My ideal configuration with L009 router with my needs

Hi, I have just discovered MikrotiK after a suggestion on one of my Reddit posts. I feel that the L009 router might be my ideal choice for my need. I’d like to review my environment, how I’d like to add one of the L009 routers, and what I expect the installation and setup will involve. Please bare with me and offer any comments/feedback to correct any misunderstanding I may have.

My requirements and background info:

• VPN server access from any remote location over internet using a VPN Client app, usually from my laptop.
• All my systems are Linux based (ubuntu 22.04 and 24.04, NO windows )
• I believe best option in the long run is to employ VPN server built into my network router
• I want VPN server access at my home office (Location A), that currently has a NetGear Orbi Mesh router. Several linux servers off home network.
• I want VPN server access at my office that is at a separate location (Location B), where I have several servers setup on the local network. I use NGINX to reverse proxy to various applications, such as Mattermost, gitlab, OnlyOffice, etc. I have pfsense based router in place.
• I want VPN server access at another office (Location C) that currently has no network, but will need to PoE power cameras and access the new local network there. There will be at least 4-5 PoE Reolink cameras on the network. Each IEEE 802.3af, 48V PoE, <12W
• I’d prefer to use a OpenVPN client on my laptop to access these two location.
• I’m a professional real-time system (hardware/software) architect and only over the last year or so had to take over IT responsibilities as I no longer have engineers to help. I know much more about IoT sw/hw and hw design than IT…That’s for sure.
• I’m familiar with how to use Letsenscript, certbot to get self-signed certs
• In addition being able to tunnel in to these locations to access their networks, I will want to use some port forwarding to NGINX servers for to proxy connections, ssh logins, and access services that are not over VPN.
• I own several domain names and am able to setup subdomains.
• ISPs are all Google fiber and only have dynamic IPs - I will need to learn/use DDNS
• Since the Netgear Orbi is a good Mesh router and covers my house (loc A) I don’t think it’s best to setup router based VPN Server. But would plan for Future. Same for pfSense in my office (loc B)

For Location C, new network in a small office building:

1. I will buy a wifi enabled L009 router, buy a 48V PoE power supply for >60W capacity
2. setup A-record for one of my domains to map to the building’s public IP address
3. Follow Instructions for obtaining server and client certificates???
4. Follow instructions on how to transfer client cert to my laptop, i.e. where to put them and setup client for this location??

For location A and B:

1. Choose one of my Linux computers on the local network to host an OpenVPN server install
2. add new vpn..com subdomain to DNS A-record for Location A/B
3. Add port forward on Orbi (Loc A) and pfSense (loc B) to route to VPN server host machine on respective local networks.
4. Enable ufw, which I don’t currently use on, VPN server hosts at Loc A/B networks.

Does this make sense? What am I missing?

Thanks for your feedback.

Hi,

What is the question about Mikrotik? All these requirements are indepented from the brand and type of software you use.
What bothers you? Why do you want to replace the setup you have?

I'm having trouble relating all this data to a single MikroTik question.
It seems to me that what you want to ask is:
"Build me a network from scratch using a single L009 router, I'm not capable of doing it?"

I don't think an internet forum can so easily replace responsibilities that need to be taken on and paid for...
Better if you hire someone.

A lot of things regarding choosing this (or that) model depend on the internet speed you have/want.

If your ISP provides you 500 Mb or so, the L009 might be "right",

If the speed is in the 1 Gb range or more, the L009 starts to be not enough, potentially introducing a bottleneck, and you might need a faster/more powerful router.

Additionally the L009UiGS-2HaxD-IN (the version with wi-fi and big ears) has only 2.4 GHz radio, you would be much better served by - say - an Ax3 (if you really want an all in one device router/AP).

Personally I don't particularly like these all in one devices, unless they are the ONLY device in a setup (small home/apartment), it is IMHO muich better/more flexible to have a router that routes, a switch that switches and as many AP's as needed (but this is just my personal opinion).

A setup that is known to be working (of course it depends on the budget) is having a RB5009 as router (rather powerful, future proofed for up to 2.5 Gb speed or possibly even more), use a L009 (the model without wi-fi) as switch or get a switch of the CSS series, and cAP Ax's, wAP Ax's or even hAP Ax2's as access points (or use another brand access points).

Yes, it all makes sense.

But ... as already indicated ... what's the actual question ?

Adding to what jaclaz mentioned, depending on requirements/users L009 may or may not be the right choice.
But you never mentioned anything in that context ?
How many users/connections for VPN towards that device ?
What VPN connection type ?
What's your ISP connection like ? Upgradeable in foreseeable future ?
...

Like jaclaz, I am not really fond of all-in-one.
Personally I have both RB5009 and L009 in my home setup and separate AX-devices as access points. L009 is used mainly as managed switch in my office with some router functions on top for lab-purposes. For added switch purposes I have additionally CSS318 (damn, that lines up perfectly with jaclaz's suggestion ).

Thanks for your constructive and helpful comments.

When I started writing the post I wanted to understand if the L009 was a good choice, but as I continued I felt I needed to give setup context for Loc C, which is a small standalone building (1600sf) to be rented out. It will have Google Fiber (1GB) but usage will be light.

I’m intrigued about using a router with built in VPN Server, and hoped that describing the setup steps I expected to follow might solicit some useful/helpful comments.

Thanks.