interface wireless disable wlan2 } on-error={}

#Set the clock for logging
do { /system clock set time-zone-name=America/Los_Angeles } on-error={}

#-----Daily Reboot at 12:10AM
do { /system scheduler add interval=1d name="Reboot Router Daily" on-event="/system reboot" start-date=jan/01/1970 start-time=00:10:00 } on-error={}
#Configure the client to use Google for time-syncing
do { /system ntp client set enabled=yes primary-ntp=216.239.35.0 secondary-ntp=216.239.35.4 server-dns-names=time1.google.com,time2.google.com } on-error={}

 

Script 2 – 2.4GHz & 5GHz Private LAN

#-----------------------------------#
#Mikrotik WAP AC 2.4GHz and 5GHz LAN Setup Script
#Jan 5th 2017, DanKruseWork (at) gmail (dot) com

#Private WiFi, 2x SSIDs

#-----------------------------------#
#DIRECTIONS TO DEPLOY
#-----------------------------------#
#After changing your variables below, name this file "config.rsc"
#Using Winbox, drag the file into the root directory of "Files" (button on the left)
#Open "New Terminal" on the left, and run the command /import config.rsc
#You're done!

#######################################
#VARIABLES - Only Change Inside Quotes#
#######################################
#-----Device Name and "admin" Password
:global APName "AP01"
:global RouterPassword "adminpassword"

#-----Private Wireless Network
:global SSID "Company Wireless"
:global SSID5GHz "Company Wireless 5GHz"
:global Password "companypassword"

#-----Set Transmitter Power. 12dB is 40' radius, 16dB is 80', 21dB is 120'+.
#Don't go above 21dB to prevent amplifier burn-out.
#If you have enough WAPs to overlap (4+), use 12dB. If you've only got one WAP, go 21dB.
:global TransmitPower "21"

#-----Static IP. Uncomment and edit the line below if you want a static IP on the WAP
#:global StaticIP "192.168.1.247/24"

#-----Roaming / Min-RSSI Kickoff Rules. Uncomment if part of a mesh network (roaming).
do { /interface wireless access-list add signal-range=-89..120 } on-error={}
do { /interface wireless access-list add authentication=no forwarding=no signal-range=-120..-90 } on-error={}


#-----------------------------------#
#CONFIGURATION COMMANDS
#-----------------------------------#
do { /system identity set name="$APName" } on-error={}
do { /user set [find name=admin] password=$RouterPassword } on-error={}

do { /interface bridge add name="bridge"  } on-error={}
#Ethernet Plug
do { /interface bridge port add interface=ether1 bridge=bridge } on-error={}
#2.4GHz Antenna
do { /interface bridge port add interface=wlan1 bridge=bridge } on-error={}
#5GHz Antenna
do { /interface bridge port add interface=wlan2 bridge=bridge } on-error={}
#Assign Static IP if variable is set
do { /ip address set address=$StaticIP interface=bridge numbers=0 } on-error={}

#Enable DHCP Client on Ethernet Plug
do { /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=bridge } on-error={}
#Disable DHCP Server from breaking your existing network
do { /ip dhcp-server disable 0 } on-error={}

#Disable the default static IP of 192.168.88.1, only use DHCP or manually set static (from variables)
/ip address remove 0

#Configure Min-RSSI Connect Rule
do { /interface wireless access-list add signal-range=-89..120 } on-error={}
#Configure Min-RSSI Kickoff Rule
do { /interface wireless access-list add authentication=no forwarding=no signal-range=-120..-90 } on-error={}

#Set Password for SSID profile
#Group-key-update required for iOS compatibility, default is 5m, set higher.
do { /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys group-key-update=60m wpa2-pre-shared-key=$Password } on-error={}

#Configure 2.4GHz
do { /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge name=wlan1 rx-chains=0,1 ssid=$SSID tx-chains=0,1 tx-power=$TransmitPower tx-power-mode=all-rates-fixed wireless-protocol=802.11 } on-error={}

#Configure 5GHz
do { /interface wireless set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=$SSID5GHz tx-power-mode=all-rates-fixed wireless-protocol=802.11 tx-power=$TransmitPower } on-error={}

#Set the clock for logging
do { /system clock set time-zone-name=America/Los_Angeles } on-error={}

#-----Daily Reboot at 12:10AM
do { /system scheduler add interval=1d name="Reboot Router Daily" on-event="/system reboot" start-date=jan/01/1970 start-time=00:10:00 } on-error={}
#Configure the client to use Google for time-syncing
do { /system ntp client set enabled=yes primary-ntp=216.239.35.0 secondary-ntp=216.239.35.4 server-dns-names=time1.google.com,time2.google.com } on-error={}

 Script 3 – 2.4GHz & 5GHz, Private LAN & Guest Network

#-----------------------------------#
#Mikrotik WAP AC 2.4GHz and 5GHz LAN and Guest Setup Script
#Jan 5th 2017, DanKruseWork (at) gmail (dot) com

#Private and Guest WiFi, Up to 4x SSIDs
#This script is good for a standalone WAP.

#If 4 SSIDs is too many, run this command to disable wlan2 (5GHz Antenna)
#/interface disable wlan2


#-----------------------------------#
#DIRECTIONS TO DEPLOY
#-----------------------------------#
#After changing your variables below, name this file "config.rsc"
#Using Winbox, drag the file into the root directory of "Files" (button on the left)
#Open "New Terminal" on the left, and run the command /import config.rsc
#You're done!

#######################################
#VARIABLES - Only Change Inside Quotes#
#######################################
#-----Device Name and "admin" Password
:global APName "AP01"
:global RouterPassword "adminpassword"

#-----Private Wireless Network
:global SSID "Company Wireless"
:global SSID5GHz "Company Wireless 5GHz"
:global Password "companypassword"

#-----Guest Wireless Network
:global GuestSSID "Guest Wireless"
:global GuestSSID5GHz "Guest Wireless 5GHz"
:global GuestPass "guestpassword"

########################################################################################
#Guest Isolation - Adjust the isolation firewall rules to match your internal networks.#
########################################################################################

#-----Set Transmitter Power. 12dB is 40' radius, 16dB is 80', 21dB is 120'+.
#Don't go above 21dB to prevent amplifier burn-out.
#If you have enough WAPs to overlap (4+), use 12dB. If you've only got one WAP, go 21dB.
:global TransmitPower "21"

#-----Static IP. Uncomment and edit the line below if you want a static IP on the WAP
#:global StaticIP "192.168.1.247/24"

#-----Roaming / Min-RSSI Kickoff Rules. Uncomment if part of a mesh network (roaming).
#do { /interface wireless access-list add signal-range=-89..120 } on-error={}
#do { /interface wireless access-list add authentication=no forwarding=no signal-range=-120..-90 } on-error={}


#-----------------------------------#
#CONFIGURATION COMMANDS
#-----------------------------------#
do { /system identity set name="$APName" } on-error={}
do { /user set [find name=admin] password=$RouterPassword } on-error={}

#Create Private and Guest bridges
do { /interface bridge add name="bridge"  } on-error={}
do { /interface bridge add name="guestbridge" } on-error={}

#Ethernet Plug
do { /interface bridge port add interface=ether1 bridge=bridge } on-error={}
#2.4GHz Antenna
do { /interface bridge port add interface=wlan1 bridge=bridge } on-error={}
#5GHz Antenna
do { /interface bridge port add interface=wlan2 bridge=bridge } on-error={}

#-----Assign static IP to the bridge (if uncommented above)
do { /ip address set address=$StaticIP interface=bridge numbers=0 } on-error={}

#Enable DHCP Client on Ethernet Plug
do { /ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=bridge } on-error={}
#Disable DHCP Server on ether1 from taking over your existing network
do { /ip dhcp-server disable 0 } on-error={}

