Alex Hall

4 months ago

Alex Hall
4 months ago

On the off chance anyone is familiar with MikroTik, I have a question. I'm between the RB5009 and the L009. The latter is much cheaper and less powerful, but should still do what I need. I think. 1GBPS is enough for me, and the most intensive things I plan to do are Wireguard for several clients and two or three VLANs. I like the price of the L009, but I don't want to get something now I'll only have to upgrade in a year. I don't know if the RB5009 is worth it, or is massively overpowered.

in reply to Alex Hall

Khronos

in reply to Alex Hall 4 months ago

Go for the 5009 if you have the cash. It has a lot better cpu and ram specs should give you better vpn speeds.

in reply to Alex Hall

Kyle Borah

in reply to Alex Hall 4 months ago

I would not get anything thing MikroTik. They have had several major security issues in the passed. I will admit, I am fuzzy on the details now. They could have been old and EOL devices.

in reply to Kyle Borah

Alex Hall

in reply to Kyle Borah 4 months ago

@KyleBorah I'll do some research first. Thanks for the notice. I like them because they seem to be the only router OS that can be controlled entirely by the terminal, instead of the partial control of PFSense and the like.

@Kyle Borah

in reply to Alex Hall

Jamie Teh

in reply to Alex Hall 4 months ago

@KyleBorah I can't answer your specific questions (as I only own lower spec Mikrotik routers) nor any questions about security issues in the past, but if you have any questions about Mikrotik RouterOS, etc., I can likely answer those. I have three lower end Mikrotik routers here.

@Kyle Borah

in reply to Jamie Teh

Alex Hall

in reply to Jamie Teh 4 months ago

@jcsteh @KyleBorah Thanks, I'll keep that in mind. I like the Telnet control scheme. If and when the web-based UI is useless, I can use the terminal. I tried this with PFSense some years ago, but its terminal controls were incomplete.

@Jamie Teh @Kyle Borah

in reply to Alex Hall

Jamie Teh

in reply to Alex Hall 4 months ago

@KyleBorah I only ever use the RouterOS terminal interface via ssh. I never use the web UI.

@Kyle Borah

in reply to Jamie Teh

Peter Vágner

in reply to Jamie Teh 4 months ago from RaccoonForFriendica

@Jamie Teh @Kyle Borah @Alex Hall I have used mikrotik devices a lot in my previous job. The company I've worked for had like hundreds of them in production. I've always used SSH and CLI interface to control them. For the home setup I'd recommend going with lower specs mikrotik. Wireguard VPN is not so CPU intensive as compared to other VPNs and tunnels.
The security issues mostly come from the fact router OS allows you to do all ssorts of veird configs like disabling firewall filter rules completelly, or not blocking incoming DNS, NTP traffic whatever.
I would say it's a good think so inside your network you can have all these in place and you should secure mostly edge routers.

@Alex Hall @Jamie Teh @Kyle Borah

⇧

Alex Hall 4 months ago • •

Alex Hall
4 months ago