Migrating From OPNsense To Mikrotik

แชร์
ฝัง
  • เผยแพร่เมื่อ 24 ธ.ค. 2024

ความคิดเห็น • 131

  • @toxxie2810
    @toxxie2810 9 วันที่ผ่านมา +2

    I dove head first into MikroTik this year... Replacing everything except my NAS and access point. I'm using the RB5009UPr, CRS309, and CSS326. Learning RouterOS can be intimidating, but there are soooo many TH-cam videos with help.

  • @Doesntcompute2k
    @Doesntcompute2k 7 หลายเดือนก่อน +8

    Great video! I really like Mikrotik devices. I have a LOT of network devices--Cisco, Mikrotik, TP-Link, Arista, Unifi, Netgear, HP, and generic. Mikrotik does a good job with informing users and documenting their devices.
    I would love to see how you're going to use Terraform with the setups. Keep up the great videos!

  • @klingoncowboy4
    @klingoncowboy4 7 หลายเดือนก่อน +5

    Been using Mikrotik for over a decade now. Always exciting to see new content.

  • @_libus
    @_libus 7 หลายเดือนก่อน +5

    Loved seeing your setup! My hardware knowledge is pretty terrible but I enjoyed seeing your process in this migration. Keep it up!

  • @anthonyrasat6924
    @anthonyrasat6924 7 หลายเดือนก่อน +7

    I was once accidently converted a cisco fanboy to mikrotik believer.
    "What's that?"
    "Mikrotik router."
    "Why do you use consumer grade hardware while you are a professional?"
    "Consumer? What? You never seen one of these?"
    I fired up winbox and less than 15 minutes later he was the one commandeer the mouse.

    • @chris2pple1
      @chris2pple1 6 หลายเดือนก่อน +2

      Nice , Yes i know hard to swallow that some other manufacturers also make good enterprise stuff way cheaper than the "Mercedes" of the field

    • @aliancemd
      @aliancemd 3 หลายเดือนก่อน +1

      And no need to pay subscriptions, expansion packs, DLCs, etc

  • @theyogabios
    @theyogabios 2 หลายเดือนก่อน +1

    As a Mikrotik Cert (MTCNA)guy. Thank you so much for this video.

  • @JonathanChancey
    @JonathanChancey 7 หลายเดือนก่อน +3

    I love your journey through networking iac. It's something that I've always wanted but it really didn't really seem robust enough with opnsense.
    I hope routeros with terraform works out for you long term!

  • @carlostrudo
    @carlostrudo 7 หลายเดือนก่อน +9

    I just did exactly the opposite couple month back, left Mikrotik in favor of OPNSense.

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +3

      Interesting. What made you ditch Mikrotik?

    • @carlostrudo
      @carlostrudo 7 หลายเดือนก่อน

      @@mirceanton I have a very simple home lab and automation at home, Mikrotik was more than enough and even more powerful than I needed but I wanted something more “user friendly” that I could add plugins and consolidate the hardware. I got an Intel J4125 4x 2.5Gbe NIC small box(tiny) that I’m running proxmox and passthrough 3 NICs to OPNSense and the other is shared across some small VMs/Containers (WireGuard, reverse proxy, home assistant, DDNS, etc).
      Also, OPNSense has some nice dashboards, log views and drill down information out of the box. It could be done with Mikrotik and Grafana, but “too much” work. Lol.

    • @guyboisvert66
      @guyboisvert66 7 หลายเดือนก่อน +2

      Is it for "plugin stuff" like Suricata?

    • @carlostrudo
      @carlostrudo 7 หลายเดือนก่อน

      @@mirceanton mainly for plugins and “ease of use”. Mikrotik was more than enough for me but I wanted to consolidate hardware also, I got an Intel J4125 4x2.5Gbe port that I installed proxmox and reserved 3 ports for OPNSense and allocated the other for reverse proxy and some other small things.
      Also OPNsense is “more visual” and have some nice addons and reports.

    • @carlostrudo
      @carlostrudo 7 หลายเดือนก่อน +2

      @@guyboisvert66 not only but mainly.