#Disable the default static IP of 192.168.88.1, only use DHCP or manually set static (from variables)
do { /ip address remove 0 } on-error={}

#-----Set Passwords
#Password for SSID profile
#Group-key-update required for iOS compatibility, default is 5m, set higher to 50m.
do { /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys group-key-update=60m wpa2-pre-shared-key=$Password } on-error={}

#Guest SSID profile
do { /interface wireless security-profiles add authentication-types=wpa2-psk mode=dynamic-keys name=guest group-key-update=60m wpa2-pre-shared-key=$GuestPass } on-error={}

#-----Configure 2.4GHz
do { /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge name=wlan1 rx-chains=0,1 ssid=$SSID tx-chains=0,1 tx-power=$TransmitPower tx-power-mode=all-rates-fixed wireless-protocol=802.11 } on-error={}

#Configure 2.4GHz Guest SSID
do { /interface wireless add disabled=no master-interface=wlan1 mode=ap-bridge name=wlan3 security-profile=guest ssid="$GuestSSID" } on-error={}

#Add 2.4GHz Guest to Bridge
do { /interface bridge port add interface=wlan3 bridge=guestbridge } on-error={}

#-----Configure 5GHz
do { /interface wireless set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=$SSID5GHz tx-power-mode=all-rates-fixed wireless-protocol=802.11 tx-power=$TransmitPower } on-error={}

#Configure 5GHz Guest SSID
do { /interface wireless add disabled=no master-interface=wlan2 mode=ap-bridge name=wlan4 security-profile=guest ssid="$GuestSSID5GHz" } on-error={}

#Add 5GHz Guest to Bridge
do { /interface bridge port add interface=wlan4 bridge=guestbridge } on-error={}

#-----Guest DHCP Server
do { /ip address add address=10.10.200.1/24 interface=guestbridge network=10.10.200.0 } on-error={}
do { /ip pool add name=guestdhcppool ranges=10.10.200.10-10.10.200.200 } on-error={}
do { /ip dhcp-server add address-pool=guestdhcppool disabled=no interface=guestbridge name=guestdhcp } on-error={}
do { /ip dhcp-server network add address=10.10.200.0/24 dns-server=8.8.8.8 gateway=10.10.200.1 } on-error={}

#Isolate the Private and Guest Networks from each other
do { /ip firewall filter add action=drop chain=forward dst-address=192.168.1.0/24 src-address=10.10.200.0/24 } on-error={}
do { /ip firewall filter add action=drop chain=forward dst-address=10.10.200.0/24 src-address=192.168.1.0/24 } on-error={}

#NAT the Private and Guest networks so they can reach the internet
do { /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=bridge } on-error={}
do { /ip firewall nat add action=masquerade chain=srcnat out-interface=guestbridge } on-error={}

#-----Set Clock
do { /system clock set time-zone-name=America/Los_Angeles } on-error={}

#Configure the client to use Google for time-syncing
do { /system ntp client set enabled=yes primary-ntp=216.239.35.0 secondary-ntp=216.239.35.4 server-dns-names=time1.google.com,time2.google.com } on-error={}

#-----Daily Reboot at 12:10AM
do { /system scheduler add interval=1d name="Reboot Router Daily" on-event="/system reboot" start-date=jan/01/1970 start-time=00:10:00 } on-error={}

 

RetroPie Setup Guide – Xbox 360 Controllers – ROMs

RetroPie Setup Guide

If you’re looking for a cheat-sheet to quickly setup a Raspberry Pi 3 Model B as a RetroPie emulation system, you’re in the right spot. Many of the guides you find, including the official RetroPie wiki, are outdated, between 2012-2015 before the release of RetroPie v4. This guide will eventually meet the same fate, but for now, it’s the newest, sweetest, down-and-dirty guide you’ll find. Enjoy!

emulation

Chapters

  1. Parts
  2. Installing OS
  3. Updating OS
  4. Adding ROMs
  5. Configuring System (the long part)
  6. Performance Improvements
  7. Configuring Controllers
  8. ROM Compatibility per Emulator Plugin

Chapter 1 – Parts

retropie-parts

Raspberry Pi 3 Model B

MicroSD Card

  • I got a 64GB SanDisk Class 10 MicroSD
    • $25 – https://www.amazon.com/dp/B010Q588D4/
  • I recommend a minimum of 16GB, 32GB is the sweet spot for not having to worry about enough space. If you are planning at add countless MAME ROMs or PS1 games, you’ll want as big a MicroSD card you can get.

Official Microsoft Xbox 360 Wireless Receiver

  • Get the official Microsoft OEM version. There are third-party receivers that *can* work fine, but I’ve had bad experiences in the past. The official Microsoft labeled device works the best.
    • $20 – https://www.amazon.com/dp/B000HZFCT2/

Official Xbox 360 Wireless Controllers

  • $30/ea, you can find them anywhere. Best Buy Price Matching works too.
    • https://www.amazon.com/dp/B004QRKWKQ

Keyboard

  • Any keyboard will work, for running more intense menu commands.

Case with Fan

  • If you are planning on playing N64 games, I highly recommend purchasing a vented Raspberry Pi case with fans so you can overclock the system, which is absolutely necessary for smooth N64 emulation. Below is what I use.
    • https://www.amazon.com/dp/B01LXSMY1N/

Chapter 2 – Installing OS

You’ll need a way to format the MicroSD card. This is usually done with the included SD Card (full size) adapter, and plugging it into a laptop/desktop/memory-card adapter.

Go download and install Win32DiskImager from Sourceforge. This lets you write a downloaded .IMG file directly to the MicroSD card.

  • https://sourceforge.net/projects/win32diskimager/

Download RetroPie v4.X

  • The OS is about 600MB. They seem to choose random mirrors for downloads, some go at 30KBps, others at 20MBps, if it’s slow, cancel and re-download.
  • https://retropie.org.uk/download/

The image file will be a .img.gz (GZIP) file. Extract the .IMG file inside with 7Zip or WinRar to somewhere on your local PC.

Run Win32DiskImager from Start as Administrator (right-click > Run as Administrator)

Select the MicroSD card drive letter, browse to your extracted .IMG, and write. — This will completely erase the selected device (which should be the MicroSD card). Make sure it’s the right one.

Wait until the write is complete.

retropie write sd win32

Once complete, remove the MicroSD card, and connect it to the Raspberry Pi memory slot. Connect everything together:

  • MicroSD
  • HDMI <> TV
  • Ethernet Cable <> Switch
  • 360 Wireless Receiver
  • Power USB Micro (2.5A 5v)

Then connect the power-adapter to a power-strip/wall-jack.

 

Chapter 3 – Updating OS

Let the Raspberry Pi boot up and wait until you get to the main interface. You will need a controller input

Configuring Primary Controller for System

We need to define the base controller button definitions via Emulation Station. Start > Configure Input > Are you sure? > Yes

After mapping the buttons per the references below (picture included), we can then make any changes per-system as needed.

Reference 1:https://github.com/RetroPie/RetroPie-Setup/wiki/Controller-Configuration

Reference 2:https://github.com/RetroPie/RetroPie-Setup/wiki/retroarch-configuration

 

Note — You are intentionally Mis-Mapping the Xbox 360 Controller Buttons — this is intended.

For example, the Green button on a 360 controller, is being mapped to B for EmulationStation’s RetroArch default config. This is correct, it will make your life easier. From there — the buttons will be remapped again by each core (NES, SNES, Genesis) to match the “feel” of that controller — automatically. As an example, on a NES Controller, the B button is to the left of the A button. The “feel” should be the same — A (360 Button) > B (RetroArch Default Input) > Auto-Remapped to A (NES Controller).

