Hi! I’m new on the forum so I hope don’t broke any rules on my first post…
I own a Draytek router (2860) for quite some time but I’ve decided to change it for problems with qos e for a terrible bufferbloat (in the online test I’ve received a F…).
The best option to me are mikrotik or ubiquiti… so, here I am.
One of the features of the Draytek that I can’t lost in the change are route policy. In particular, these are the things that the new router must do:
Route to a vpn service (now I use P.I.A.) the traffic to some website (ex. If I digit www.google.com the traffic go to my ISP, but if I digit www.bing.com the traffic will go to the vpn tunnel)
Route to a vpn service all the traffic from a single ip address that use a selected port (ex. All the traffic from my nas through the port 5000 go to my ISP, but the traffic from the same ip in the port 80 will go to the vpn tunnel)
I attach two example screenshots to better understanding what I’m trying to say… https://ibb.co/VpBbfp1 https://ibb.co/X85KM0X
There are also some other function that I use of course, but are pretty basic (e.g. bind ip to mac, vlan, Dynamic DNS, DNS Forwarding for an internal ip, vpn server for my smartphones).
Now, I want to set all these functions through a GUI: no CLI, no Terminal, no SSH. Is it possible? With wich model?
Thank you very much!
There is no difference in functionality between MikroTik models. They all run the same software. The only difference is in performance,
number of ports, available WiFi frequencies, etc.
There also is nearly no difference in functionality between commandline, web interface, and “winbox” dedicated application interface.
They are just views on the same configuration. Only in rare cases (mainly newly developed options) there may be a commandline option
to set something. However, when you have issued that you can continue to work in GUI.
(it is not like with some other routers where GUI just generates a commandline configuration and using commandline yourself would
be overwritten the next time you use the GUI)
For policy routing the features available in Draytek (as far as I know, it has been some time I used them) should certainly be possible
in MikroTik. However they operate on IP address, not domain name. So what you write as an example really is not practical to implement,
because both www.google.com and www.bing.com have many different (and changing) IP addresses. There are ways to work around it
using DNS-based address lists, but it requires that you exclusively use the DNS resolver in your router as an inbetween.
(no direct DNS request to 8.8.8.8 from your computer, or catch them in the router and redirect to the local resolver)
Finally, configuring a functionality like this requires basic understanding of how a router works and what it can and cannot do, in RouterOS
the configuration operates on that level. There are fewer “higher level” wizards and one-click-does-it-all buttons in RouterOS than there
are in Draytek.
Also note that the more advanced features only work in IPv4. Basic IPv6 support is there, but it is severly lacking in functionality.
(e.g. policy routing is not possible in IPv6)
At first glance of the router os I had guessed it was so…
However they operate on IP address, not domain name. So what you write as an example really is not practical to implement,
because both > www.google.com > and > www.bing.com > have many different (and changing) IP addresses.
It’s a real shame…
There are fewer “higher level” wizards and one-click-does-it-all buttons in RouterOS than there
are in Draytek.
In fact trying the online demo of the router os I got scared (even more for the lack of a real manual), so I opened this thread.
Also note that the more advanced features only work in IPv4. Basic IPv6 support is there, but it is severly lacking in functionality.
(e.g. policy routing is not possible in IPv6)
This is not a problem: even now the setup of my lan is IPv4 only. For the general user I think that the IPv6 is the greatest bluff of the last ten years..
It is possible to trick it, but it is not 100% reliable.
In RouterOS you can populate an “address list” with a domain name.
So you can make an addresslist “bing” and put “www.bing.com” as an entry. This list will then be filled with bing IP addresses.
Of course you need to research what other domain names are involved in using bing, e.g. static.bing.com or images.bing.com
or similar, and also add them to the list.
You cannot use an address list to define policy routing, but you can use it to mark packets matching the list with a packet-mark
and then do policy routing based on that mark.
But when your PC can do its own DNS resolution not via the DNS resolver in the router but directly to some public DNS
service, it will get different replies than the router and it will still fail (because your PC connects an address not in the list).
So you need to force the PC to use the DNS resolver in the router. This resolver has the reply in cache that it also used to
populate the address list, so it is going to be the same. That can be hinted by configuring the DHCP server
to return the router address as the DNS resolver, but that is not enough. Google products like Chrome, Android etc will
still try 8.8.8.8 adnd 8.8.4.4 as DNS resolver. So you need to do address rewriting in forwarded DNS packets too.
