Change of Routers, again (even back)
Jun. 1st, 2014 06:25 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jyrgennI have [a RB750GL] now as my home router, and I like it. Not that it doesn't have its quirks, of course — some things don't work like documented, and some might, only I find the documentation quite confusing. Firewall settings seem to presume intimate knowledge of iptables (which I have always hated and never got comfortable with). And a few other things, like it mysteriously only accepting only DSA public keys for ssh, not RSA.
Two weeks ago this saga continued, and the dissonance between documented and actual behaviour of this cute little piece of hardware produced semi-catastrophic failure.
To do some larger firewall changes, which is really tedious through the web interface, I downloaded the configuration from the router and wanted to be able to upload and activate it again.
The configuration can be exported to a file using an "/export" command and imported from a file through an "/import" command, says the documentation. The export worked fine, only the import complained about syntax errors in the file. Oh dear.
Now the lines in the exported configuration are just like lines you could type on the command line, so why not just try that? Because it complains about things like "I have a DHCP pool with that name already" — well, yes. Granted.
So you'd want to reset the configuration first before executing it again? Hey, it turns out this there is a command for that! It is "/system reset-configuration", and it has a parameter that makes it execute a configuration export file after reset, exactly what I wanted.
Only it didn't work. The reset may have worked, but obviously the configuration file is not loaded — the router is effectively dead. Maybe the factory default configuration file has been loaded. My trust in the Mikrotik router is gone, though, and I don't bother to check.
Luckily I had not sold the Juniper SRX100, as intended, so I brought it up again — not without changes, though, but at least it worked before the neighbors, who share the Internet access, came home again.
The Juniper is only a temporary solution, as I have learned that, while more convenient than IOS, JunOS config is similarly difficult if you don't deal with these things on a daily basis, and without a support contract you don't get software updates, which I see as a major problem nowadays.
I am resolved now to get a Soekris thingy once I got the money from the tax return and try OpenBSD. I know that is good hardware, I can put arbitrary other services on it as long as there is RAM, and no problem with software updates.
Update: I didn't get a Soekris, but a much cheaper APU1C4 instead (see later article), but don't use it as a router. The router I use now is a Ubiquiti EdgerouterPOE, and while it does have some quirks, it seems to be the right one for me.