  • @KaldekBoch
    @KaldekBoch 7 หลายเดือนก่อน +1

    Hi mate, I've been using an RB5009 as my gateway for a couple of years. An excellent device.

  • @petruciucur
    @petruciucur หลายเดือนก่อน +1

    Ce spui despre o serie privitoare la MikroTik ?

    • @mirceanton
      @mirceanton  หลายเดือนก่อน

      Este pe drum! M-am apucat de lucrat la mai multe chestii in paralel și evident că am ajuns sa procrastinez lucrând la varii proiecte... 😅
      Am deja vreo 3 videoclipuri planificate ca follow-up, gen automatizare cu terraform, integrare cu Kubernetes, etc.
      Soon ™️

  • @andririan6342
    @andririan6342 2 หลายเดือนก่อน +1

    Good video, waiting for the next one

  • @nathanruben3372
    @nathanruben3372 หลายเดือนก่อน +1

    I use opnsense on two port mini pc for firewall, behind that I have mikrotik router that handles everthing internally. I have lots of dynamic macvlans for different purposes such appliances, cameras, personal netwoks for each family member etc..

    • @mirceanton
      @mirceanton  หลายเดือนก่อน

      That sounds like a neat setup! Once I settle into my network a bit more, I might be looking into something like that. I'll probably wait until the opnsense REST API matures a bit more so I can IaC that too

  • @annony1annony191
    @annony1annony191 7 หลายเดือนก่อน +1

    well done video I've been using mikrotik for 11 years now, and I even have mikrotik CHR running a dhcp server setup in a vm running on proxmox.

  • @truckerallikatuk
    @truckerallikatuk 7 หลายเดือนก่อน +1

    Curious to see how this goes, subbed. I'm considering moving my router from a VM to a bare metal solution. I'm wondering how easy/good the firewall is to configure. Could you go over the options for that? I'm curious how flexible and capable these mikrotik boxes are, I love my Mikrotik CSS switch, and would consider them for the router too.

    • @mirceanton
      @mirceanton  6 หลายเดือนก่อน +1

      Thanks for the sub!
      I'm afraid that the video won't cover all the details you are looking for :(
      The configuration that I will be presenting, or rather the method to apply it, will be automation via Terraform. I won't really cover using WinBox to configure the router more than the initial setup.
      To be fully honest, there are far better resources out there for specialized Mikrotik content, such as TheNetworkBerg youtube channel. I'm a DevOps guy dabbling in networking stuff, mainly from the perspective of automation.

  • @antaishizuku
    @antaishizuku 7 หลายเดือนก่อน +2

    Personally id keep opnsense as the edge firewall and use microtik as a internal firewall but its your network.

  • @Curdls
    @Curdls 5 หลายเดือนก่อน +1

    Аж залип, до конца посмотрел 🎉ну что welcome 🙏 to mum community

  • @drreality1
    @drreality1 7 หลายเดือนก่อน +1

    I’d love to see how migrate opnsense rules and settings to mikrotik!
    Thanks

  • @lucasthielke
    @lucasthielke 7 หลายเดือนก่อน +1

    You can basically use more than 1Gb on 5009 using sfp+ and 2.5gb port. Can recive in sfp port with an adapter easily, so it can reach more than 1Gb

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน

      Yep, the device itself can do more than 1Gb. The problem is that I don't really have other 10g devices to test with it, either SFP+ or RJ45
      And then, even if I did, my switches are all 1gb and my internet is not even half of that

    • @lucasthielke
      @lucasthielke 7 หลายเดือนก่อน +1

      @@mirceanton it’s more for the future, make this router with better longevity

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน

      @@lucasthielke oh absolutely. Even though I can't use those ports right now, they did play a role in the decision since they future proof this device a bit. They were not the main deciding factors, but they sure gave me some peace of mind!

  • @denny783
    @denny783 7 หลายเดือนก่อน +1

    Have you considered Vyos? I believe it supports both Terraform and Ansible. The entire configuration process basically consists of CLI commands.
    I'm in a similar situation where I'm considering switching from OPNsense because I want to manage my configurations as code. However, I'm still undecided about which option to choose.

