This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature

Test-driving RouterOS 2.9

By Mikael Vingaard on May 19, 2006 (8:00:00 AM)

Share    Print    Comments   

Would you like to have a Linux-based router capable of doing tasks such as stateful firewall inspection, virtual private networking, and traffic shaping, in addition to packet routing? Tired of having to do administration from the command line but want to be able to administer your box from a Windows-based client PC? MikroTik's RouterOS may what you need.

You can boot RouterOS via diskette, CD, or over the network via PXE or Etherboot-enabled network interface card. You can find a full list of RouterOS technical specifications at the homepage.

I installed the 13MB ISO CD image RouterOS v2.9.23 on a old Compaq Proliant 400 (450MHz, 128MB RAM, 20GB hard disk). The software's minimum configuration is a 100MHz Pentium, 64MB RAM, and 64MB storage. When I booted the PC, I found a list of available packages for RouterOS, including the packages to use DHCP and PPTP servers, Web proxy, and much more. You can select individual packages, all available packages, or the minimum required packages. To see the full range of what RouterOS was capable of, I selected all. After a last warning about the data on the disk being erased, the software is installed.

After a mandatory reboot, the machine displays the MikroTik welcome screen. You can use the default username "admin" with no password to log in to a command prompt. To see a list of available commands, type a question mark and press Enter.

The first thing you want to do is change the default password, which you can do with the command /password. The next step is to configure the router's networking information with the command /setup, which walks you through the process via on-screen instructions. In addition to specifying your IP address and default gateway, you can also set up things such as DHCP scope and PPTP clients.

After a successful setup, you can access the router via SSH (default port 22) or telnet. (For security purposes, however, avoid telnet, because with telnet, usernames and passwords are sent over the network in clear text.)

If you would like a more user-friendly interface than the command line, RouterOS offers WinBox, a nice remote configuration GUI for Windows, which make administration of the router a breeze. With it, you can do real-time configuration and system monitoring, create user policies, and review actions in a GUI rather than on the command line. To get WinBox, connect to the router's IP address with a Web browser and follow the link to download winbox.exe. WinBox uses by default TCP port 8291. You can also connect to a router via its MAC addresses.

Testdriving RouterOS

When I had everything is up and running, I began testing RouterOS by creating a PPTP (Point-to-Point Tunneling Protocol) VPN. This is easy to do in WinBox, but let's try it via the command line. First, I enabled the PPTP VPN server with the command interface pptp-server server set enabled=yes . Next, I created a user "sale1" with password "profit," specifying the laptop client's IP address as 192.168.7.2 and the PPTP server's interface as 192.168.7.250: ppp secret add name=sale1 service=pptp password=profit local-address=192.168.7.250 remote-address=192.168.7.2

One last thing to do is add a name to the user, so that when you're monitoring the VPN server, sale1 shows in the stats as Roadwarrior, this may be useful for internal billing: add name=Roadwarrior user=sale1

A PPTP VPN is not as secure as an IPSEC VPN, which is based on certificates issued by a trusted authority. However, certificates are more expensive that the PPTP solution. One compromise is to use self-signed certificates, in which you, rather that a trusted third party, sign the certificates. If you prefer an IPSEC solution, RouterOS can do that as well.

To use RouterOS as a wireless gateway, you need two network cards on the server -- one to connect to the WAN, and one wireless. I configured a new wireless interface using the /setup command, then configured it to act as a DHCP server, providing IP addresses 192.168.8.10 and 192.168.8.99 for my wireless users, with the commands:

/ip pool add name=dhcp-pool ranges=192.168.8.10-192.168.8.99
/ip dhcp-server network add address=192.168.8.0/24 gateway=192.168.8.1
/ip dhcp-server add interface=wifi address-pool=dhcp-pool

To put the gateway on the Wi-Fi interface, using the same IP address pool as the DHCP server and adding a user named "wireless" with the password "testing," I ran the command:

/ip hotspot add interface=wifi address-pool=dhcp-pool-1 /ip hotspot user add name=wireless password=testing

Pricing and licensing

RouterOS licensing schemes include six different levels. According to the Web site can you use a "demo key" that leaves all the software's features enabled without registration for 24 hours. During this period you must get a valid key, or you will need to reinstall RouterOS. The software displays a countdown timer during the evaluation period.

