At one point I was kind of excited about Mikrotik routers. They seemed pretty beefy, a bit pricey, but cool as a device support OpenWRT and having an OS that they said was "even better" than OpenWRT.
However everything I looked at was somewhat disappointing. One router I was looking at had an unpowered USB port, that was a low speed (USB 1), which just seemed to be a weird caveat when consumer routers of the time were all USB-2 and capable of running at least a small pocket hard drive or at least mount a USB key.
At this point there seems to be a lot of good commercial routers which are strong, cheap, and don't require much blob code etc and are easy to find (sometimes it was vague what kind of chips you'd get with different commercial hardware).
Mikrotik was pre-Ubnt and had excellent hardware lineups. These days Ubnt is miles ahead in the router/wireless-board field, which puzzled me.
While Mikrotick sells its RouterOS, it's not that hard to install Openwrt on it. Ubnt was quite Openwrt friendly at the start, not so any more.
These days I'm just assembling my own x86 routers. PCengines and Soekris do not have the best performance/price ratio nowadays, and they somehow just feel a bit out of date.
I bought a Mikrotik a month or two ago, expressly so I could install OpenWRT on it, and use it to get around the Chinese firewall with Shadowsocks. The OpenWRT install never worked, so now I just have a (pretty nice) router, doing what routers are supposed to do. It's long since that OpenVPN didn't work in China, but this should provide a good learning experience, and who knows, maybe it will lead me to something that works.
You can run OpenWRT as a virtual router (MetaRouter) on top of Mikrotik. That would allow you to get around the TCP limit. Does anyone have any experience with running OpenWRT as a MetaRouter?
Quite handy. If anyone has OpenWrt hardware like me, OpenVpn clients and servers work good enough and the setup is well documented: https://wiki.openwrt.org/doc/howto/vpn.openvpn
I have a friend who's part of a startup here in the UK that makes routers for gamers called NetDuma[1]. The routers they sell have a VPN client like this ready to go, I've got one and it works well.
Be aware that very few routers actually have enough power to do openvpn encryption with higher bandwith (20Mbit+) links and 256CBC encryption. You may get better results by downgrading your cipher (not every vpn provider supports that) To achieve good performance you are looking for hardware with Intel QuickAssist, I would recommend putting pfsense on something like http://store.netgate.com/ADI/RCC-VE-2440.aspx
I started using pfSense on itx Intel-based hardware and have been quite happy with the results, though using it with modern hardware (recommended with today's faster broadband speeds) means it's usually a little pricier than most consumer devices. Now there's news that the pfSense team is working on a small, ARM-based device which sounds like it'd give Miktotik devices competition. If you can hold out a bit, it might be worth the wait.
just want to suggest this script for OPENVPN setup - much easier to setup for multiple clients - https://github.com/Nyr/openvpn-install
I'm a network engineer for an ISP (5 years now; ~8 years in the same role at a .edu before this) and I am very much in the Cisco/Juniper camp.
When I started at the ISP, I had never even heard of Mikrotik. Having been using high-end Cisco/Juniper gear for years, I was quite skeptical that those cheap little Mikrotiks were worth a damn.
I've actually been quite surprised. While all of my "critical" infrastructure runs on Cisco, I've got several Mikrotik routers running in production, almost exclusively as access concentrators (for PPPoE sessions). I really use very little of their features, but they handle PPPoE and OSPF just fine.
We also have an MSP side, which is mostly our ISP customers whom we also handle managing their local networks for. Our guys have deployed a handful of Mikrotiks at the edge of these customer networks as well but, again, this is just basic office router functionality (DHCP, NAT, firewalling, etc.).
For the price point, they're actually pretty decent devices. I don't own any myself (excluding a couple in my "networking test lab" here at home, but those belong to $work) and wouldn't personally use one. This is mostly on principle -- I disagree with their beliefs when it comes to the GPL and compliance.
Also, I wouldn't recommend using them for anything you deem "critical" or even "really important". Just read through the Changelogs for their firmware releases -- some of the bugs/fixes do not instill confidence in their software engineering.
FWIW, my router at home (on a fiber connection) is (was?) designed and sold as a RouterOS device [0], although I removed the Mikrotik CF card and replaced it with another one that I installed an OpenBSD image onto [1]. It's mounted read-only (except when I want to modify things, of course) to preserve the lifetime but lately, I've been considering installing an SSD into it. It's actually a pretty powerful (albeit low-end) PC disguised as a router. It can easily provided all the basic network services one might need at home (DHCP, DNS, NAT, firewalling, TFTP, etc.). It wasn't cheap, though -- $600, IIRC, but it's a few years old now. I wrote a bit more about it [2] a few months ago.
[0]: http://www.balticnetworks.com/docs/routermaxx%206%20port.pdf (PDF)
good site
Mikrotik's support for OpenVPN/IPsec is a joke. They should just allow to specify plain openvpn configuration instead. I would not recommend these routers with original firmware.