Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Mikrotik Hap ac -> OpenWRT

Comments

  • #2
    The high horse brigade
    Closed Accounts Posts: 4,456 ✭✭✭The high horse brigade


    Why would you do this? There is literally nothing RouterOS can't do.


  • #3
    Wcool
    Registered Users, Registered Users 2 Posts: 654 ✭✭✭Wcool


    Sorry only saw the reply now. While I agree with you that RouterOS has more features out of the box, there are several reasons for me:

    1) The obnoxious user hostile interface. I am quite a technical person but I don't want to learn iptable principles for a simple port forward. Every time I want to configure something simple I have to do a DuckDuckGo search to help me get it done. The command line interface is bat**** crazy, some sort of castrated linux command line. Reporting is extensive but similarly burdened by overcomplication. I still don't know what to switch on to see a useful report of what device is using what connections over time.

    2) It's not open source, While I do trust Mikrotik it's hard to fathom what is happening inside. With OpenWrt I can compile myself if needed and I can use my Linux skills to modify the system if I want to. I can't add extra functionality outside what Mikrotik provides.

    3) (very minor0 there were some security issues with servers that running unprotected on the router (these have been fixed)


  • #4
    The high horse brigade
    Closed Accounts Posts: 4,456 ✭✭✭The high horse brigade


    Wcool wrote: »
    Sorry only saw the reply now. While I agree with you that RouterOS has more features out of the box, there are several reasons for me:

    1) The obnoxious user hostile interface. I am quite a technical person but I don't want to learn iptable principles for a simple port forward. Every time I want to configure something simple I have to do a DuckDuckGo search to help me get it done. The command line interface is bat**** crazy, some sort of castrated linux command line. Reporting is extensive but similarly burdened by overcomplication. I still don't know what to switch on to see a useful report of what device is using what connections over time.

    2) It's not open source, While I do trust Mikrotik it's hard to fathom what is happening inside. With OpenWrt I can compile myself if needed and I can use my Linux skills to modify the system if I want to. I can't add extra functionality outside what Mikrotik provides.

    3) (very minor0 there were some security issues with servers that running unprotected on the router (these have been fixed)

    I get you, I just thought you were trying to dumb it down :D

    Re #1. Use winbox, then the command line will feel intuitive. It runs well in wine
    Re #2. What extra functionality would you need ;)
    Re #3. Yeah I've had a tik at my mams hacked but it was a lesson, I've all mine updated and well locked down now.

    I actually have 4 tik devices here on my home network, I have 3 vlans (main, guest and iot) and use cAPs and Capsman for wireless management which is similar to Ubiquiti Unifi but a little harder to configure with less bells and whistles


  • #5
    Wcool
    Registered Users, Registered Users 2 Posts: 654 ✭✭✭Wcool


    I would love to investigate if I can create pihole functionality on my router.
    https://pi-hole.net/

    And I think wireguard is going to be massive.
    https://www.wireguard.com/

    Just imagine how life would become easy if it's just a standard linux box?!

    OpenWrt has thousands of packages installable with a few commands or clicks
    https://openwrt.org/packages/start


    I never understood why Mikrotik never developed a user friendly interface. With the quality of the hardware and the prices they would blow away most of the competition bar some chinese brands.


  • #6
    The high horse brigade
    Closed Accounts Posts: 4,456 ✭✭✭The high horse brigade


    Yeah I have pihole running in docker on a server, Can't live without it.
    In fact I'm also using Nextdns on my phone which is pihole in the cloud
    https://www.nextdns.io/


  • Advertisement
  • #7
    heffsarmy
    Registered Users, Registered Users 2 Posts: 911 ✭✭✭heffsarmy


    The high horse brigade wrote: »
    Yeah I have pihole running in docker on a server, Can't live without it.
    In fact I'm also using Nextdns on my phone which is pihole in the cloud
    https://www.nextdns.io/

    Pihole great, blocks alot of ads on android apps. You can setup up your own vpn and pihole on google cloud on the free tier...

    https://github.com/rajannpatel/Pi-Hole-PiVPN-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-OpenVPN-Configs


  • #8
    The high horse brigade
    Closed Accounts Posts: 4,456 ✭✭✭The high horse brigade


    heffsarmy wrote: »
    Pihole great, blocks alot of ads on android apps. You can setup up your own vpn and pihole on google cloud on the free tier...

    https://github.com/rajannpatel/Pi-Hole-PiVPN-on-Google-Compute-Engine-Free-Tier-with-Full-Tunnel-and-Split-Tunnel-OpenVPN-Configs

    Yeah but always on VPN on Android eats mobile battery. Android pie allows for private DNS


  • #9
    heffsarmy
    Registered Users, Registered Users 2 Posts: 911 ✭✭✭heffsarmy


    You don't need to have VPN turned on all the time, only when you need it...The link I attached has been tweaked for mobile device to use lower battery.


  • #10
    The high horse brigade
    Closed Accounts Posts: 4,456 ✭✭✭The high horse brigade


    heffsarmy wrote: »
    You don't need to have VPN turned on all the time, only when you need it...The link I attached has been tweaked for mobile device to use lower battery.

    Yes I have a VPN and pihole at home. It's cumbersome to have to connect a VPN to get adblock out and about which is why I use private DNS instead

    @Op, did you get anywhere with this, I'm curious as I have plenty of Mikrotik devices lying about


  • #11
    Wcool
    Registered Users, Registered Users 2 Posts: 654 ✭✭✭Wcool


    Not sure if you are referring to flashing router or pihole:

    1 Flashing router: no, I don't dare at the moment, I do have backup routers but need to get some time in the weekend just in case of calamity. I also need to put back some tagging of packets so my ISP can see it's his traffic and I am not completely sure how it works and need to know what I am doing first.

    2) pihole: yes I have pihole running with DNS over HTTPS enabled on a PI 2. I configured my Mikrotik to use the pihole as DNS server so I it is completely transparent to any device (I didn't have to to change any settings but to the Mikrotik router)

    I used this guide for DNS over HTTPS Configuring DNS-Over-HTTPS on Pi-hole
    I quite like the idea of using Google resources to get rid of Google advertising but at the moment I stick to disabling Google wherever i can: basically I don't use Google anymore except LineageOS Android.


  • Advertisement
Advertisement