My Journey from EdgeRouter to MikroTik

Recently, I transitioned from an EdgeRouter 4 to a MikroTik CCR2004-16G-2S+ as my home router. This switch was primarily prompted by the occasional bugs and dwindling updates in EdgeOS, including issues such as default route loss during DHCP renewals with a /32 netmask, disappearing IPv6 gateway, and a memory leak in snmpd.

All in all, I’m quite happy with the switch to MikroTik. In this blog post, I’m sharing some of my observations and thoughts on MikroTik and their RouterOS—a platform that certainly does things its own way.

Bear in mind that I’m not a networking or router professional; these subjects are personal passions I enjoy exploring during my free time. While the majority of what I discuss here will be generally applicable, there may be critical aspects that I haven’t addressed, primarily because they don’t apply to my home setup. I’ll provide a brief overview of my setup in the following section.

Overview of My Home Setup

Before I jump in, here’s a quick overview of my setup and the features I’m using: I’m operating on a 250/40 mbit/s VDSL connection. My DSL modem is a Telekom Speedport 4 running in bridge mode. As a result, the router connected to it takes care of setting the VLAN tag and establishing the PPPoE tunnel, which is (sadly) a requirement from my current ISP, Deutsche Telekom. I’m utilizing both IPv4 and IPv6 with a dynamic address/prefix, have multiple VLANs set up (e.g., for IoT devices and guest devices), and I use WireGuard for accessing my home network while I’m on the move. To prevent latency-sensitive applications like video calls from being disrupted by heavy downloads, I’m using smart queues. This is actually the main reason why I’m using a router that some might consider overpowered for a home setting.

With that said, let’s explore my findings from getting to know my first MikroTik router!

Updates, Updates, Updates!

RouterOS is updated frequently, which is a stark contrast to EdgeOS. EdgeOS version 2.0.9 was released in November 2020 (I’m writing this post in May 2023), and since then, only hotfixes have been shipped. This was one of my main reasons for making the switch. Both RouterOS 6 and 7 receive updates regularly, and these include new features (such as WireGuard which was added in RouterOS 7).

Native WireGuard Support

A huge plus for WireGuard fans like myself is its native integration into RouterOS. To be fair, there’s a community-provided package for EdgeOS that has been working flawlessly for me for years—however, it needs to be updated manually and requires reinstallation whenever EdgeOS is updated.

MikroTik Embraces NIH

Here’s something I find a bit odd. While EdgeOS largely relies on standard open-source software, MikroTik seems to take a different approach. They have their own scripting language and even a proprietary TLS library in RouterOS 7. Whether this is a good thing is up for debate—especially when it comes to security, as it’s often considered bad practice. TLS is complex and there are plenty of open-source libraries available, so I don’t really see why you’d want to reinvent the wheel and risk introducing vulnerabilities.

Fasttrack: A Bumpy Ride

The default configuration has Fasttrack enabled, which is intended to recognize packets belonging to established connections and “fast-track” them for improved performance by skipping firewall rules. However, for me, it had the opposite effect on certain connections. A 90 KB file would suddenly take over 30 seconds to download—reproducibly! Disabling Fasttrack fixed the issue consistently. I brought this up with MikroTik support, and they requested a packet capture, which I provided. Unfortunately, I haven’t heard back since. It’s also worth noting that Fasttrack is only available for IPv4. Since my router is overpowered for my needs anyway, I decided that I don’t need Fasttrack at all and stopped worrying.

Limited DDNS Support

If you have a changing IPv4 address and IPv6 prefix, DDNS (or sometimes referred to as DynDNS) is the standard solution to get around this by automatically updating your domain’s DNS records whenever an IP address change is detected. Many routers include a utility called DDClient for this purpose, but MikroTik—surprise!—has a proprietary mechanism that only supports their own “cloud service”. I’m sure it works fine and I could simply set up a CNAME if I still wanted to use my own domain, but my personal preference is not to rely on my router vendor to publish IP changes. Thankfully, it’s relatively straightforward to create a custom DDNS script. I’m using he.net’s Free DNS service and updating the WAN IPv4 and IPv6 addresses whenever they change. Here’s the script I wrote for this task.

Retro UI: A Blast From the Past

It seems like MikroTik is skimping on UI design. Their configuration utility, called WinBox, resembles a mid 90s UI. As someone who grew up in the Windows 95 era, this gives me a strong sense of nostalgia—in a good way, actually. Anyway, it’s worth noting that Ubiquiti’s UIs are much more shiny and polished.

WinBox: A Windows Affair

Speaking of WinBox, it’s worth mentioning that this software is Windows-only (hence the name?). Yes, it does work fine on Wine, and they even mention this in their official documentation, but it is certainly not a smooth out-of-the-box experience on macOS. There is a 3rd-party app called winbox-mac which bundles Wine and WinBox and helps to mitigate some of the discomfort.

You can of course ignore it completely and just use WebFig in the browser, but it has some annoyances such as requiring you to re-login when you open a new tab, or the inability to open multiple windows. The multiple windows feature is the big plus of WinBox. It even stores the window state across reconnects which is quite handy.

Summary

In conclusion, switching from an EdgeRouter to a MikroTik router has been a rewarding experience for me. The frequent updates of MikroTik’s RouterOS, including the native integration of WireGuard, offer reassurance that the product is continually refined and improved. While there were some quirks to get used to, such as MikroTik’s Not-Invented-Here approach, the overall functionality and performance outweigh these aspects.

Changes

• [Jun 29, 2023] Updated he.net DDNS script to support IPv6.