It’s an odd system, but it can work really well as long as you follow the mapping below. Some emulators (looking at you N64 non-RetroArch cores Gles2N64 and Mupen64Plus) may require controller customization, as their mappings cannot load the built in RetroArch input file. (The default RetroArch input file is stored at “/opt/retropie/configs/all/retroarch-joypads/Xbox 360 Wireless Receiver.cfg”

 

 

Updating OS Packages

Updating the RetroPie OS and packages can provide a 50%+ performance improvement in some cases. Absolutely do this step.

  1. Open RetroPie
  2. RetroPie Setup > Update RetroPie-Setup Script > Yes
  3. Update all installed packages > Yes > Would you like to update the underlying OS packages? > Yes
  4. Wait 25 minutes (I timed it)

That was easy enough…

 

Chapter 4 – Adding ROMs

If you’ve got the ROMs, it’s easy. Just remove them from their ZIP files, and copy them to a network share. If you don’t yet have ROMs, go find a torrent site and get your game on! Generally releases are call “ROM Collections” or “ROM Packs”, so for example go on Google and search for, “N64 ROM collection torrent”.

Hop on your PC, and browse your local network. If you can’t find anything and you’re on Windows, Start > Advanced Sharing > Enable Network Discovery

You can also find your IP on RetroPie by going RetroPie > Show IP

Then browsing to \\192.168.0.X\ or \\retropie

win10

Go into the roms folder, and start copy/pasting in ROMs for each system. They will need to be unzipped, so a NES game would be something like: Super Mario Bros.NES, a N64 title would be Super Mario 64.z64, and a PSX game would be either a Crash Bandicoot.BIN/Crash Bandicoot.CUE combo, or a combined Crash Bandicoot.PBP file.

 

Chapter 5 – Configuring System (the long part)

Raspberry Pi Config

We are going to configure some core OS settings that are related to Raspberry Pi Operating System, rather than the RetroPie FrontEnd Interface. You will likely need a keyboard for this to work, controller buttons can go weird in Raspi-Config.

From the menus, open RetroPie > Raspi-Config

You can also open this by using Putty, SSHing in, and typing “raspi-config”.

  1. This step should not be necessary as of RetroPie v4, but if you find yourself running out of space much earlier than expected:
    1. Expand FileSystem”, this takes the 600MB image you flashed to the MicroSD, and lets you have all of the free space of your 64/128GB MicroSD card.
  2. Boot Options > Wait for Network at Boot > Would you like boot to wait? > NO
    1. This makes the Raspberry Pi boot MUCH faster if a network connection is not available. Otherwise you will sit for 30s while the Raspberry looks for a DHCP server and times out.
  3. Advanced Options > Overscan > Would you like to enable compensation for displays with overscan?
    1. Select No if you have a modern, 1080p or higher HDTV, or are on HDMI.
    2. Select Yes if you have an older TV that zooms in on devices so there are no black bars (but it cuts off detail with HDMI/DVI).

Disable Run Command Editor

Whenever you load a ROM, you have 5 seconds to press any button to load the Run Command Editor. That means if any person presses anything during those 5 seconds, time to pull out a keyboard or reboot the system to try again while everyone gets confused. I highly recommend turning this off once your system is dialed in, so if guests or children are playing on the system they can enjoy a better experience.

You will want to leave it enabled to select a per-game Emulator Core setting. For example, StarFox64 runs best under GlideN64. If GlideN64 is not your default, the Run Command Editor lets you select that specific game’s default emulator core, which the setting will keep even after you (later) disable Run Command Editor.

  1. Launch Menu > Disabled
  2. Launch Menu Art > Disabled
  3. Launch Menu Joystick Control > Enabled
  4. Select Cancel (should be named Quit or Exit) > A (or Yes).

Upgrade Theme

I personally prefer Tronkyfran (#32 at the bottom of the list), pick whatever you prefer 🙂

RetroPie Setup > Configuration / Tools > esthemes (Emulation Station User Interface themes) > 32 – Install Tronkyfran

Go back to home > Start > UI Settings > Theme Set (at the bottom) > Change from Carbon (default) to Tronkyfran (or whatever you use). Some themes may require a reboot to go into effect.

Scrape for Details

A scraper scans all of the games in your system for metadata like year of release, rating, description, title, cover-arts, etc. Very worth the time to run it, makes the system look MUCH prettier. For running an scrape of 2500 games, it took 3 hours to complete.

Do this after copying over your ROM files.

  1. Plug in a keyboard, hit F4 to close Emulation Station – if it is open, the scraping cannot succeed.
  2. sudo -i
  3. sh /home/pi/RetroPie-Setup/retropie_setup.sh
  4. Configuration Tools > Scraper > Scan All Systems

Change Default N64 Emulator

This file lets you select the default emulator. You have the option to assign different emulators to different ROM files with the Run Command before a system launches. I have personally had better stability and performance with Gles2N64 than GlideN64. Officially, GlideN64 is supposed to be the best current graphical plugin and may one day be the best (isn’t everything linux like that though ;-). At the time of writing this (June 2017) glitchy graphics, stuttering audio, and random buggyness with GlideN64 says otherwise, so I recommend Gles2N64.

  1. sudo -i
  2. nano /opt/retropie/configs/n64/emulators.cfg
  3. Change the following line
    1. (Before) default = “mupen64plus-GLideN64”
    2. (After) default = “mupen64plus-gles2n64”
  4. Ctrl + X (Exit) > Y (Yes to save changes)

Chapter 6 – Performance Improvements

If you want to play N64 or PS1 and have a good experience, you will want to get a case with a fan, and overclock your Raspberry Pi 3. If you are not emulating PS1 or N64, do not worry about overclocking.

This is surprisingly important. I normally don’t overclock any equipment, ever, but overclocking really does make a massive improvement on your RetroPi setup, it’s the difference between some N64 games working great or being completely unplayable — if you want to play Goldeneye or Perfect Dark and have a good time, you’ll need this step.

These settings are for a Raspberry Pi 3 in a case with minor ventilation, and the cheapo 14mm x 14mm x 4mm heatsinks on top that come with cheap kits (they only drop temps by 5-8C). A fan however will make a HUGE impact, heatsinks for the Raspberry Pi make a minimal impact once under load.

Temperature can be verified by SSH’ing in with Putty, and running the below command.

#Check temperature. Hit Up-Arrow > Enter to keep checking.
vcgencmd measure_temp

The most important setting oddly enough, is the v3d_frequency. This seems to provide more performance improvements than anything else I’ve found. disable_splash=1 just speeds up the boot process.

  1. sudo -i
  2. nano /boot/config.txt
  3. Insert the below code:
    1. Use Ctrl+K to delete the matching lines, Right-Click to “Paste” in the content.
    2. Ctrl+X to Quit > Y (Yes) to Save)
  4. #Raspberry Pi 3 - ACTIVE COOLING Only!! (40C idle, up to 55C under heavy load)
    arm_freq=1350
    gpu_freq=525
    core_freq=525
    sdram_freq=500
    over_voltage=6
    v3d_freq=525
    force_turbo=1
    avoid_pwm_pll=1
    disable_splash=1

Resolution

This can be a tricky category. Different games run better, and look better, at different resolutions. The higher the resolution, the greater the process/performance demands on the RaspberryPi. In general, I’ve found it best to have the default video mode for any emulator to be 640×480 (CEA1). For example, even the emulator GLes2N64-HighRes, will look more “HD” running at CEA-1 (640×480) than say, CEA-4(1280×720) and run smoother on Jet Force Gemini. For GLes2N64, CEA-1 though a 4:3 resolution is scaled properly to fit a 1080p 16:9 display — it looks really good on many games!

 

From here, you can define a default emulator overall, and specific settings per ROM. You rarely need to touch the framebuffer, it’s usually just the emulator choice, and possibly what resolution you want to run at. Again, Using 640×480 rendered on the RetroPie, will be scaled up to your 1080p screen, and can look better than a 1920×1080 rendering by the RetroPie.

Chapter 7 (Optional) – Configuring Controllers

Only needed if your buttons are not matching up between systems, especially on N64.

There are three ways controller configurations are saved in a RetroPie.

  1. From the initial setup configuration file
    1. nano “/opt/retropie/configs/all/retroarch/autoconfig/Xbox 360 Wireless Receiver.cfg”
  2. From the “live” setup configuration file, what you can change via EmulationStation
    1. nano “/opt/retropie/configs/all/retroarch-joypads/Xbox 360 Wireless Receiver.cfg”
  3. From a system-specific configuration file (N64)
    1. nano /opt/retropie/configs/n64/InputAutoCfg.ini

Below is a mapping image that may be helpful. The stock-mapping works perfectly for NES, SNES, Game Boy, (which all use the RetroArch Input File you created through Emulation Station, but goes absolutely bonkers with non-RetroArch cores.

These input mappings were figured out via the RetroCore GUI Configuration Tool (While in a RetroArch game, press Select + X).

360-ps3-controller-inputs

 

Example Code of a default”/opt/retropie/configs/n64/InputAutoCfg.ini” N64 setup (Wrong).

; Xbox 360 Wireless Receiver_START
[Xbox 360 Wireless Receiver]
plugged = True
plugin = 2
mouse = False
AnalogDeadzone = 4096,4096
AnalogPeak = 32768,32768
Mempak switch = button(11)
Rumblepak switch = button(12)
C Button D = button(0) axis(3+)
C Button L = axis(2-)
Z Trig = button(4)
Start = button(9)
Y Axis = axis(1-,1+)
DPad U = button(15)
C Button U = button(1) axis(3-)
A Button = button(2)
DPad D = button(16)
X Axis = axis(0-,0+)
R Trig = button(5)
DPad R = button(14)
B Button = button(3)
DPad L = button(13)
C Button R = axis(2+)
L Trig = button(6)
; Xbox 360 Wireless Receiver_END

Issues are:

  1. Button (0) [The A button on a 360 controller)], is auto-mapped to C-Button Down AND Right-Stick Down.
  2. Button (1) [The B button on a 360 controller], is auto-mapped to C-Button up AND Right-Stick Up.
  3. Button (2) [The X button on a 360 controller], is auto-mapped to A.
  4. Button (3) [The Y button on a 360 controller], is auto-mapped to B.

 

If you are using a 360 Wireless controller, feel free to use the below mappings. Edit your config file with a command such as:
"nano /opt/retropie/configs/n64/InputAutoCfg.ini"

Use Ctrl+K to delete by line rather than holding down backspace, a bit faster.

Right-Click in Putty to paste in the code box below, for "; Xbox 360 Wireless Receiver_START

Example Code of a modified “/opt/retropie/configs/n64/InputAutoCfg.ini” N64 setup (Correct).

 

; Xbox 360 Wireless Receiver_START
[Xbox 360 Wireless Receiver]
plugged = True
plugin = 2
mouse = False
AnalogDeadzone = 4096,4096
AnalogPeak = 32768,32768
Mempak switch = button(11)
Rumblepak switch = button(12)
C Button D = axis(3+)
C Button L = axis(2-)
Z Trig = button(4)
Start = button(9)
Y Axis = axis(1-,1+)
DPad U = button(15)
C Button U = axis(3-)
A Button = button(0)
DPad D = button(16)
X Axis = axis(0-,0+)
R Trig = button(5)
DPad R = button(14)
B Button = button(2)
DPad L = button(13)
C Button R = axis(2+)
L Trig = button(6)
; Xbox 360 Wireless Receiver_END

 

Chapter 8 – ROM Compatibility for N64

If you are planning to make a few of these systems, you may want to prep one image perfectly and then copy/paste the image to other SD cards with Win32DiskImager.

For that first unit, I’ve always customized each emulator for the most important N64 ROMs. You can define a single ROM to use a specific emulator video-plugin, you can also define the default settings for each plugin. I recommend going lower res for all of the plugins: 720×480 16:9 will give you the best performance for modern widescreen monitors/TVs. You may want to reduce the frame buffer to the native 320×240 size, which is what the N64 used.

For the below list linked on Google Drive/Docs, I have personally tested all three emulators: Gles2N64, Gles2Rice, and GlideN64, to see which is the most stable and has the most playable performance. Some games simply cannot run smoothly on the RetroPie, others it’s a toss-up. You’ll need to enable the Command Editor temporarily when you save these changes. Once done, turn it back off. List below, hope it helps.That should be enough to get you a fully operational RetroPie. Enjoy, and have fun!

Using the Run Command editor can be helpful for changing specific setting — per-ROM. To do so, you would enable the Run-Command editor in RetroPi Setup.

RetroPie Setup > Configuration/Tools > Run Command > Launch Menu (Enabled).

From here, you can define a default emulator overall, and specific settings per ROM. You rarely need to touch the framebuffer, it’s usually just the emulator choice, and possibly what resolution you want to run at. Again, Using 640×480 rendered on the RetroPie, will be scaled up to your 1080p screen, and can look better than a 1920×1080 rendering by the RetroPie.

RetroPie N64 Compatibility List – Raspberry Pi 3 – Overclocked

https://docs.google.com/spreadsheets/d/12JtPecqKpCaU-3MawcVzrnHHiwLIkVT1K3I4Lf7o81o/edit?usp=sharing

 

ROM File Cleanup – Powershell – GoodMerge – NoIntro

ROM File Cleanup

You just downloaded a massive ROM pack for emulation, could be NES, SNES, N64, Genesis, etc… In the pack you would expect the ~600 games that actually came out in stores. Instead you find 15,000 games containing every version and prototype cartridge imaginable from every corner of the world.

Powershell can be the cure for this complete mess, by simply purging out the files matching filters. Code is below. Star (*) is a wildcard character. Just define the source and destination at the beginning.

This script assumes you want United States compatible releases. Note that some games were only released as (EU) [Europe + United States], or (JU) [Japan + United Sates]. This script includes these titles. If you find a pattern or format you do not like, feel free to add your own filter in to the list. If you are from Europe, you would want the (E)  or (EU) releases. (W) is a World-Wide Release.

This script is not perfect — it cannot catch everything because collectors often use custom naming conventions, but this code very easy to work with. After you are done, I recommend scrolling through your list and checking for any duplicate games.

