|
Oh, hey, this thread isn't dead yet. Netgate and Ubiquiti have both been pissing me off (Netgate with how they're totally unable to own up to loving up, like with the WireGuard poo poo, and Ubiquiti with their abysmal "stable" releases and, now, putting ads in the controller software), and I'm starting to think about looking to see what else is out there for alternatives. I've heard people talking about Mikrotik for years, but I don't know much about it. So, I have some questions, and I'm hoping somebody might have some thoughts on them. How are people's experiences with it these days? I saw some mention of it being kind of unstable and needing to be rebooted every month or two. Is that still the case? And how loud are the fans? Unfortunately, I don't really have a place to put my networking gear that's out of the way, so quieter stuff is definitely better. Ubiquiti's been great for that. Also, how is it for DNS these days? I have a subdomain for my home devices, and pfSense has been great about letting me manage that, while forwarding requests for addresses at the rest of the domain to the upstream DNS servers. Can the Mikrotik stuff do something similar? I see it does DNS caching, but I'm not seeing much about intercepting requests for a subdomain. How much of a pain in the rear end is it to set up OpenVPN? The documentation on running an OpenVPN server on these things seems a little, uh, thin. Also, do they really not support anything better than SHA1 for auth? And which mode do they run AES in? GCM? When I started looking at this, I was assuming that it was a controller/device model for licensing. But, reading the licensing page, it sounds like it's per-device instead. While I don't imagine I'd run into any of the limits for what they currently license for, if they were to introduce some new feature in the future that required, say, a level 5 license, would I be unable to use it on any devices with level 4 licenses, even if I had a device with a level 5 license as well? For management, would I need to go into each device and configure it individually, or is it possible to do that from a centralized place? I'm on a Mac, so running Winbox would mean doing all my configuration in a VM, which, while possible, wouldn't be ideal. If I could configure everything from a single CLI or web UI or something, that'd be much better. One of the features of the Ubiquiti stuff that I've appreciated is that they're big on the SDN model, which makes management really simple. Swap out an AP or a switch? Just adopt the new one, and it's good to go. It looks like Mikrotik might use a more traditional model for that (configure each device individually, then deploy it), which I can understand, but . . . well, I'm hoping I'm wrong. Is there any meaningful difference other than how it's configured out of the box between one of their high-end switches and one of their routing appliances if they both run RouterOS? It seems like it should be possible to reconfigure a switch to do routing work, if the hardware works out better for a particular use case. How's their multigig stuff been? I've started to transition my network to 10gig, and my ISP is going to start offering some sort of multigig service level in the future. So, ideally, I'd like to be in a place where I can make good use of it.
|
# ¿ Apr 11, 2021 22:29 |
|
|
# ¿ Apr 26, 2024 13:59 |
|
SlowBloke posted:1. It’s relatively stable but it’s not going to rack up months or years of uptime if you keep it current with updates. Most base to intermediate kit is fan less so it shouldn’t be a problem noise wise. Yeah, I don't mind rebooting for updates. I can plan for those. It's poo poo randomly keeling over that I'd like to avoid, especially since I was switched to permanent WFH last year. The thing with the DNS stuff is that I already have a DNS provider that I have most of the domain hosted with. I have some specific entries within my network which return different results so I can access them at the same FQDNs as I can from outside my network (pfSense returns an internal IP for specific FQDNs which is the host that the external IP gets NATed to for that service). I guess I could run an actual internal DNS server if I need to, though. I did see that the devices are sold with full licenses. It's more the restrictions at various levels that I was concerned about. I definitely don't want to white box something if I can avoid it, though. The "we might ask you to mail in the dead hard drive" thing for running it on bare metal just sounds like a pain in the rear end, and while I know that people do run routing off a VM, I'd be way more comfortable with a physical device. That's good to know about the management poo poo (unfortunate, but not surprising) and switches/routers. Thanks!
|
# ¿ Apr 12, 2021 00:42 |