After the evaluation period, you must decide your requirements. You may get a free license key simply by registering as a user on the Web site. A free license lets you enable only one PPTP tunnel and supports only one VLAN interface. This is fine for most individuals, but system administrators will probably opt for one of the commercial licenses, with more VPN tunnels and VLAN interfaces. Even the most expensive license costs less than $300.

Some of the licenses let you use RouterOS as a wireless access point/router. One drawback, however, is that a junior admin migth be foolish and use telnet rather than SSH. I suggest disabling the telnet server, which you can do in the WinBox GUI or via the command /ip service telnet disable.

Conclusions

RouterOS is a good option for small companies with a restricted budget. Thanks to the WinBox application even a novice Linux administrator can make good use of the firewall and set up a VPN.

With some Linux knowledge you will be able to use many options familiar to Cisco router users, such as the Virtual Router Redundancy Protocol for clustering several routers.

Share    Print    Comments   

Comments

on Test-driving RouterOS 2.9

Note: Comments are owned by the poster. We are not responsible for their content.

GPL is better

Posted by: Anonymous Coward on May 20, 2006 10:13 PM
I have the same thing and much more with SME <a href="http://www.contribs.org/" title="contribs.org">http://www.contribs.org/</a contribs.org>

#

winbox

Posted by: Anonymous Coward on May 20, 2006 09:33 AM
You can even use wine to operate winbox properly. I like the CLI for setting them up, as the export command lets you display configs like cisco's "show run", then I can copy and paste the goodies from a text file into mikrotiks or vice versa. The GUI is good for managing the routing table if it has a larger number of routes than the normal 80x25 xterm can handle.

#

is it opensource or freeware?

Posted by: Anonymous Coward on May 20, 2006 11:54 PM
well an interesting read. Can some one will elaborate whether this is a freeware or an open source. If its freeware than what it is doing here?

#

24 hour trial

Posted by: Anonymous Coward on May 21, 2006 08:10 PM
24 hours trial?
Damn, that must the be cheapest trial ever.
Trials are usually 14 or 30 days...

Also, I rather use something more free... such as FREESCO or whatever...

#

Re:24 hour trial

Posted by: Anonymous Coward on May 21, 2006 10:29 PM
Agreed. Why not use M0n0Wall, IPCop, SmoothWall, FREESCO, Coyote Linux, etc, etc?

Why do I have to pay for something, when other projects give their solutions away for free? And they aren't restricted like this!

What's wrong with other solutions that use the web browser GUI approach? (which isn't Windows-specific).

#

Why why why?

Posted by: Anonymous Coward on May 23, 2006 05:06 AM
Why use this when there are at least two good open source routers available?

Why spend money on this OS, a PC, interfaces, etc. when you can buy a fully supported hardware router with as many or more features from several mainstream vendors like Cisco, 3Com, Juniper, SonicWall, etc?

Ignoring the previous post and assuming that they mean wireless router/firewalls when they say router, why use this instead of OpenWRT or Sveasoft on a WRT54G?

#

relief joint

Posted by: Anonymous Coward on May 28, 2006 06:00 PM
<tt>[URL=http://painrelief.fanspace.com/index.htm] Pain relief [/URL]
[URL=http://lowerbackpain.0pi.com/backpain.htm] Back Pain [/URL]
[URL=http://painreliefproduct.guildspace.com] Pain relief [/URL]
[URL=http://painreliefmedic.friendpages.c<nobr>o<wbr></nobr> m] Pain relief [/URL]
[URL=http://nervepainrelief.jeeran.com/pa<nobr>i<wbr></nobr> nrelief.htm] Nerve pain relief [/URL]</tt>

