MikroTik 4011
Yesterday my 4011 has arrived - (RB4011iGS+5HacQ2HnD-IN) and today i want to write down a few letters about this.
First of all: I use MK hardware since january this year and I’m so impressed of the handling
from this devices that the 4011 is now my 3rd piece of hardware from this vendor.
I’m really not a fan boy but the functionality of the devices is just amazing and at least it is in my budget.
Most of the hardware can be prepared with with *WRT
software and this is a decisive point for me.
At this time i use the following MK hardware:
- hEX - a simple router
- LHG LTE6 kit - a high gain lte antenna
- RB4011iGS+5HacQ2HnD-IN - my new love ;)
The only thing that bother me is the architecture (ARM32) which not allows me to put OpenBSD on it.
That is very sad, but the advantages outweigh the disadvantages. So it is.
For everyone who wanted a truely trustfull system from scratch should use a APU-Board from PC-Engines
which is delivered with the open source BIOS coreboot
and install a beautiful OpenBSD on this device.
I don’t want to write love letters to MikroTik in this post. I want to show how i configure this device for my usecase.
My requirements are:
-
Many ethernet ports to seperate traffic physical for:
- Webservices
- Media traffic like KODI and so on
- Guest network
- Freifunk traffic
- Homeoffice network
- Unsafe network for HackTheBox and stuff like this
- And a admin network where i can maintenance all these things
-
Two wifi interfaces
- One 5Ghz wifi for wireless devices like smartphones and laptops
- One 2Ghz wifi for the “Internet Of Shit” faction
-
Different VPN setups on specific interfaces
- Road warrior setup
- Side by side setup
- Commercial VPN for daily use traffic
-
Some of this devices must talk to each other
-
Routing and tagging have to be easy
-
The whole setup must be reproduceable
-
Maintenace over
ssh
In short: This device is the router of my dreams. I’m very happy :)
the full documentation of the requirements above find in the
docs/stuff
section