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +2

      I would not recommend VyOS. I am not currently using it, not have I used it in the past, but there has been some controversy surrounding it lately, which caused a lot of people to migrate away from it.
      Essentially, the maintainers threatened to take down some community builds and made it very difficult to build the LTS release. I haven't really kept up to date on this, but there have been some personal jabs made as well against people doing their own OS builds.
      Someone that is more involved in these events may chime in to give some more details, but that's the gist of it, from what I understood.

    • @denny783
      @denny783 7 หลายเดือนก่อน

      @@mirceanton That doesn’t sound too great, I guess I’ll have a closer look at MikroTik then.
      EdgeOS might also be an option, but I feel like Ubiquiti’s support there has been very lackluster and they focus more on their UniFi range.

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +1

      It really depends what you're looking for. Sure, UniFi is great and a lot of people use it in their homelabs. If you're looking for automation and Infrastructure-as-Code, then I can't really recommend it. Otherwise, it's a solid option too

  • @Jean-SimonChenard
    @Jean-SimonChenard 2 หลายเดือนก่อน

    You have made the best move ever going to mikrotik

    • @mirceanton
      @mirceanton  2 หลายเดือนก่อน

      It definitely has a learning curve and it can be a bit overwhelming. I've been tinkering with it for the last few months and I'm still learning new things every time.
      That being said, I don't regret it. I feel like it's a better setup than I had before

    • @Jean-SimonChenard
      @Jean-SimonChenard 2 หลายเดือนก่อน +1

      @@mirceanton
      I am not a networking expert it took me about a month to figure out things. The workflow makes sense when you read the documenttion and understands how stuff works, you can do pretty much everything. Winbox mirror almost 100% the CLI as well ( most of it ) so to be good at the cli you can check winbox and do the commands in the CLI at the same time. It is a good trainign anf helped me a lot.
      You will also save money on your electricity bill lol :D
      Nothing wrong with pfSense or OPNsense , but when you use a mini PC that can draw up to 100W depending on the model , since it runs all the time it can be really expensive to run, depending where you live.
      At least now you have hardware that is really energy efficient.

    • @mirceanton
      @mirceanton  2 หลายเดือนก่อน +1

      Yeah, I really like that the CLI matches quite closely to winbox and to the API as well (thus also to the Terraform provider). It definitely makes it easier

  • @PeterBuffon
    @PeterBuffon 7 หลายเดือนก่อน +8

    Welcome to the Mikrotik team, i have been running a rb3011 for like 4 years now, a bit overkill for my network hehehehe.

    • @lucasthielke
      @lucasthielke 7 หลายเดือนก่อน

      Using one rb3011 since last 2022, really a good router. It runs my 1Gb network, both ipv4/ipv6

    • @Vhalikuporamee447
      @Vhalikuporamee447 7 หลายเดือนก่อน

      ​@lucasthielke RB5009UPr here. I use it with a CRS305-1G-4S+IN to get a 10G backbone for my desktop and home server, and its PoE has been useful for my Grandstream access points. Absolutely excellent router.

  • @svsk1ng
    @svsk1ng 7 หลายเดือนก่อน +1

    Nice and interesting video. Will buy an RB5009 soon for my homelab also :))

  • @andydtoma
    @andydtoma 7 หลายเดือนก่อน +3

    Foarte bine! Abia aștept să văd cum o să-l croiești.
    Eu deocamdată am lăsat rutarea între vlan-uri în grija unei perechi de pfsense virtualizate în proxmox...

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน

      Idei si planuri sunt, timp sa avem! Vreau sa imi configurez toata reteaua, serverul de VPN si eventual si niste containere pentru DNS/ad-blocking cu Terraform.
      De asemenea, cum Terraform si-a schimbat licenta recent, ma gandeam sa investighez OpenTofu ca alternativa pentru tot setup-ul

    • @andydtoma
      @andydtoma 7 หลายเดือนก่อน

      @@mirceanton Suntem în situații similare, dar în contexte diferite. De vreo câțiva ani mi-am început homelab-ul cu un cluster Proxmox construit din vechituri și nuc-uri, dar ideile se schimbă așa de repede că mereu e ceva de luat de la zero, ca în povestea meșterului Manole. Ultima chestie e că am reușit să aprind un cluster Kubernetes bazat pe vm-uri Talos prin Terraform, Packer și experiența ta cu talosctl, dar și eu sunt în dilema cu open tofu, iar timpul disponibil și viața de zi cu zi sunt principalele obstacole.
      În septembrie o să ajung în România, în București și poate ne-om cunoaște face to face la un schimb de experiență.
      Baftă!