#

this is an excellent product

Posted by: Anonymous Coward on May 24, 2006 12:17 AM
We use this product for a wireless ISP. It is excellent. It has many features and can fill virtually any need. The manageability is excellent. The number of protocols and functionalities supported are far more than this article indicates. This article is extremely shallow. You can go to the web site of MicroTik and get the documentation which is an 800 page PDF file with many excellent examples (not just a commandline reference). This article was way too shallow for an excellent product. Sure you could do this with Linux directly but it would take a huge amount of time to configure the kernel and everything else to cover all of these functions. It costs like 75 bucks for the level 4 license which is all that is needed for most cases. The only price they mention in the article was $300. That is for the controller version which most people don't need. I think I will write an article about this product. This one was so shallow it was almost worthless.

#

Re:this is an excellent product

Posted by: Anonymous Coward on May 24, 2006 03:25 AM
You should disclose your job title at MicroTik.

#

relief joint

Posted by: Anonymous Coward on May 28, 2006 06:00 PM
[URL=http://painrelief.fanspace.com/index.htm] Pain relief [/URL]

  [URL=http://lowerbackpain.0pi.com/backpain.htm] Back Pain [/URL]

  [URL=http://painreliefproduct.guildspace.com] Pain relief [/URL]
[URL=http://painreliefmedic.friendpages.com] Pain relief [/URL]
[URL=http://nervepainrelief.jeeran.com/painrelief<nobr>.<wbr></nobr> htm] Nerve pain relief [/URL]

#

Re:this is an excellent product

Posted by: Administrator on May 30, 2006 01:50 AM
Definitely written by employee of Microtik<nobr> <wbr></nobr>:) No, seriously - you know how to spell it right, how many pages in manual and you are excited by the most sucking features.

Was that error in product price intentional? I mean - if I will say that the license of "level 4" costs $45, not 75 as you said, will that make reader think it's great?<nobr> <wbr></nobr>:)

And regarding the mentioned PDF, it deeply sucks. Only Microtik employee may call it "excellent". No, really. Some terms are not generic, it's hard to understand even for professional. Because of different (sometimes self-crafted) terms used, even Linux guru may feel dummy doing a simple thing.

#

Some experience

Posted by: Administrator on May 22, 2006 04:58 PM
I am using this OS for a few years now.

This OS has some good and bad sides, and good are that you are having a lot of control through GUI, quite good performance and support.

Bad things are sometimes glitching GUI<nobr> <wbr></nobr>:) and lack of sophistication. For example, you may create a VPN between two routers, but this company (Mikrotik) understands VPN as Ethernet-over-IP. They don't really care about security.
You can add new VPN users, but passwords are not even hidden by asterisks. No L2TP with certificates, and moreover - not even planned. You also have to input encryption keys by yourself, and generate and hex them is your duty, they don't care how you do it<nobr> <wbr></nobr>:)

You don't have control over the files of that OS. No access to kernel or whatsoever. This is not a drawback, just a feature. It's like having a firmware on router.

You don't have any linux commands here, excerpt to CD<nobr> <wbr></nobr>:)

It seems this OS is not used on huge corporations, as some features don't look quite well tested. Just this year they fixed errors with scheduling and timezone switching, although they do it quite fast.

What is good in this company, is that it is in fact a normal company. They have an office, a training facility and so on. From the other side, they are not really a software company. Software is secondary for them, so don't expect extraordinary efforts of tuning this OS for your needs. Their main business, as you can see on their website, is selling a hardware, like routers, with their OS embedded.

From the point of view of manageability, it is very good, especially if you are not linux expert, or mostly a windows administrator. In fact, it only requires a theoretical knowledge of networking, but no knowledge of linux required.

Loading time of this OS is about 5 seconds. Quite good.

#

Test-driving RouterOS 2.9

Posted by: Anonymous [ip: 79.181.124.166] on February 29, 2008 02:41 PM
So , does the RouterOs is a Linux distribution and some one know where source is located?
Some one try to run other Linux distribution on their boards.
Could you send me a refferences
thans

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya