I’m using Mikrotik equipment exclusively. In a place where no ISP provides wired services, I use an SXT LTE6 Kit, powered by a Hex PoE router which in turn is connected to a CRS328 switch. The latter powers over PoE my AP and is planned to power a few cameras.
I have a Turris Omnia, which runs an OS based on OpenWrt out of the box. You can install OpenWrt instead, if you prefer (I’m fine with Turris OS). In either case, you can configure all kinds of packages for VPN, NAS, NextCloud, and much more.
The distributed firewall they mention is disabled by default.
They just announced a newer model called Omnia NG. There’s also a modular system called Mox.
The documentation has much more information about the hardware and software.
I use Mikrotik (two routers for two ISPs) but I am getting weary of it because I am not willing the put in the effort to master it. Though I am not keen on spending tons of cash on Ubiquiti either – also heard they are still not as reliable as they should be – so I’ll be with Mikrotik for a while still, unless one day I get super sick of it and start setting my own pfSense + friends on my own hardware. Unlikely for now.
Mikrotik is pretty nice but if you misspell a number somewhere, good luck knowing why your VLAN or anything else does not work. They really could benefit from a few internal checks and validations here and there.
I got a bit annoyed with my 10 year old Asus because it wasn’t giving me my full fibre speed.. even when wired! So I ordered another Asus. It gives me full speed wired and around 440Mbps wireless (I have a 500Mbps connection and am on a different floor to the router).
For those of you with Mikrotik routers (@krasenyp@konstantine@dimitarvp) what is their main selling point? (Are they open source? Aimed at businesses/data centres?) Looks like they are mainly focused on the European market?
Nice! I’ve not heard of them before, and I think if I hadn’t ordered this Asus I would have seriously considered that one. If you’re on their mailing list and hear of it being released please let us know! I think it could potentially become a popular router in the dev/OSS world!
No wifi at all Herman?
For those of you with Mikrotik or Turris routers, do you know if they unlock the additional 5Ghz channels for the UK market? The UK allows additional 5Ghz channels (which can help with congestion):
5 GHz Channels UK vs EU
Band + Channel Range
UK
EU
UNII-1 (36-48)
Indoor use only
UNII-2A (52-64)
(DFS)
(DFS)
Requires DFS
UNII-2C (100-144)
(DFS)
(DFS)
Requires DFS. 120-128 have a longer observation time
UNII-3 (149-165)
Not supported on EU devices
Sometimes you can ssh into the router and change the country to GB manually, which should then make the additional channels available on reboot. Obv don’t do this if you’re in the EU tho
Sure I have WiFi but not from the router, I use TP-Link Omada Access Points throughout the house, those like Unifi allow roaming, currenlty WiFi6, may soon upgrade to WiFi7.
True. Complex configurations are best verified – if not applied – by scripts.
what is their main selling point? (Are they open source? Aimed at businesses/data centres?)
Closed source. They primarily cater to the consumer and SME segments. Once RouterOS basics are mastered, value for money is unsurpassed. An inexpensive Beelink machine can, for instance, match the capabilities of a premium router. A Proxmox VM can provide anything one might want to achieve on a cloud server. These selling points may be irrelevant to large enterprises, but they are important to the masses.
Just a quick update on this in case it helps anyone, I enabled Enable 160 MHz and now I am getting my full fibre speed wirelessly
I’ve set my router up as MLO/Wifi 7 even though I don’t have any wifi 7 devices yet - guessing next year’s Macs will come with 7.
Nice. Are they good for running Wireguard/VPNs (something I want to try at some point myself).
That’s good to know. I hope that brand does well and not sure if you’re on their forums but something I have mentioned in the past is wishing we had smart routers, that…
Essentially the router would become the primary or a major security layer, and if for instance it detects activity which looks like someone has accessed your computer and is downloading all of your files it can warn you or block it. I think a lot of people would be interested in being able to quickly review content/data that has left their machines, particularly as distrust in companies like Apple and Microsoft grows.
Heading in the sort of direction sounds like it could be a really good fit for their brand
You might find Sentinel interesting. Apart from that, OpenWrt/Turris OS are highly customizable. I haven’t looked into it, but there are probably already ways to install network monitoring and threat detection tools.
WireGuard works well in recent RouterOS versions, alongside several other more mature VPN protocols. Despite its somewhat quirky configuration, it has become my go-to VPN for Mikrotik setups.
Sentinel looks great for attackers, what I’d love to see though is a router that can keep companies like Apple and Microsoft (and all the apps we use) honest and accountable.
Not sure how easy it would be but a router that can breakdown activity by device and type and in a user-friendly way would be a good start. Here are some links for context:
Tutorials run against the official religious doctrine in Latvia. These guys make a great product, but a degree of pain is unavoidable. Fast RouterOS development tends to make matters worse, as online information (including documentation) tends to fall behind recent RouterOS versions. In my experience, either you go for a relatively simple configuration that you (have) set up and forget about it. Or you accept that time will have to be invested.
Mikrotik with Terraform is priceless. So so so good. You can rollback to any state really quickly and even provision everything from scratch in seconds.
These guys make a great product, but a degree of pain is unavoidable. Fast RouterOS development tends to make matters worse, as online information (including documentation) tends to fall behind recent RouterOS versions. In my experience, either you go for a relatively simple configuration that you (have) set up and forget about it. Or you accept that time will have to be invested.