  • @johnf216
    @johnf216 7 หลายเดือนก่อน +1

    Looking forward to the next video. I use both OpnSense and Microtik but my current Microtik hardware is in need of an upgrade. Just replacing with OPNsense feels like the easy option but i do like the look of the RB5009's.
    Have you considered failover? And do you know how easy it is that to set up with routerOS?

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +1

      I haven't really looked into it so I can't comment on that.
      I will say, however, that if you're looking for fail over I think it's pretty nice that you can fit 2x RB5009 routers in a single rack unit using the k-79 mounting kit

    • @guyboisvert66
      @guyboisvert66 7 หลายเดือนก่อน

      There are many videos on using more than one internet access link, RouterOS can even load balance and do very crazy things! Mangle is very powerful and i use it often to do many cool stuff with routing, DNS, etc.

  • @kurosudo8762
    @kurosudo8762 7 หลายเดือนก่อน +6

    Hi, i hope you love your mikrotik setup, the RB5009 is great powerful machine. Some tips for a future. Bridging in mikrotik is really terrible because all packets are going through CPU, if you will have a better switch with sfp+, buy a SFP+ DAC cable, they are really cheap and connect switch and router with one port. On that router port assign VLANs and let switching work do a switch, not router. You will receive a better performance

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +1

      Hi! Thank you for the tips! That's precisely the plan. I am bridging the ports as a temporary solution until I get some proper switches.
      I plan to use the 10g port for my lab switch and the 2.5g for my LAN switch and then one of the 1g ports for my WAN and another for my management network or something along those lines. I need to get the switches first though!

    • @hey_leao
      @hey_leao 7 หลายเดือนก่อน +2

      There is an option to change that, they call "Hardware Offload" you can see that option in the bridge. This will use the Switch Chip instead of the processor.

    • @kurosudo8762
      @kurosudo8762 7 หลายเดือนก่อน +1

      @@hey_leao you are 100% right about this, but in some cases when IP filter is enabled some strange behaviour can happend. But yes HW offload is also solution, but sadly not for all routerboards :) I still prefer router on a stick setup, since messing with multiple bridges as vlans is actually nightmare.

    • @hey_leao
      @hey_leao 7 หลายเดือนก่อน

      @@kurosudo8762 Yes! Thats why you need to do some inspection in your topology (its not a router problem). Another think about it "Not all device devices support port isolation, currently only CRS1xx/CRS2xx series devices support it and only 7 isolated and hardware offloaded bridges are supported at the same time, other devices will have to use the CPU to forward the packets on other bridges" and not all RBs has VLAN Table, thats important too. the option IP firewall uses CPU, you can try to use some bridge filter.

  • @ti4go
    @ti4go 7 หลายเดือนก่อน +3

    Well, you just got a "bell" enabled...

  • @BattousaiHBr
    @BattousaiHBr 5 หลายเดือนก่อน +1

    waiting for part 2!

    • @mirceanton
      @mirceanton  5 หลายเดือนก่อน

      Soon ™️
      I wanted to daily drive this setup for a while before sharing my thoughts on it

  • @mctscott123
    @mctscott123 7 หลายเดือนก่อน +1

    Love my 5009!

  • @mircea8342
    @mircea8342 6 หลายเดือนก่อน +2

    Finally.. found homelaber with mikrotik and no unifi. Si cred ca esti din Ro😁. Eu tot mikrotik folosesc

    • @AdrianoLeal
      @AdrianoLeal หลายเดือนก่อน

      😅 Eu tenho um homelab com Mikrotik (rb4011), Unifi (U6-Enterprise) e opnsense 😅😅

  • @affinitystablepeanuts
    @affinitystablepeanuts 7 หลายเดือนก่อน +3

    This was an interesting one, thank you! Would love to see what you'd manage to do with terraform here.
    Regarding WiFi: miktorik's wifi can be problematic, hope it works alright for you. Watch out for mix and match of old and new mtk access points as Mikrotik has two CAPSMAN (their controller) versions that are incompatible.

