Creating Redundant Configuration with Mikrotik

This is my experiment in creating router redundancy for my home network. The routers that I use are Mikrotik routers. I have one hardware router (MikroTik CRS309-1G-8S+IN), and I have configured a Mikrotik software router as a backup

Since this is a home network I only have a single ISP, so the redundancy is limited to the routers (I plan to cover ISP redundancy later with a cell phone). But it does allow me to perfrom maintenance on the routers without impacting my network.

The cable modem is connected to a switch, and both routers connected to the switch (I refer to that connection on the router side as ‘wan’) Obviously both the cable modem and the switch constitute a single point of failure.

My ISP is providing a single public internet IP address using the DHCP protocol. That means both routers cannot be active on the wan interface at the same time.

The idea is to configure VRRP within the local LAN subnets and create a script on the vrrp configuration that brings the wan interface up and down according to the vrrp status.

So, let’s get started.

From your Letsencrypt ACME host copy fullchain.cert and the private key file

scp fullchain.cert openhab.mife.ca.key openhab.mife.ca:/root/

** Note: you can install openjdk jre-headless package to install keytool **

From your openhab host create a new keystore

Do this from your working directory. Replace pass:openhab with your own password.

openssl pkcs12 -export -in fullchain.cer -inkey openhab.mife.ca.key -out keystore -passout pass:openhab -name mykey

From your Letsencrypt ACME host copy fullchain.cert and unifi key file

scp fullchain.cert unifi.mife.ca.key unifi.mife.ca:/root/

From your Unifi host create a new keystore

In my case the unifi is the only key in the keystore, so you can just generate a new keystore with new certificates ** This assumes the unifi keystore is located in /var/lib/unifi/keystore (ubuntu/debian)

cp /var/lib/unifi/keystore /root/keystore.bak
openssl pkcs12 -export -in fullchain.cer -inkey unifi.mife.ca.key -out /var/lib/unifi/keystore -passout pass:aircontrolenterprise -name unifi

Restart Unifi service

systemctl restart unifi