There are two scripts:

  1. The first script creates a a copy of your files to a folder where you can process them all.
  2. The other script actually purges out the unwanted games with the Remove-Item command — a permanent delete command (no Recycle Bin)

ROM File Copy / Move Code

#File Copy or Move Code.
#Delete the comment (#) for Move-Item if you want to use that instead, and then comment out #Copy-Item
#Edit your source path (Original copy of unzipped ROMs) and destination path (Working area for ROMs).
$source = "C:\Installers\GenesisSource"
$destination = "C:\Installers\GenesisDestination"

cd $source
#Use if you want to work on your copy
#The symbol [!] means verified working, usable ROM.
Copy-Item *[!]* $destination

#Uncomment if you want to move -- This is a cut/paste, these files will not be coming back.
#Move-Item *[!]* $destination

 ROM File Cleanup Code

#Dan Kruse - itimagination.com - December 2nd 2016
#To run this command, you can either copy/paste in all of the code, or more easily, save it into a TEXT file in the format .ps1.
#Then open Powershell.exe in Windows and run the filename of the script. For example:
#Powershell.exe
#C:\Installers\CleanupRoms.ps1

#The hash-symbol(# will deactivate a line of code. Useful for pausing the copy/pasting of the script on the row beginning with "Copy-Item"

#Remove by Country Initials
get-childitem -Recurse -path "$destination" -filter '*(B)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Bra]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(CCE)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(CH)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Chi]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(E)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(F)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(G)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(J)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(JE)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(K)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(R)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(PAL)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(PD)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(SECAM)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(UA)*' | remove-item

#Remove by Country Name
get-childitem -Recurse -path "$destination" -filter '*Canada*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*China*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(Europe)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*France*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Germany*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Italy*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Japan*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Sachen*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Spain*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(Unknown)*' | remove-item

#Remove by Keyword
get-childitem -Recurse -path "$destination" -filter '*AKA*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*(Alpha)*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Beta*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*canal*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*demo*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*hack*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*preview*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Proto*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Rev A*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Rev02*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Rev03*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Rev04*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*Screen Search*' | remove-item

#Remove by Invalid ROM Type
get-childitem -Recurse -path "$destination" -filter '*[a*]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*[b*]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*[f*]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*[fixed]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*[h*C]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*[hI*]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*[o*]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*[p*]*' | remove-item
get-childitem -Recurse -path "$destination" -filter '*[p1]*' | remove-item

 

Mikrotik Guest Wireless Network

Mikrotik Guest Wireless Network

If you’ve got a Mikrotik router with wireless or a Mikrotik Wireless Access Point and desire to setup WiFi with a Guest Network — you’re in the right place!

This guide will assume the most common setup scenario — Guest Wireless and Private Wireless share the same internet connection, but cannot talk to each other- your guest devices only need internet access and do not need to interact with any other devices.

 

Note that the Mikrotik QuickSet feature now includes all of these steps in a single interface. The lower left of QuickSet has a section for “Guest Wireless Network”.

This guide will explain the details of how it is operating.

mikrotik-wireless-16

 

Interface SSIDs

A SSID is the name of a wireless network. For Mikrotik, you can have a single SSID bound to each interface. If you only have one antenna interface, like many routers/WAPs, you will need to create a virtual AP interface and assign it an SSID as well.

Use Winbox to login to your Mikrotik router, by default IP 192.168.88.1

On the left page: Wireless > Double-Click Interface (wlan1 usually) > Wireless Tab.

mikrotik-wireless-1

Here you can configure your AP Bridge, which means “Access Point, bridge to wired network.” You can also change the SSID.

Security Profile (Password)

To change the password: Wireless > Security Profiles > Double-Click Entry > WPA and WPA2 Pre-Shared Key (PSK). These are usually the same password.

mikrotik-wireless-2

Adding the Guest Interface (Virtual Access Point)

Create a new Security Profile (password) for what will become our guest wireless network.

Wireless > Security Profiles Tab > Click Plus Symbol (+) > Name, WPA and WPA2 Pre-Shared Key.

mikrotik-wireless-7

Wireless > Interfaces > Blue Plus (+) Symbol > Virtual

mikrotik-wireless-4

You can name the interface however you would like, but generally giving them a number is best. wlan1 means Wireless LAN 1. So to follow naming you may use wlan2 or wlan3 for your 2nd and 3rd SSIDs.

mikrotik-wireless-5

Click the Wireless Tab to decide the SSID for this new AP Bridge, and give it a fun name. You can also select the Security Profile (password) to use for this interface.

mikrotik-wireless-8

Guest IP Addresses and DHCP Server

Let’s start by assigning your new Virtual AP Interface a Static IP address. Choose a different subnet. So if you are currently say, 10.10.10.1/24, we might use 10.10.100.1/24

IP > Addresses > Plus (+) > Address/Subnet > Interface (Virtual AP Interface, like wlan2)

mikrotik-wireless-9

To add a DHCP Server: IP > DHCP Server > DHCP Setup > Select Virtual AP Interface (wlan2)

Follow the prompts, it should auto-populate the fields for you.

mikrotik-wireless-10

Bridging

As a switch is to ethernet cable, so a bridge is to network interfaces — it connects them together. To have your physical wireless interface (antenna) send and receive traffic through your wired interface (RJ-45 port on ETH2), they need to know to talk to one another, and bridges make this happen. You do not need to also bridge your Virtual AP wireless interface (guest) because wlan1 is it’s master port. This entry is just in case you don’t have any bridge between wlan1 and ethernet. Don’t worry, we will isolate them from your private devices via a firewall rule. You could also isolate the wlan2 (guest) interface traffic to a separate ethernet plug (say, ether5, while ether2-4 is private traffic and ether1-gateway is your WAN).

mikrotik-wireless-3

Allow NAT Translation (Masquerade for Internet Access)

You likely already have NAT translation enabled, but if you don’t, enabled a masquarade rule that allows srcnat traffic to go out through your WAN interface (usually gateway or ETH1). This goes for all interfaces, including your existing local ports, existing wireless interface and new wireless virtual AP interface. You can specific Source Address if you want to, but if you leave the field blank Mikrotik assumes all sources are valid.

mikrotik-wireless-11

Block Guest Interface From Communicating with Private with Firewall Rule

You’ll want to make a firewall rule, forward chain, action will be DROP. This blocks traffic from the source network (10.10.100.0/24, in this case, Guest Wireless), from communicating with the destination network (10.10.10.0/24, in this case, Private Wireless).

mikrotik-wireless-12

 

I hope that helped you out a bit, enjoy!

MikroTik wAP – Setup Guide – Multiple APs with Roaming

MikroTik wAP Quick Setup Guide

Hello there, this post will provide instructions configuring a MikroTik wireless access points from start to finish with a quick script. The goal is a wireless network where you can walk around the building and have client devices jump from WAP to WAP via access rules (Min-RSSI).

These principles will work on any Mikrotik device with wireless capability since they all run the same Routerboard software.

wAP

Setting

My company deployed 12 Ubiquiti UAP Pros to a client, we experienced intermittent connectivity with Apple devices (MacBook Air, MBP, and iPhones), Ubiquiti forums were not helpful, firmware upgrades/downgrades didn’t make a difference, and devs shifted the blame to Apple. We decided to try a different vendor, MikroTik, and purchased four RBwAP2nD units (Looks like a rounded, white rectangle).

The Mikrotiks did the job beautifully after proper setup! Not only did they not have issues with Apple devices, but the quality of signal was FAR higher than with Ubiquiti. More capacity, better signal, 1/4 the cost, with granted much harder management than the beautiful UniFi Controller, but in this setting it is acceptable — one location, set it and forget it.

Rather than set up a Wireless Mesh (WDS) or use the CAPsMAN controller, I’m keeping it simple. Set each AP in each corner of the building, use Min-RSSI to kick off clients when their signal is too weak, then they join the strongest signal near them. It’s short-and-sweet roaming, not seamless, but good enough.

The wAP can be powered by PoE or power-plug, between 12v-57v. We are using our already purchased Ubiquiti Toughswitch-8-Pro to power the units, but you could use any standard 24v or 48v PoE switch.

 Initial LoginMikrotik1

By default the WAP runs a DHCP Server, so I made sure to not plug it directly into our existing
network. You can connect directly to the WAP through wireless with a laptop. Once connected, you’ll pull a DHCP IP, usually 192.168.88.254. You can connect to the Mikrotik wAP with Winbox, their management software — very powerful!

 

Click the three dots next to “Connect” and WinBox will search for any Mikrotik devices. You can connect by IP, or direct MAC address (no matching IP/subnet needed!). Default username/password is admin/<blank>.