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน

      Yeah, I already got a Mikrotik AP by the time I finished this video and I had trouble getting CAPSMAN to work properly. I ended up configuring the AP as a standalone device just to get it up and running, but it's something I need to look into a bit more!
      Mikrotik definitely has a steeper learning curve than other solutions for sure 😅

    • @affinitystablepeanuts
      @affinitystablepeanuts 7 หลายเดือนก่อน +1

      @@mirceanton capsman wise make sure all the APs you would buy can work with the same version. Otherwise each one can be managed individually via RouterOS means that all of them run. So probably would be easier to hook them up to your terraform that way.

    • @affinitystablepeanuts
      @affinitystablepeanuts 7 หลายเดือนก่อน +1

      @@mirceanton generally speaking, wifi from MTK lags behind competitors a bit. Does not have any 802.11be or 802.11axe solutions, only recently added 802.11r/k/v (not sure how well it works), don't do more than 2x2 and so on, and so on... Good news: you could run TPlink or Ubiquity controllers in containers on your RB5009 and MTK works fine with those access points.

  • @JasonsLabVideos
    @JasonsLabVideos 7 หลายเดือนก่อน +2

    Nice! Liked and subscribed !

  • @HassanHassan-cm4pq
    @HassanHassan-cm4pq 7 หลายเดือนก่อน +2

    Why would someone switch from driving Ferrari to the mini smart unless you desperately need it

    • @Office-Clerk
      @Office-Clerk 5 หลายเดือนก่อน +1

      He just pointed few reasons in this video:
      Less sound
      Less apace in garage
      Cheaper on fuel
      From my side, I will also add much cheaper service and parts replacement.
      And actaully, smart people use to think the opposite way: why would I use ferrary if I only need mini smart.
      Why would someone use 6th gen i5, 8 gig of ram, nmve ssd and whole bunch on psu, cables, etc for a task that a basic mikrotik router can do?

    • @HassanHassan-cm4pq
      @HassanHassan-cm4pq 5 หลายเดือนก่อน

      @@Office-Clerk negative my friend.
      Now you can run opnsense or pfsense on a small embedded device that cost near the crappy mikrotik.
      Btw when it come to benchmark and VPN throughput mikrotik becomes a joke and you will end up wasting $$ trust me I've been through this

    • @mirceanton
      @mirceanton  5 หลายเดือนก่อน +2

      To be fair, I didn't look into it THAT much, but I didn't find an x86 computer + all the required components (rack mount case, PSU, ram, storage etc) that draws under 10 watts and is comparable in price with the MikroTik.
      Also, in my experience using ZeroTier as a VPN solution, it's good enough to saturate my uplink. so for what I need, it seems to be plenty, at least this far

    • @KS-wr8ub
      @KS-wr8ub 13 วันที่ผ่านมา

      Not an apples to apples comparison even.. 🤦‍♂️ OPNSense is a firewall with some routing capability’s and RouterOS is a router with some firewall capability’s. The analogy should be going from a Ferrari to a rally car. They excel at different tasks, but both can take you to the store and back to buy milk… 😅

  • @blairhaynes9489
    @blairhaynes9489 7 หลายเดือนก่อน +1

    Nice video, I have subscribed and “liked”. I’m looking forward to seeing the rules you implement on the MikroTik.
    I’ve used MikroTik and think it’s very powerful, but I have switched my firewall appliance for a Firewalla Gold Plus. No command line, all app based, but I’d like to return to the MikroTik environment.

  • @benardmensah7688
    @benardmensah7688 7 หลายเดือนก่อน +2

    Ok first off you had the wrong hardware for opnsense, am running latest version on a Cisco ASA5515X. It draws less than 20w and I get full 1Gbps download and 120Mbps upload.
    Mikrotik is nice but it takes a while to learn the mikrotik way.

