|At a glance|
|Product||MIKROTIK hEX 5-port Ethernet Gigabit Router (RB750GR3) [Website]|
|Summary||Small five port wired-only Gigabit Ethernet router. Similar to Ubiquti EdgeRouter.|
|Pros||• High throughput|
• Very low cost
• Can be PoE powered
• Simple secure remote admin via Winbox utility
|Cons||• Too complex for average consumers|
• Possible intermittent packet loss
• Could not get bandwidth management to work
Updated 9/26/17 - Storage sharing clarified
Many SmallNetBuilder readers have heard of Ubiquiti small but powerful EdgeRouter Lite, particularly since we've reviewed it a few times.
But the ERLite doesn't have the inexpensive-but-powerful router market to itself. MikroTik was founded in 1996 and is located in Riga, Latvia. In 1997, MikroTik created RouterOS, the software that runs their routers today. You can try RouterOS today and turn a PC into a router if desired. In 2002, MikroTik decided to make their own hardware, creating the RouterBOARD brand.
The RouterBOARD product line includes an extensive list of network products as listed in their 73 page product manual and on their product page. MicroTik products include routers, switches, and wireless devices. In this review, I'm going to explore the MicroTik RB750GR3 hEX router.
The hEX is a 5 port router, enclosed in a white plastic case measuring 4.4"x3.5"x1.1". On the front you'll find (5) 10/100/1000 Ethernet ports (1 WAN, 4 LAN) and the power port as shown below.
The LEDs are on the top rear of the router, as shown in the product photo above, which defeats the value of having all ports on one router panel. There is a USB port on the right side of router for connecting a USB drive for copying files to and from RouterOS, or connecting an LTE dongle.
The port doesn't support storage or printer sharing.
SMB storage sharing is supported using the IP > SMB > Share menu and I was able to mount a USB drive. But our standard robocopy script threw a file attribute change error and we didn't pursue further test. USB storage can also be used for web proxy cache, TFTP and FTP storage.
The main board of the MikroTik hEX, identified with product ID RB750Gr3, is a tiny board, not much bigger than a Raspberry Pi. It's passively cooled so completely silent. As you can see below, there isn't much to it.
Under the main heat sink is an 880MHz MediaTek MT7621A dual-core SoC. The board has 256 MB of RAM and 16 MB of flash memory. A power adapter is included, plus the device can be powered via "passive" Power over Ethernet (PoE) on the router's WAN port. Buy an RBGPOE adapter if you want to do that.
RouterOS is the operating system for MikroTik routers, based on the Linux v3.3.5 kernel. My hEX came with firmware v6.39.2 which was easily updated to v6.40.3 by simply using the "Auto Upgrade" option in the GUI.
RouterOS supports Graphical User Interface (GUI), Console, and Command Line Interface (CLI) options for applying configurations, as well as a utility called Winbox that I'll cover next. The list of configuration options presented when connecting to the hEX GUI for the first time illustrates the wide array of capabilities of RouterOS based routers. There are 14 main configuration options along the left side of the hEX GUI titled Interfaces, Bridge, Switch, PPP, Mesh, IP, MPLS, Routing, System, Queues, Files, Log, Radius, and Tools, as shown below.
MikroTik RouterOSEach of these options has multiple tabs and/or additional sub menus. For example, the IP menu has 24 submenus, as shown below.
RouterOS IP Menu
To state the obvious, the feature set of this router is extensive! MikroTik provides a specification listing here, but the entire list of features would be too long to list. Clearly, this router is not intended as a basic consumer router. There is a simple "Quick Set" option in the GUI where you can set the WAN interface to DHCP and set the router password to quickly and easily get up and running with the default settings. But if your ISP requires another connection type such as PPPoE, L2TP, etc, you'll need to hit the Wiki and go digging in the IP menus. The sheer number of configuration options indicate this is a router intended for those with networking knowledge. You have been warned!
I found the RouterOS GUI and CLI to be less intuitive than other router configuration interfaces I've used. The RouterOS GUI takes a bit of hunting around to find what you're looking for. The RouterOS CLI is unique and is not similar to either Cisco or Juniper. Thus, from my perspective, there's a bit of a learning curve to get comfortable with configuring a RouterOS device.