Mikrotik2

Initial Setup

All of these commands are menu presses. So “/system identity” means click the System button on the left, then the identity drop-down, further commands are tabs or fields. These commands can be entered DIRECTLY into the WAP applying immediately by using “New Terminal” on the left. The terminal lets you rapidly set up units after you’ve got your base commands in a text file. With these codes I’m able to crank out a matching WAP in about 4 minutes.

Name the AP

/system identity set name="NAME"

Wireless / Wired Bridge

Allow the wireless and wired connections to talk to each other. A bridge functions like a switch, it lets different interfaces talk to each other (whether that is a physical port, antenna, or VLAN, it connects them together).

/interface bridge add name="bridge1" 
/interface bridge port add interface=ether1-gateway bridge=bridge1
/interface bridge port add interface=wlan1 bridge=bridge1

LAN Dynamic IP

Force the wired connection to pull a dynamic IP address by turning on the DHCP-Client service.

/ip dhcp-client add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway

Overwrite the existing (192.168.88.1/24) IP Address applied to the wired NIC. This will be an additional  static IP to the wired NIC, the first being by DHCP Client.

Edit the IP
/ip address set address=10.10.10.53/24 interface=ether1-gateway numbers=0

Disable DHCP Server

This is just an access point, no DHCP Server needed.

/ip dhcp-server disable 0

 

Minimum-RSSI (Kickoff when the signal is too weak)

Called Min-RSSI by Ubiquiti, Mikrotik uses an access rule to allow or deny connections. It is almost like a firewall yes/no rule, if your signal is between this range (-84dB through 120dB, written as -84..120), you are allowed to authenticate and to talk to other devices (forward). If your signal is below this range (-120 through -85dB, written as -120..-85), you will be kicked. In reality, it takes about 1-2 seconds of a device having a signal lower than -84dB before the kick happens.

The way signal measurements work, a negative number is a receive number. A positive number is a transmitted or sent number.

Here are some quick dB examples. I have found the Mikrotiks to continue running well at even -85dB because the hardware has such an extremely low/quiet noise floor: -105dB, which is insanely quiet, means you get MUCH better range for the power. 1000mW is a great marketing feature, but it doesn’t mean squat without a good noise floor to compare to. For comparison, Ubiquiti gear (which is usually quite good for the money) signal becomes unusable around -72dB.

General Client Receiving Signal Examples

  • -55dB, this is a great signal quality for a client like a laptop or cell-phone
  • -75dB, we are nearing the limits of usable signal, expect some packet loss or stutters in video/VOIP.
  • -30dB, power is extremely high, you are probably standing within 3 feet of the antenna, or your transmit power is way too high.
## Each of these commands will restart the networking interfaces, so you'll probably be disconnected.

#Configure Min-RSSI Connect
/interface wireless access-list add signal-range=-84..120
#Configure Min-RSSI Kickoff
/interface wireless access-list add authentication=no forwarding=no signal-range=-120..-85

Edit the Wireless Password:WPA or WPA2

####Edit the Password in two places, once for WPA and WPA2####
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=MyPassword wpa2-pre-shared-key=MyPassword

Edit the SSID, and set your transmit power in dB

Antenna/Station Transmitting Examples

  • +12dB, low power, usable 40 foot radius with 1 piece of drywall between station and client.
  • +16dB, medium power, usable 60 fo0t radius with 2 drywalls between station and client..
  • +21dB, high power, range is unpredictable, could be 400 foot radius with line of sight, or 120 foot radius with interference.

High transmit power for MikroTiks is 19-21dB, be aware that though your transmitter may be loud, clients may not be loud enough to reply back. You would see this as a client having full bars of signal, but extreme packet loss or “unable to connect”. For comparison, a Ubiquiti running on High power (Auto) is +30dB.

Don’t just turn up the dB to get farther range, it’s possible to burn out amplifiers/antennas if you don’t know what you’re doing, and may make your signal-to-noise ratio worse.

/interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge name=wlan1-local rx-chains=0,1 ssid=WirelessName tx-chains=0,1 tx-power=16 tx-power-mode=all-rates-fixed wireless-protocol=802.11

Configure Time (NTP) and Automatic Nightly Reboot

Mikrotiks do not have a battery inside, and thus the time resets whenever they reboot. Configure a NTP server to have the clock auto-update after boot.

In addition, it never hurts to reboot once per day to work out any glitches.

#Reboot router every day at 12:10AM
/system scheduler add interval=1d name="Reboot Router Daily" on-event="/system reboot" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jan/01/1970 start-time=00:10:00


#Configure the client to use Google as time servers
/system ntp client set enabled=yes primary-ntp=216.239.35.0 secondary-ntp=216.239.35.4 server-dns-names=time1.google.com,time2.google.com

 

Update Packages

I updated each WAP at the end, since it was easier to configure them to a usable state and avoid conflict with DHCP-Servers, so data can be pulled via the ethernet cable once they are hooked into the primary switches.

Winbox > System > Packages > Check for Updates > Download and Install

 

Hopefully this quick start guide was helpful in getting you going on MikroTik WAPs. I’m really amazed by what these units can do for so little money. Harder to configure than most WAPs for sure, but they are extremely reliable — I never have to reboot them, they just take a beating with capacity and handle it like a champ, and don’t even get me started on the reliability of home routers like Netgear, ASUS, or Linksys. Have fun! 😉

Ubuntu 16.04.1 LTS UniFi Beta Controller with Wildcard SSL

This article covers how to install UniFi Beta from a .deb file for Ubuntu Server (so command line only), and how to install a WildCard SSL into UniFi. This article does not cover installing Ubuntu and applying updates.

If you already have a controller, confirm you have a backup of your controller to restore your sites and data!

Controller > Maintenance > Backup > Download

 

 

Obtain Putty, a SSH tool to remote into your server with copy/paste functionality

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Installing UniFi Base Packages

Run the following code to install UniFi. Note that unifi-rapid and unifi-beta are no longer used, Ubiquiti changed to the single release and if you want a specific version you can install it yourself with the .deb file (below)

#Make your session administrative
sudo -i

#Open a text editor to allow UniFi to be downloaded from the repository
nano /etc/apt/sources.list

#Go to the bottom of the list with the arrow keys, and paste in (through putty, it's Right-Click)
deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti
deb http://www.ubnt.com/downloads/unifi/distros/deb/debian debian ubiquiti
#Save (Ctrl + X, Y for Yes)

#Add the Ubiquiti GPG Signed Keys to allow you to install their software
apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10

#Refresh the repositories (download sources)
apt-get update

#Install from the repositories
apt-get install unifi

 

Upgrading to UniFi Beta with .DEB Image

Sign up for the UniFi Beta community forums. Check the blog to get the newest update packages.

http://community.ubnt.com/t5/UniFi-Beta-Blog/bg-p/Blog_UniFi_Beta

Find the release you want, most likely the newest, and copy the URL of the .deb file.

 

Putty into your server, and run the following code to install UniFi, then upgrade to the Beta.

#Make your session administrative
sudo -i
#Download your .deb file to the /tmp directory
cd /tmp
wget https://www.ubnt.com/downloads/unifi/5.2.5-6914faba/unifi_sysvinit_all.deb

#Wait for download to complete, then unpackage and install
dpkg -i unifi_sysvinit_all.deb

#Clean up the mess, delete the old .deb file
rm unifi_sysvinit_all.deb

 

Applying the SSL Certificate

The scope of this guide does not cover how to create a CSR and obtain your wildcard certificate. Once you have exported your certificate keychain (with private key) as a PKCS #12, these instruction will APPLY the key to your UniFi controller.

By default, UniFi installs inself to /var/lib/unifi

In here is the file “keystore”, that contains the self-signed “UniFi” SSL certificate.