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +1

      Wrong or right, I used the hardware I already had laying around that had no other purpose. Sure, just like you mentioned, I could have improved that setup with some better hardware, but that was not really the point. I never felt limited by my hardware choices. The power consumption and maybe even the performance could have been improved, and I totally agree, but those were not my limiting factors.
      This was more of a software limitation, where OPNsense doesn't really support automation to the extent that Mikrotik does. Other than that, yes, I could have stayed on OPNsense and optimize my hardware setup to achieve similar results.

    • @MrPir84free
      @MrPir84free 7 หลายเดือนก่อน +1

      ​@@mirceanton IF he told me that, I'd assume he meant using a older full-on desktop/ server hardware is the wrong hardware.. And I'd agree that "what you happen to have" it's not likely ever going to be optimal. Not sure what the Cisco ASA5515X is internally, but sometimes if one wants efficiency, one needs to consider either different hardware or buying different hardware especially if things like excessive power consumption, fan noise, and heat are a concern. Am running Opnsense on a N100 fanless mini PC; and it draws about 12 Watts, IIRC. OpenWRT on ARM hardware also was an option, and drew less power, but my issue was not really with OpenWRT but who/where the code for it was maintained as it wasn't available directly from OpenWRT. It did have lots of headroom however, and drew less than OpnSense did on the N100. Personally, I would not want running fans of any sort in my sleeping area !! After years of dealing with fan noise, I think my hearing is more screwed up than from the time I spent in the military dealing with loud turbocharged/supercharged diesel engines, and marine turbine engines.
      Congrats on your new router; hope it serves you well.. TBH; it's not right nor wrong; it's a choice, with consequences. Choosing Opnsense on a N100 is both a choice and has consequences; Choosing mikrotik hardware is also a choice and has consequences. Everything in life is about making a choice, leveraging the pro's and accepting the con's.

  • @chipchipable
    @chipchipable 7 หลายเดือนก่อน +1

    Welcome to mikrotik.Been using mikrotik since 2017,before that using x86 monowall in 2008,x86 pfsense in 2014..now 2024, playing with openwrrt

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน

      Thanks!
      The landscape is definitely quite diverse. I'd love to see more support for arm platforms though, as we've seen quite a few SBCs which would fit the bill nicely as a low power and quiet router.

    • @guyboisvert66
      @guyboisvert66 7 หลายเดือนก่อน

      I'm curious why you're playing with OpenWRT. Do you have a use case? I started my networking journey in 1991 as a network engineer. I used since then many many NOS and i was using DD-WRT for friends and SMBs long time ago! After finding Mikrotik / RouterOS, i stopped using *wrt. I too used monowall / pfSense and i was glad to replace it with RouterOS too! Not that they are that bad, but i highly prefer RouterOS for many reasons. The management aspect of RouterOS being one of them, one of the best management i used IMHO.

    • @MrPir84free
      @MrPir84free 7 หลายเดือนก่อน

      @@guyboisvert66 I have been playing with OpenWRT; I was interested in the low power, compact size, and performance. It was an RK3588 with 16G ram; As a router, it worked fine but once you delved into building VLAN's, some pieces of the network rules seems to be less than optimal; but at the same time, things like Policy Based Routing with VPN's was super easy, and worked very well. There's also a ton of other things like Docker, storage, etc that I didn't delve into; security was a greater concern, and OpnSense seemed "better". It only drew a handful of watts, and was fanless; so much overhead it was ridiculous. Fairly sure everyone has unique use cases, and unique reasons why they went one way or another.
      I still have a Mikrotik router unopened in a box; may have to try it some day when I get some time. I could run much more on the RK3588; but I have trust issues; not with OpenWRT, but as the hardware wasn't directly supported by OpenWRT... There are ways to compile it yourself, but I don't have the time.. Great hardware though.
      I may still use the hardware moving forward; not sure how much I can change without annoying the spouse however. I realize I like to tinker..