To MikroTik's credit, their RouterOS Wiki is quite detailed and includes numerous detailed configuration examples. I found myself referring to the Wiki continuously as I tested various features on the hEX. Many of the Wiki's examples provide the CLI commands for applying configurations. But with all the options in the GUI, it appears you should be able to apply most of the configurations in the GUI.
I found myself using both the GUI and CLI to complete several of my test configurations. An interesting surprise is that configurations applied via the GUI and CLI are automatically saved, no additional step has to be performed to ensure your changes will persist through a power cycle.
I wanted to set up remote WAN access to the hEX for testing purposes and the MikroTik Wiki pointed me to using Winbox. Winbox is an interesting utility that allows you to manage the router from a small executable utility you download directly from the router. According to MikroTik, "Winbox is a small utility that allows administration of MikroTik RouterOS using a fast and simple GUI."
Simply clicking on Winbox in the hEX GUI downloads its .exe file. You don't install anything; you just run the file. I used Winbox on a Windows PC, but MikroTik says that Winbox can also run on MacOS and Linux using Wine.
I followed the RouterOS Wiki instructions to enable a firewall rule to accept remote Winbox access to the router. Once complete, I was able to access the router remotely. The Winbox utility looks and feels just like the GUI. A screenshot of Winbox remotely connected to the hEX is shown below.
Winbox turns out to be a pretty useful RouterOS management utility. From Winbox, not only is remote access simplified, you can launch a terminal for CLI access and even access the full RouterOS manual which presents the same content as the Wiki, mentioned earlier.
Winbox will use TLS encryption to secure its connection, but only if you change to Advanced mode and check the Secure mode box.
I started my testing of the hEX features by diving into IPSec VPNs. In my experience, IPSec tunnels often require a bit of configuration tweaking to get them to work and I wanted to see how hard it was going to be to get one working on MikroTik's RouterOS. As an added challenge, the Wiki's example for IPSec Site-to-Site must have been out of date, as I had to modify it a bit to get it to work.
After resetting the router to defaults, I tried the CLI configurations provided in the Wiki, which says it uses a default of 3DES encryption and SHA-1 authentication. I attempted to set up a Site-to-Site tunnel to my Linksys LRT224 with these options, but couldn't get the tunnel to connect. The GUI came in handy, since it showed that the IPSec defaults were actually using AES-128, 192, and 256 encryption. I changed the LRT224 to use AES-128 encryption and the tunnel from the hEX to the LRT224 came up, shown below. I tried to configure a tunnel from the LRT224 to use AES-256, but wasn't able to get that option working.
S2S VPN Established
Once the tunnel was established, I had intermittent connectivity through the tunnel between the LRT224 and hEX. I discovered one of the CLI commands provided in the RouterOS Wiki had a value that wasn't accepted by the router. I played around with a few other options until I found one that worked, which made the tunnel stable.
I measured throughput over the IPSec VPN tunnel between the hEX and LRT224, using TotuSoft's LAN Speed Test client and server application and two PCs running 64-bit Windows with their software firewall disabled. With one PC on the hEX LAN and the other PC on the LRT224 LAN, I measured peak upload throughput from the hEX to LRT224 at 53.3 Mbps and peak download throughput to the hEX from the LRT224 at 85.2 Mbps, using a 100 MB file size. Although a bit unbalanced, this throughput level compares favorably with the recently reviewed Ubiquiti EdgeRouter Lite. In similar tests between the EdgeRouter Lite and LRT224, I measured peak throughput at 51.5 Mbps.
L2TP and PPTP VPNs are other options for remote client VPN access to the hEX router. You can even try OpenVPN if you're adventurous. I successfully set up a PPTP connection from a Windows PC to the hEX. The PPTP instructions on the RouterOS fell woefully short, but I found a simple step by step here. Using these instructions, I was able to successfully set up a PPTP remote client VPN connection to the hEX. The screenshot below shows my established PPTP connection.