  1. Download Keystore Explorer
  2. Create a new keystore – JKS (OpenSSL)
  3. Tools > Import Key Pair – PKCS #12 > Browse to PFX Wildcard Cert
  4. Decrypt with private key password
  5. Encrypt NEW keystore with the password “aircontrolenterprise”
  6. File > Save As > “keystore”
  7. FTP file to your UniFi box, I recommend Filezilla to connect via sftp://192.168.1.X on port 22.
  8. Transfer the file to your home directory /home/username, since /var/lib/unifi is protected
  9. Connect via Putty > sudo -i > [password] > cd /var/lib/unifi
  10. Stop the service: service unifi stop
  11. Create a backup file: mv keystore keystore.orig
  12. Move your newly encrypted keystore: cd /home/username > cp keystore /var/lib/unifi/keystore
  13. Reboot the Linux OS, when the UniFi controller starts up it will auto import the file keystore and apply it to web services, giving you that nice shiny HTTP green lock 🙂

 

Dell Open Manage Event ID Monitoring

Monitoring Event IDs with Dell Open Manage

All right, it’s time to set up some kickass event ID monitoring. You’ve installed Dell Open Manage / Server Administrator on all of your physical hosts, and want to make sure you are aware if anything breaks or is about to explode! You’ve been searching for hours trying to find the Event IDs that actually matter — you’re in the right place!

The alerting system you use is up to you, Kaseya, Labtech, Nagios, Pandora FMS, Zabbix, whatever — what matters is getting the correct Event IDs and a matching description filter. Just alerting by Event ID may give you a flood of alerts, there are only so many low ID numbers to go around. The description filter matches only events from OpenManage.

These logs are generated across BOTH Application and System Event Logs, so be sure you are capturing both categories of Event IDs.

I’ve done the hard work of looking through all 500+ of Dell’s individually paged Event ID descriptions — visible here.

Below is a massive list of the ones that matter (or at least, the ones I think matter — any warnings, errors, or critical alerts related to hardware health — anything storage (RAID disks, rebuilds, hot spares, SMART, controller battery, etc), memory (bit errors, ECC failures, failed sticks, etc), CPU (failed processors, temperature, etc), power supplies (redundancy, device failure, cord unplugged, etc). You may want more logs to look at, but I tried to pick anything that could lead to degraded performance or failure.

Open Manage 2

Take my list to get you started. All event descriptions should have wildcards (*), so the description does not require an exact match, otherwise one letter off and you don’t get an alert. Enjoy the code — let me know if it helped you out! 🙂

Dell Open Manage Event ID Cheat

Event ID		Description Filter
1004			*Thermal shutdown*	
1053			*Temperature sensor*	
1054			*Temperature sensor*	
1104			*Fan sensor*	
1153			*Voltage sensor*	
1154			*Voltage sensor*	
1203			*Current sensor*	
1204			*Current sensor*	
1305			*Redundancy*	
1306			*Redundancy*	
1353			*Power supply*	
1354			*Power supply*	
1403			*Memory*	
1404			*Memory*	
1405			*Memory*	
1501			*AC power*	
1503			*AC power*	
1504			*AC power*	
1505			*AC power*	
1552			*Log size*	
1554			*Log size*	
1555			*Log size*	
1604			*Processor*	
1703			*Battery*	
1704			*Battery*	
1705			*Battery*	
2048			*Device failed*	
2049			*disk removed*	
2051			*disk degraded*	
2056			*Virtual disk failed*	
2057			*degraded*	
2076			*Consistency failed*	
2081			*reconfiguration failed*	
2082			*rebuild failed*	
2083			*rebuild failed*	
2094			*Predictive*	
2100			*Temperature*	
2102			*Temperature exceeded*	
2106			*SMART*	
2107			*SMART*	
2108			*SMART*	
2109			*SMART*	
2110			*SMART*	
2112			*Enclosure was shut down*	
2122			*Redundancy degraded*	
2123			*Redundancy lost*	
2126			*sector reassign*	
2129			*BGI failed*	
2145			*Controller battery*	
2146			*Bad block*	
2146			*DR0*	
2147			*DR0*	
2147			*Bad block*	
2148			*Bad block*	
2149			*Bad block*	
2150			*Bad block*	
2169			*controller battery*	
2187			*ECC error*	
2201			*hot spare failed*	
2203			*hot spare failed*	
2272			*uncorrectable media*	
2273			*punctured*	
2289			*ECC error*	
2290			*ECC error*	
2310			*permanently degraded*	
2312			*power supply*	
2313			*power supply*	
2318			*battery*	
2319			*ECC error*	
2320			*ECC error*	
2321			*ECC error*	
2324			*AC power supply cable*	
2340			*uncorrectable errors*	
2342			*inconsistent parity*	
2346			*Error on PD*	
2347			*rebuild failed*	
2348			*rebuild failed*	
2349			*bad disk block*	
2350			*unrecoverable disk media*	
2367			*Rebuild is not possible*	
2367			*Rebuild is not possible*	
2384			*hot spare*	
2385			*hot spare*	
2387			*bad block medium*	
2396			*uncorrectable multiple medium*	
2397			*uncorrectable errors*	
2402			*Disk Power status*	
2405			*Command timeout*	
2416			*medium error*	
2417			*medium error*	
2434			*wear-out limit*	
2436			*read-only mode*	
2441			*critical temperature*	
2442			*degraded*	
2443			*Data loss*	
2900			*cache device*	
2901			*inaccessible*	
2911			*cached LUN*	
2930			*caching*	
1				*device*	
20				*Device*IO failed*	
4098			*returning error*
7				*bad block*
11				*controller error*	
52				*predicted that it will fail*

 

Easy TCP Port Listener for Network Monitoring

Easy TCP Port Listener for Network Uptime Monitoring

Products like Nagios, Zabbix, or PHP Server Monitor can monitor the uptime of services by performing a TCP port query. In short, “is port TCP 25” open? — its on/offline!

Well what if the server I want to monitor doesn’t have any services to even open up to the public internet for monitoring. Using TCP 135 (Microsoft RPC), TCP 445 (NetBIOS), TCP 3389 (Remote Desktop) built into every Server OS to monitor uptime can be very dangerous. Well I want a program that can listen on a port without massively exposing my servers.

There are two ways to go about this from the scope of this article:

  1. Install an application that hosts a service listener, like a HTTP (TCP 80) server or FTP (TCP 21) server. But you probably don’t want a HTTP or FTP server on say, a Domain Controller or backup machine.
  2. Run a small portable executable that listens on a single port as a scheduled task.

Enter: Port Listener

Made by RJL Software (http://www.rjlsoftware.com/software/utility/portlistener/), it’s a single EXE that can be programmed to listen to any port. It is a simple program, just responding with a TCP-ACK and that’s it!

The Port Listener Code

::It doesn't get simpler than this.
::Change the number "9999" to whatever TCP port you want to listen on.

listener.exe 9999

Port Listener CLI

##Client Query
##Check if the port is being listened on. If there is no output, the port is not being listened on. If you get a response of code, it's open and LISTENING.

netstat -ano | find "9999"

Port TCP LISTENINGPort TCP NOT LISTENING

Task Scheduler

Start > Run > taskschd.msc

Task Scheduler Library > Right-Click > Create Basic Task >

Name:#### Uptime TCP Listener

Right-Click > Properties > Run whether user is logged on or not > enter password.

Also edit Conditions (turn off “only run when idle”) and Settings (Stop if runs longer than 3 days) so it always runs , if task fails, restart every 10 minutes, etc.