  • @barnaczukor4235
    @barnaczukor4235 4 หลายเดือนก่อน +1

    Pfsense is not a next genration firewall as many here suggests. It uses outdated IPS/IDS plugins like Surricata. But it has nothing to do with deep packet inspection of HTTPS frames what Fortigate does. It does not decrypt and re-encrypt thr HTTPS frames. It just checks IP lists and unencrypted packets.
    In the era of full TLS encryption, the regular IDS/IPS has very little to no benefit. A regular stateless firewall blocks the same traffic what PfblockerNG blocks.
    If you don't use IDS/IPS and list based protection, pfsense has no benefit over any other router system, like RouterOS or OpenWRT.
    Why should we use an inefficient BSD based system if we can use faster, Linux based systems with less power draw?

    • @mirceanton
      @mirceanton  4 หลายเดือนก่อน

      That was precisely my point! I couldn't have said it better. Thank you!

  • @chris2pple1
    @chris2pple1 6 หลายเดือนก่อน +1

    Servus my fellow Ro i assume because i also am one :) I see the opinions that you downgraded it is somehow kinda true but Mikrotik has also products that support packet inspection , the only issue is that they are other product class with other price point , Mikrotik operates since 1996 or 97 and they manufacture also ISP grade devices just like Juniper, Cisco , Nokia etc but also stuff like this consumer grade routers for the enthusiasts that sometimes have fun experimenting with OSPF, BGP, or tunneling protocols like Wireguard, OpenVPN , i also have some of their RB 2011, RB 4011, and some other cheaper smaller devices because not everybody will pay around 400-500 $ or EUro for a used CISCO router just to have the hands on experience and if i am not mistaking the Torch function on Mkt RB does exactly that : Packet Inspection

    • @mirceanton
      @mirceanton  6 หลายเดือนก่อน

      Servus! Yeah, I understand where they come from, saying that this was in fact a downgrade. However, I specifically mention in the video that I was not doing any of that with OPNsense to begin with, and strictly from the PoV of my use-case there is more-or-less feature parity between the two. It's a matter of perspective, in my opinion

    • @chris2pple1
      @chris2pple1 6 หลายเดือนก่อน +1

      @@mirceanton Gotcha, i watched the video after i wrote the comment where you stated the reason for size and noise because i was searching for something related to the router world and the Yt algorithm or who knows maybe karma ;) suggested through my feed also this video and i was just skimming through it and because of your name i thought you are a fellow landsman , Nice , Keep up the energy

  • @tvojejbabkydedko
    @tvojejbabkydedko 4 หลายเดือนก่อน

    network automation? mikrotik doesnt even automatically failover on dual wan setup

    • @mirceanton
      @mirceanton  4 หลายเดือนก่อน

      I can't really comment on automatic fail over in dual WAN scenarios, as I've never ran such a setup personally, but at least in the context I was referring, network automation has nothing to do with automatic fail over. I simply meant automating the configuration of my networking equipment using infrastructure as code

  • @guygoerres9670
    @guygoerres9670 7 หลายเดือนก่อน +2

    Mikrotik firewalls are not for the beginners.. You need to know how an IP network is working and how a firewall is supposed to work.

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +1

      Yeah, it's definitely got a steeper learning curve!

  • @jeytis72
    @jeytis72 2 หลายเดือนก่อน

    Mikrotik is good, but it is not a proper firewall though.

  • @threepe0
    @threepe0 7 หลายเดือนก่อน +3

    Congrats, you threw away UTM and called it an upgrade. How do you go through an entire build and not understand the value of intrusion detection and threat management 🤔 “upgrade” what the…

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +2

      This is a homelab. I mention in the video that I was not running any IDS or IPS on my OPNsense or anything like that. In my use case, and for many others who run it at home I'd assume, it's acting mainly, if not only, as a router/basic firewall.
      I explained in the video that I personally consider it an upgrade because it allows me to do something which I was not able to before, which is to adopt it in my IaC/GitOps setup. To me as a DevOps engineer that matters more, for my homelab than IDS or IPS.
      Homelabs are all about what you want to learn/play with, and from that aspect, it was an upgrade for me 🤷‍♂️

  • @blackphidora
    @blackphidora 7 หลายเดือนก่อน +1

    Home-ops sent me here lol

  • @JulesArchinova
    @JulesArchinova 7 วันที่ผ่านมา

    Title be like "Migrate from firewall to router"…

    • @mirceanton
      @mirceanton  6 วันที่ผ่านมา

      Yeah, pretty much. Though I still believe it was the right choice for me.
      I wasn't using any of the advanced features of Opnsense anyway. That's just not the focus of my homelab, at least not for now.

