MikroTik

Hello,

Having been a residential m0n0wall user for a couple years now, I'm now ready to take my limited networking experience to the next level. After doing some research, I think that RouterOS is the best fit for me, but I admit that I have a great deal to learn before I can take the plunge. Right now, I'm testing RouterOS 4.6 on a RouterBoard 133 model. If the MikroTik community can assist me in answering some basic questions, I'm confident I can better acquaint myself with this unfamiliar OS.

• 1) My kids need their internet disabled at a certain time on school nights, but at a different time on weekends. Is there an option to schedule internet disconnection by SSID, interface, MAC address, or IP (or all, perhaps)?

• 2) A friend who used to do a lot with RouterOS says that he could toggle a VPN connection for a single machine on his network via WinBox. I'd like to learn how to do this. My work network uses an "SSL VPN" by FortiNet. Can RouterOS leverage this type of VPN connection or is it exclusive to FortiNet?

• 3) I recently stumbled across the "License" window in WinBox and saved a copy of my RouterOS 4.6 level 4 license to my local machine. Is there any way I can use this same key on an x86 machine I build myself? This would be my ideal router configuration.

• 4) I'm very interested in learning more about MikroTik's QoS engine. Excuse my honesty, but I #&%@ing HATE m0n0wall's QoS engine.

• 5) Anyone have any suggestions for RouterOS learning materials for beginners? I wish to expand my knowledge of this promising OS.

• 6) I'll take anyone's opinion with this question. As a residential power user, what can RouterOS offer me that m0n0wall has not?

Thanks so much for your time!

Regards,
Marlon

1-) You can do it with "simple queues" by filtering or blocking their internet connection by their ip address in schedule that you defined.
2-)I have no idea about vpn config so let another user answer this question
3-)Never tried )
4-)There are lots of qos example and explanation in wiki.mikrotik.com
5-)Again wiki )
6-)I have no idea about m0n0wall can or can't do so i can not compare them, sorry.

I know I know not much but at least i am trying to help, dont judge me )

RouterOS is a bit more robust than M0n0wall. I don't know of M0n0wall being used in ISP setups but there's a lot of Mikrotik there. It's probably going to do anything you want it to and more. Your VPN will probably need to be changed over to one Mikrotik supports but that just means better security for you.

A lot of the features might be over your head right now but it gives you room to learn should you choose to.

1.) This can be accomplished in the firewall filter. There is a time option where you are able to specify the day of the week and times it is active. You will probably need a total of 3 rules, one accept for the time of day during the week, one for the weekend, and one for drop all at other times. You can do this based off of the IP address they are coming off of. You can either assign them a static IP, or if you want to make sure they don't get around it easily, set up a bridge on the Ethernet ports they are connected to and specify an in interface or give them their own subnet. Then you can specify an in-port or the entire subnet to be affected by this rule.
2.) The MikroTik supports an SSH VPN, it's called Open VPN. I haven't played around much with that one. Also in version 5 they have added in SSTP for a VPN.
http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP
We would need to know more of what you would be looking to do to get any more technical than that.
3.) The license it tied to the hard drive of whatever device you installed it on, it is not transferable at all. MikroTik support may grant you a replacement license if you loose or damage the hardware, but that's all up to them. It is only tied to the hard drive however, so if you have the appropriate build you can move it to other another board/PC if needed by transplanting the hard drive.
4.) The Wiki is the best place to look at that stuff and see what will fit your needs best. There are several user examples that can be adapted to meet your needs.
http://wiki.mikrotik.com/wiki/Category:Manual
5.) It all depends on what you are looking to do and how in depth you want to go. For at home use, read through the Wiki/Manual and play around with the options that are there, and there is always the forum for any questions that may come up. If you are looking to use this in a business, it may be worth your time and money to look at taking a training course.
6.) I'm not too familiar with m0n0wall to answer this, but the MikroTik gives you a lot of choices and control along with reasonably priced hardware. There are tons of options available, but you are the one that is expected to set everything up to meet your needs. By default the only thing that comes set in a MikroTik is an IP address, all other security etc is completely up to you to set up. As long as you are aware of this and have realistic expectations, then you will be happy.

Having played with m0n0wall in the past, the main difference is that m0n0wall is primarily a firewall, whereas RouterOS is primarily a router (though its firewall is also very good). You'll find most of the other features roughly on parity (VPN, captive portal, DHCP server etc).

RouterOS also has much better traffic shaping capabilities as - at least when I last used it - m0n0wall doesn't implement most of what dummynet could do.