Notice

: Function WP_Styles::add was called incorrectly. The style with the handle "hello-elementor-child-style" was enqueued with dependencies that are not registered: hello-elementor-theme-style. Please see Debugging in WordPress for more information. (This message was added in version 6.9.1.) in /home/csrkub/domains/cube-vps.com/public_html/wp-includes/functions.php on line 6131

Notice: Function WP_Scripts::add was called incorrectly. The script with the handle "gpress-custom-js" was enqueued with dependencies that are not registered: gpress-siema. Please see Debugging in WordPress for more information. (This message was added in version 6.9.1.) in /home/csrkub/domains/cube-vps.com/public_html/wp-includes/functions.php on line 6131

*Cube-Host– full cloud services!!

get a consultation
WhatsApp Telegram
EN

Installing MikroTik RouterOS CHR on VPS

Installing MikroTik RouterOS CHR on VPS

Installing MikroTik RouterOS CHR on VPS

What you will need

  • VPS with Ubuntu 20.04 (preferably) and root/sudo access.
  • Provider network data: IP/prefix and default gateway — write them down in advance.
  • Access to the emergency console (VNC/Serial) in the provider’s panel in case the network is not yet up after recording.

Check and record network settings before rewriting the disk (required)

This step is performed before rewriting the disk and installing MikroTik CHR. After writing the RAW image, the current Ubuntu will be completely removed, SSH access will disappear, and you will only be able to configure the network in CHR manually via the emergency console, using the previously saved settings. Therefore, before continuing, be sure to record the network settings provided by the provider.

What data needs to be saved

  1. IP address and mask (prefix)

Example: 203.0.113.10/24

This value will be used when adding an IP address to CHR.

  1. Default gateway

Example: 203.0.113.1

This address will be needed to configure the default route.

  1. Network type — normal or /32

If the IP is issued with a /32 mask (often found with VPS providers), this will require special configuration on the CHR side.

Example of a network with /32:

  • IP: 85.85.85.85/32
  • Gateway: 10.0.0.1

For such networks, the gateway is specified manually when adding an IP address.

Preparing Ubuntu and fixing network settings

This will be useful when initially configuring CHR via the console after rebooting.

Download the Cloud Hosted Router RAW image

Where <VER> is the stable version. If the latest version does not load, use 6.49.10, then update via CHR.

Define the target disk

Caution: ensure the device is correct, as writing will be destructive.

Convert file systems to read-only

This reduces the risk of a “broken” image when using dd (there have been cases of xz-compressed data is corrupt).

Write the image to disk (dd)

Wait until it finishes without errors. This will completely overwrite your current Ubuntu.

Hard reboot in CHR

SSH will disconnect. The VPS will boot under CHR in its default state — there is no network yet.

First login to the emergency console

  • Open the emergency console in the provider’s panel.
  • Login admin, password blank → confirm license viewing → set a new password immediately.
  • Newer models/builds may have different defaults, but for CHR, the typical scenario is admin without a password on first login.

Configuring the IP address in RouterOS (CLI)

In the RouterOS console (menu-oriented CLI):

RouterOS will calculate the network/broadcast based on the prefix; the address can also be added to a single line:

Case with /32 (often in clouds)

If the provider issues a public IP with a /32 mask and an “external” gateway (for example, 10.0.0.1), set the network manually:

Then the default route:

This is a standard working recipe for /32, confirmed by practice.

Default route

Short form:

After setting the address and gateway, CHR will be accessible over the network.

Accessing WebFig/Winbox

  • Open http://<IP> for WebFig (or https://<IP> when HTTPS is enabled).

MikroTik RouterOS

  • Alternatively, connect to Winbox (default TCP 8291).

MikroTik RouterOS
MikroTik RouterOS

  • Login admin + your new password.

What to do immediately after bringing up the network

Mini-security (disable unnecessary services, change service ports)

WebFig and Winbox are similar managers in terms of capabilities; by default, WebFig uses HTTP on port 80 (it is better to enable HTTPS), while Winbox uses TCP 8291.
Enable HTTPS for WebFig:

Username and password

(or leave admin, but set a complex password and restrict access by address)

Time and NTP

Basic NAT (if this is your “internet router”)

Mini firewall for management

Updates and CHR license

Check and update RouterOS:

Check CHR license:

(For production loads, select p1/p10/p-unlimited — see the official CHR section)

Debugging: typical problems

  • “xz-compressed data is corrupt / System halted” after dd
  • A common cause is writing to a “live” FS. Converting the FS to read-only before dd helps. If you encounter problems, use 6.49.10, boot up, then update to 7.x.
  • No ping after reboot
  • Check that you have set the address and gateway in CHR (steps 8–9). For /32, specify network=<gateway> when adding the address and set the route gateway=<gateway>.
  • +WebFig/Winbox opens
  • Log in via the emergency console, check /ip service print, the firewall, and that you are looking at the correct port (Winbox 8291/TCP).

Additional: quick configuration grid

Login via DHCP (if the cloud assigns the address dynamically)

(For server environments, a static address is preferable.)

Bridge (if there will be multiple interfaces in CHR)

VLAN on the interface

Table of Contents

 

Prev

More articles: