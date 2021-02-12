Geekzone: technology news, blogs, forums
Forums LAN (ethernet/Wifi/routers/Bluetooth) Mikrotik 4011 - Harnessing its Power!
Shindig

1162 posts

Uber Geek

Trusted

#281343 12-Feb-2021 10:36
My recently purchased 4011 is going great. Really happy with the performance boost it has given my network.

 

Other than a IPSEC \ L2TP VPN which I need to setup, what else can I do with the router to maximize its power and usage?




The little things make the biggest difference.

michaelmurfy
/dev/ttys0
10926 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2655115 12-Feb-2021 10:44
I replaced my Edgerouter with one and find it great. If you want VPN access I'd recommend setting up Wireguard on a Raspberry Pi or something (https://www.pivpn.io/) - leave the router to routing duties where possible.

 

There are 2x switches on the router each with a 2.5Gbit link to the CPU - so if you've got a Gigabit connection you're best to plug your ONT into Port 1 and have your network on the 2nd switch (port 6-10).

 

Other than that, it is a router? What are you wanting to achieve?




Michael Murphy
mdooher
Hmm, what to write...
1322 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2655118 12-Feb-2021 10:47
not about its power ..

 

but CapsMan. is great I have 5 access points 

 

Autofailover to a mikrotik GSM router (also acts an access point)

 

outgoing VPN for netflix (only for my telly)

 

that should keep you busy for the weekend

 

 




Matthew

chevrolux
4962 posts

Uber Geek
Inactive user


  #2655130 12-Feb-2021 11:22
michaelmurfy:

 

I replaced my Edgerouter with one and find it great. If you want VPN access I'd recommend setting up Wireguard on a Raspberry Pi or something (https://www.pivpn.io/) - leave the router to routing duties where possible.

 

 

Do you reckon that's a good use of resource when you have a quad core ARM cpu? Like even pushing 900Mbps on a speedtest, mine tops out around 20-ish% utilisation. May as well use that headroom I reckon.

 

Unless of course the requirement is something other than L2TP/IPsec (because the other VPN options have been a little hit and miss for Mikrotik in the past).

 

For the OP, my main reason for the 4011 was to chuck a 10Gbps DAC in to my switch (CRS328-24P) just to get it all tidy - no requirement to push more than 1Gbps out the WAN, but how cool we can do a 10Gbps for $40 now haha.

 

If you did want to play, you could always have a run at installing The Dude. Just an SNMP management tool for your network - might not have too much to monitor at home, but always a good learning thing.



Shindig

1162 posts

Uber Geek

Trusted

  #2655132 12-Feb-2021 11:34
Is there a easy to follow tutorial for setting up a L2TP/IPsec VPN someone could share please




The little things make the biggest difference.

nztim
2213 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #2655164 12-Feb-2021 12:29
you could in theory use this for hyperfibre having a 10GbaseT to the ONT and LAG ports 1,2,6,7

chevrolux
4962 posts

Uber Geek
Inactive user


  #2655183 12-Feb-2021 13:40
Shindig:

 

Is there a easy to follow tutorial for setting up a L2TP/IPsec VPN someone could share please

 

 

It's pretty simple these days!!...

 

1) PPP > Interface > L2TP Server (button).
Enable the server, choose a default server profile (generally I just start by making a copy of the default-encryption profile and call it default-l2tp so easy to change in the future), say yes (or required) to 'use ipsec', set a shared secret. Oh and I turn off chap and pap authentication.

 

2) PPP > Secrets
Create your users. At this point you can decide to use the profile to assign addresses, set them manually per user. You'll note the default for service is "any", I've always got in to the habit of setting these to the specific service required .

 

3) Chuck some firewall rules in on the input chain.
;;; Allow GRE
chain=input action=accept protocol=gre in-interface=pppoe-wan
;;; Allow L2TP IPsec
chain=input action=accept protocol=udp in-interface=pppoe-wan dst-port=1701,500,4500

 

 