  • @ryancaesar5547
    @ryancaesar5547 7 หลายเดือนก่อน +1

    Opnsense is better it have more features I guess that doesn't matter to you

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +5

      Better or worse are both subjective and highly dependent on the criteria used for the comparison. For me and my particular use-case, I'd say Mikrotik wins out this competition.
      What are some features that you find to be missing on Mikrotik, that you use on OPNsense?

    • @2uxzh01k
      @2uxzh01k 7 หลายเดือนก่อน +1

      Which features are more necessary, if all inbound ports are closed anyways?
      I can’t think of any.

    • @guyboisvert66
      @guyboisvert66 7 หลายเดือนก่อน

      @@2uxzh01k OPNSense supports plugins, like Suricata. I since many years stop to use *sense and replaced with RouterOS. I didn't like the ugly and slow WEB UI and that pf was always reloading after config modification. I'm not bashing against *sense, it has its strengths but i don't like it.
      I'm an Open Source advocate but sometimes, you have to make choices based on your use cases or preferences.

  • @kharmastreams8319
    @kharmastreams8319 4 หลายเดือนก่อน

    Going to mikrotik from opnsense is a downgrade.. Not an upgrade

    • @mirceanton
      @mirceanton  4 หลายเดือนก่อน

      I agree that in the grand scheme of things the OPNsense box I had previously had a larger set of features.
      However, strictly from the point of view of the features I was using and I needed, I still think that the Mikrotik is an upgrade since it allows me to do all I was doing before and some more.
      It's not all black and white. Context matters as well.

    • @kharmastreams8319
      @kharmastreams8319 4 หลายเดือนก่อน

      @@mirceanton I'd rather keep opnsense and add the zenarmor addon for a really high performing next gen firewall 🙂
      But you could run that on a small intel n100 that has the same performance as a gen 6 core i5 but only uses 10w if not less 🙂

  • @bentheguru4986
    @bentheguru4986 7 หลายเดือนก่อน +16

    So, you just trashed your over0sized firewall/UTM and replaced it with a router, congratulations on downgrading your security.... You drank the Miki coolade.

    • @mirceanton
      @mirceanton  7 หลายเดือนก่อน +6

      Genuine question: how is Mikrotik that much more insecure compared to OPNsense or other solutions? At least as far as I can tell features/customizability seem to be fairly similar.
      If one has the knowledge to configure an OPNsense device properly, wouldn't it be the same case for a Mikrotik as well?

    • @sparc64
      @sparc64 7 หลายเดือนก่อน +5

      @@mirceanton End user has the ability to fully audit all software running on OPNsense compared to Mikrotik

    • @claudiobolcato3048
      @claudiobolcato3048 7 หลายเดือนก่อน +8

      @@mirceanton a firewall (UTM or NGFW) has multiple advanced features like deep packet inspection, ssl inspection, IPS/IDS, antimalware, sandboxing , application and url filtering and many others. Mikrotik has very good products but has limited firewalling features. It's a good router but just a router. you can keep using Opnsense of other firewall solutions as VM

    • @jayfraxtea
      @jayfraxtea 7 หลายเดือนก่อน

      @@sparc64, please show me the "end user" that has the ability to "fully audit" a complex software product. I'm a networking guy (mostly with MikroTik devices) as well as an experienced C++-developer, and even with my capabilities, in particular as developer, my std::chrono::lifetime is too small to audit the source codes used in my networking equipment, my cellphone, or any other device around me.

    • @jayfraxtea
      @jayfraxtea 7 หลายเดือนก่อน +3

      @@claudiobolcato3048, are you stuck in the mid 2010s? Nowadays most of the traffic is encrypted and newer technologies make it hard or completely impossible to intersect TLS traffic. Anyhow I agree with your bottom line: use MikroTik as router (or as switch, or as wifi-ap) and extend this setup with specialised systems, if you really (believe you) need them, be it a firewall, be it a network access system.