Command Line Version:

::Create a Windows Firewall Rule
netsh advfirewall firewall add rule name="9999 Uptime TCP Listener" dir=in action=allow protocol=TCP localport=9999

::Create a Scheduled Task that runs on computer boot (ONSTART)
::Note the use of double quotes (") for the full command, and single quotes (') to isolate the executable so arguments/parameters can be passed through.
schtasks /create /TN "9999 Uptime TCP Listener" /SC ONSTART /RU "NT AUTHORITY\NETWORKSERVICE" /TR "'C:\Scripts\listener.exe' 9999"

::Run scheduled task
schtasks /Run /TN "9999 Uptime TCP Listener"

Port Listener Image

Reboot, see if it’s listening, you should have a port listening indefinitely. Add a firewall rule, add a monitor to Nagios/Your System, you’re done – woohoo!

Run on any Windows Server you want monitored, easy peasy! Have fun!

PHP Server Monitor – Add Ping Functionality

Adding Ping (ICMP) to PHP Server MonitorPHP Monitor ICMP

I love PHP Server Monitor, it is an amazing tool for my business to have a simple, reliable, practical way to ensure which services or devices are online. The only complaint I have with it is that it does not support ping monitors, only services (query Port 3389 for example).

Major thanks to Michele Mariotti and insuman on the PHP Server Monitor forums (Post Link) for writing up some code that allows ICMP functionality, as long as the service is Port 1.

Log in to your server via Putty, make a backup of the StatusUpdater function definitions, and replace the old code that will allow you to use ICMP.

 

# For me, PHP Server Monitor it installed under /var/www/html, your path may be different.
cd /var/www/html/src/psm/Util/Server/Updater

cp StatusUpdater.class.php StatusUpdater.class.php.bak

sudo nano StatusUpdater.class.php

 

#Find the function
Ctrl + W (search)

function updateService

<Enter>

 Old Code in StatusUpdater.class.php

protected function updateService($max_runs, $run = 1) {
    $errno = 0;
    // save response time
    $starttime = microtime(true);

    $fp = fsockopen ($this->server['ip'], $this->server['port'], $errno, $this->error, 10);

    $status = ($fp === false) ? false : true;
    $this->rtime = (microtime(true) - $starttime);

    if(is_resource($fp)) {
      fclose($fp);
    }

    // check if server is available and rerun if asked.
    if(!$status && $run < $max_runs) {
      return $this->updateService($max_runs, $run + 1);
    }

    return $status;
  }

 

Change to New Code in StatusUpdater.class.php

This is hardcoding TCP Port 1 in PHP Monitor, to use ICMP/Ping. The default timeout is 5 seconds, adjust the number 5  in the timeout variable ($timeout) to whatever time in seconds you want.

You can use Ctrl+K in nano to delete an entire line at once, rather than holding the Backspace or Delete keys.

###NEW CODE###
protected function updateService($max_runs, $run = 1) {

        if (($this->server['port']) == 1) {
            /* timeout min: 5 sec */
            $timeout = ($this->server['timeout'] < 5 ? 5 : $this->server['timeout']);
            /* save response time */
            $starttime = microtime(true);
            /* ICMP ping packet with a pre-calculated checksum */
            $package = "\x08\x00\x7d\x4b\x00\x00\x00\x00PingHost";

            $socket = socket_create(AF_INET, SOCK_RAW, 1);
            socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array('sec' => $timeout, 'usec' => 0));
            socket_connect($socket, $this->server['ip'], null);
            $ts = microtime(true);
            socket_send($socket, $package, strLen($package), 0);

            if (socket_read($socket, 255)) {
                $status = true;
            } else {
                /* store error reason */
                $this->error = socket_last_error() .' '. socket_strerror(socket_last_error());
                $status = false; 
            }
            $this->rtime = (microtime(true) - $starttime);
            socket_close($socket);
        } else
        //rest of code
        { 
            $errno = 0;
            // save response time
            $starttime = microtime(true);

            $fp = fsockopen ($this->server['ip'], $this->server['port'], $errno, $this->error, 10);

            $status = ($fp === false) ? false : true;
            $this->rtime = (microtime(true) - $starttime);

            if(is_resource($fp)) {
                fclose($fp);
            }
        }

Ping Monitor Example

PHP Monitor ICMP Server Example

OwnCloud Server 9.0 – Ubuntu 12.04 Installation

OwnCloud Server 9.0 on Ubuntu 12.04 with PHP 5.6

A quick setup guide to setting up a private OwnCloud Server on Ubuntu Server.

From building a fresh machine, to setting static IP, installing dependencies, and taking everything online.

 

Ubuntu 12.04 and PHP 5.6

Current Ubuntu is 14.04, but our AppAssure software threw a fit trying to back up a 14.04 that is apt-get updated to the newest. The lovely error: “Buffer I/O error on device sdb0, logical block #”

Some patch must have broken whatever the backup is using. So I had to install on Ubuntu 12.04, except it by default only installs PHP 5.3…. OwnCloud needs 5.4+

 

OS Setup

Install the OS, check the OpenSSH feature, use Putty to connect over SSH so you can copy/paste.

#Configure a Static IP

#Use nano to edit > Ctrl+X to close
nano /etc/network/interfaces


#Change iface eth0 inet dhcp to:
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.254
dns-nameservers 192.168.1.4 8.8.8.8

 

Upgrade 12.04 with the newest patches, security fixes, etc. Then add a repository that normally is not in 12.04, to allow the install of php5.6

#Update the OS
apt-get update
apt-get upgrade

#Allow PHP 5.6 to be installed on an older OS
apt-get install python-software-properties
add-apt-repository ppa:ondrej/php5-5.6
apt-get update
apt-get install apache2
apt-get install php5 php5-mysql
apt-get install php5-gd php5-json php5-curl php5-intl php5-mcrypt php5-imagick
apt-get install mysql-server

#Lock down your SQL, remove the anonymous and remote access.
mysql_secure_installation

#Go configure MySQL for OwnCloud
mysql -u root -p
#Enter the DB password prompted when installing.
#Make a table and make priveleges.
CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE ownclouddb;
GRANT ALL ON ownclouddb.* TO 'user'@'localhost';
FLUSH PRIVILEGES;
exit

Install OwnCloud

#Download the installer, unzip/untar it
cd /var

wget https://download.owncloud.org/community/owncloud-9.0.0.tar.bz2

tar -xvf owncloud-9.0.0.tar.bz2 -C /var/www/html/

 Configure Apache2

#Point Apache to your website directory
cd /etc/apache2/sites-available
#Make a backup
cp 000-default.conf 000-default.conf.bak
nano 000-default.conf
#Change ServerName to your FQDN (files.website.com)
#Change DocumentRoot to your path (/var/www/html/owncloud)
service apache2 restart

#Edit OwnCloud to accept your website URL (FQDN)
cd /var/www/html/owncloud/config
nano config.php
#Change your array to look like:
  array (
    0 => 'files.website.com',
    1 => '192.168.1.10',
  ),
#Change the CLI URL
'overwrite.cli.url' => 'http://files.website.com',

 Configure Data Directory

mkdir /owncloud
mkdir /owncloud/data
chown -R www-data:www-data /owncloud/data/

Go login to your website, http://192.168.1.10, pop the the applicable information, and change the data path to something outside of the www subdirectory (I use /owncloud/data/)

You *may* have a permission error preventing you from changing the maximum file upload size, File Handling > “Missing permissions to edit from here.”
Just edit the hidden .htaccess file permissions

chmod 776 /var/www/html/owncloud/.htaccess
chmod 776 /owncloud/data.htaccess
#Edit Apache2.conf
nano /etc/apache2/apache2.conf
#Change "AllowOverride None" to "AllowOverRide All"
#Import for the /var/www directory.

I recommend updating your OwnCloud installation, located in the Username > Admin > Updater section. There are some bugs such as Internet Explorer 11/Edge getting the error “Could not create folder “<FOLDERNAME>”” that can be fixed with an update.

Good luck, enjoy OwnCloud, beats the heck out of Dropbox 🙂