As you can see, in RouterOS it is not a single click operation. You need to setup multiple things that each involve multiple
steps. When you cannot replicate such guidelines because of not enough knowledge about the technologies involved, in
practice it is difficult to do such advanced configuration on RouterOS.
But when you do master this, you can do a lot more than with Draytek.
Yes, I think so… but how can I master routerOS? I’ve seen the live demo and, honestly, it’s a real mess!
And no manual to start neither a complete walkthrough for newbie…
Also, it’s for a home use, not for work: I don’t want to go mad with a terminal interface without gui…
I really don’t know… but thank you for your great replies!
You need to set aside about 100 hours to do what you’re wanting to do and understand it. We could help you, but it would be very frustrating unless you were prepared to understand it and therefore be able to take over your own administration of your MikroTik. There is no shame in not wanting to be an expert in this field. For the time being, using a MikroTik requires a big commitment.
Hi windswalker, I am a home owner too, and yes there is a learning curve. The best thing is that I am here to help and thus it will be much less painful. I had to deal with the experts here who cannot imagine the depth of my agony working on these routers and the ineptness they were dealing with. Kinda like billiionaire Trump Cabinet members who cannot understand why US federal workers need to go to foodbanks when they are not paid.
Seriously, its not that bad. The units work great straight out of the box and then you step slowly and carefully. There is a great feature that I arrogantly dismissed as not needing and it has come to be my friend and that is a SAFE MODE button.
I have 2 CapACs (access points) and am running a router bridge with one LAN that handles mostly all traffic, home users guest vlans etc, and I have a separate LAN just for an outdoor septic panel.
I have multiple VLANs, one for smart devices in the home, one for guest wifi.
I have not ventured into VPNs yet, nor EOIP which is a unique way for MT devices to talk to other MT devices over encryption but its like they are in the same LAN, very transparent.
I note some of the experts are trying to dissuade you because they are overworked and underpaid and just want to deal with IT experts. ;-PP
(Draytek was if not founded populated with ex Zyxel engineers (same hinschu park) to try and have more user friendly and flexible vpn routers (zyxel firmware was not the quickest to respond to market needs and sometimes difficult to program).
Ok… so let’s say that Mikrotik make great products: I’ve heard only good things on their routers,no doubt.
But… 100 hours to do what now I can do in half an hour (assuming that I’m not importing my old configuration and do it by scratch).
Sorry, but I’ve a work, a family and a life and I’m not willing to spend the rest of the day trying to do with Mikrotik what I’m already doing with Draytek: is a nonsense.
I’m a computer enthusiastic, a nerd among my friends, but this is overwhelming even for me. Draytek isn’t easy to master, absolutely! But at the very least the interface is clear, there are many walkthroughs and, at the end, I can do almost anything I need for.
I think that I’m stick with Draytek, his terrible bufferbloat, with his mediocre qos and a comprensible interface.
Thank to you all for your replies: you have avoided me to make a big mistake
It depends on your point of view. Frankly I switched from Draytek to MikroTik because it was very unclear what was happening
inside those routers. Sure you can click some buttons and magic happens, but when it is not exactly the magic you expect you
are debugging a black box. At least in MikroTik is is reasonably clear what you are doing, so the pros and cons of a certain solution
are reasonably clear. Also the Draytek routers are clearly targeted for simple solutions and once you go beyond the standard
home-router-with-some-portforwardings and some VPN applications their capabilities quickly end.
E.g. the BGP implementation they offer is very incomplete and I cannot imagine a situation where it would work very well.
I also hated the fact that you cannot make a listing of what you have exactly configured in a Draytek router. The backup file
is binary and unreadable, and there is no ASCII export similar to what other routers (Cisco, MikroTik) offer. When asking
about it, I got completely nonsense replies from their support (that this was done “for security”). It makes it completely
impractical to document configurations and to build upon work that you have done before when configuring a new router.
That being said, MikroTik routers are mainly targeted to network professionals. You can setup a simple NAT router without
much knowledge, but when you go beyond that you must have basic network knowledge and be prepared to learn. When you
do not feel comfortable with that, a MikroTik router is probably not for you.
Kinda like billiionaire Trump Cabinet members who cannot understand why US federal workers need to go to foodbanks when they are not paid.