Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Mikrotik 4011 - Harnessing its Power!
Shindig

1585 posts

Uber Geek

Trusted

#281343 12-Feb-2021 10:36
Send private message

My recently purchased 4011 is going great. Really happy with the performance boost it has given my network.

 

Other than a IPSEC \ L2TP VPN which I need to setup, what else can I do with the router to maximize its power and usage?




The little things make the biggest difference.

Create new topic
michaelmurfy
meow
13243 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2655115 12-Feb-2021 10:44
Send private message

I replaced my Edgerouter with one and find it great. If you want VPN access I'd recommend setting up Wireguard on a Raspberry Pi or something (https://www.pivpn.io/) - leave the router to routing duties where possible.

 

There are 2x switches on the router each with a 2.5Gbit link to the CPU - so if you've got a Gigabit connection you're best to plug your ONT into Port 1 and have your network on the 2nd switch (port 6-10).

 

Other than that, it is a router? What are you wanting to achieve?




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



mdooher
Hmm, what to write...
1424 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #2655118 12-Feb-2021 10:47
Send private message

not about its power ..

 

but CapsMan. is great I have 5 access points 

 

Autofailover to a mikrotik GSM router (also acts an access point)

 

outgoing VPN for netflix (only for my telly)

 

that should keep you busy for the weekend

 

 




Matthew

chevrolux
4962 posts

Uber Geek
Inactive user


  #2655130 12-Feb-2021 11:22
Send private message

michaelmurfy:

 

I replaced my Edgerouter with one and find it great. If you want VPN access I'd recommend setting up Wireguard on a Raspberry Pi or something (https://www.pivpn.io/) - leave the router to routing duties where possible.

 

 

Do you reckon that's a good use of resource when you have a quad core ARM cpu? Like even pushing 900Mbps on a speedtest, mine tops out around 20-ish% utilisation. May as well use that headroom I reckon.

 

Unless of course the requirement is something other than L2TP/IPsec (because the other VPN options have been a little hit and miss for Mikrotik in the past).

 

For the OP, my main reason for the 4011 was to chuck a 10Gbps DAC in to my switch (CRS328-24P) just to get it all tidy - no requirement to push more than 1Gbps out the WAN, but how cool we can do a 10Gbps for $40 now haha.

 

If you did want to play, you could always have a run at installing The Dude. Just an SNMP management tool for your network - might not have too much to monitor at home, but always a good learning thing.



Shindig

1585 posts

Uber Geek

Trusted

  #2655132 12-Feb-2021 11:34
Send private message

Is there a easy to follow tutorial for setting up a L2TP/IPsec VPN someone could share please




The little things make the biggest difference.

nztim
3815 posts

Uber Geek

ID Verified
Trusted
TEAMnetwork
Subscriber

  #2655164 12-Feb-2021 12:29
Send private message

you could in theory use this for hyperfibre having a 10GbaseT to the ONT and LAG ports 1,2,6,7




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 

chevrolux
4962 posts

Uber Geek
Inactive user


  #2655183 12-Feb-2021 13:40
Send private message

Shindig:

 

Is there a easy to follow tutorial for setting up a L2TP/IPsec VPN someone could share please

 

 

It's pretty simple these days!!...

 

1) PPP > Interface > L2TP Server (button).
Enable the server, choose a default server profile (generally I just start by making a copy of the default-encryption profile and call it default-l2tp so easy to change in the future), say yes (or required) to 'use ipsec', set a shared secret. Oh and I turn off chap and pap authentication.

 

2) PPP > Secrets
Create your users. At this point you can decide to use the profile to assign addresses, set them manually per user. You'll note the default for service is "any", I've always got in to the habit of setting these to the specific service required .

 

3) Chuck some firewall rules in on the input chain.
;;; Allow GRE
chain=input action=accept protocol=gre in-interface=pppoe-wan
;;; Allow L2TP IPsec
chain=input action=accept protocol=udp in-interface=pppoe-wan dst-port=1701,500,4500

 

 

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright