Network

OpenVPN is a reliable and time-tested VPN protocol that allows organizing secure remote access to a local network. MikroTik RouterOS supports OpenVPN in server mode starting from version 6.x (TCP), and from version 7+ — also UDP, but with a number of architectural limitations:

• mandatory authentication by username/password even when using certificates;
• limited list of ciphers and algorithms;
• absence of some features of “classic” OpenVPN.

Despite this, OpenVPN on MikroTik remains a popular solution — especially in scenarios where clients do not support WireGuard or compatibility with legacy systems is required.

Mikrotik routers are rightly valued by system administrators for their incredible flexibility.
A unique feature of this hardware is that a budget home hAP lite and a powerful enterprise router costing thousands of dollars run the same operating system — RouterOS.

That means once you learn to configure one device, you can manage any equipment from the brand.
In this article we’ll go over the fundamental steps to set up a Mikrotik from scratch to a fully working state.

Introduction

Up to this point, we’ve used simple utilities for specific tasks:

• ping checked connectivity,
• traceroute showed the path,
• ipconfig and arp helped with the local network,
• telnet and nc tested ports.

That’s like having a separate hammer, screwdriver, and wrench. But sometimes you need a multi-purpose tool. Today we’ll look at three such “all-in-one” tools:

• mtr — ping + traceroute on steroids,
• nmap — universal network scanner,
• curl — a command-line browser.

mtr — Real-Time Traceroute 🚀

What does it do?

Combines the features of ping and traceroute. In real time, it shows latency and packet loss percentage for each hop along the path.

Introduction

A server’s IP address is like the postal address of an apartment building. But to reach the right apartment, you need the door number. In networking, these doors are ports.

• HTTP runs on port 80.
• HTTPS — on port 443.
• Mail, databases, and other services listen on their own ports.

If a port is closed or nothing is listening on it, the site won’t open — even if the server is “alive.”

Introduction

You’ve gone through all the checks from the previous articles:

• The computer has the correct IP address (ipconfig).
• The router responds (ping 192.168.1.1).
• Ping to a public address (ping 8.8.8.8) works.

Looks like the internet is fine! But the browser won’t open google.com. 🤔 Welcome to the most common cause of such issues — DNS failures.

What is DNS? 📖

The internet runs on IP addresses (e.g., 142.250.184.110), but people prefer names (google.com).

Introduction

In the previous article, we learned how to reach out to remote servers using ping and trace the path of packets with traceroute. But what if ping google.com doesn’t work, and traceroute stops right at the first step?

That’s a clear sign that the problem is nearby: on your computer, in the network cable, or in your home router. Before calling tech support, let’s check our own local network.

OpenVPN: A Time-Tested Standard

Introduction

In a world where the speed and simplicity of WireGuard have become the new standard, OpenVPN remains one of the most reliable and flexible VPN protocols. It works both on traditional computers and on networking equipment, providing cross-platform compatibility and a high level of security. However, to understand how to use it, it is important to distinguish between the protocol itself and its client applications.

When Control Matters Most

Services like Tailscale and NetBird are convenient, but they rely on a third-party control server responsible for authentication, key distribution, and route exchange. For those who, for security or privacy reasons, don’t want to entrust this function to anyone, there are two paths: Headscale and “pure” WireGuard.

Headscale: Your Own Tailscale

Headscale is a fully open-source implementation of Tailscale’s control server. It allows you to deploy your own Tailscale alternative on a VPS or server while still using the official Tailscale clients.

When Zero-config VPN Means More Than Just Tailscale

Although Tailscale has become the benchmark for simplicity, it’s not the only player in the Zero-config VPN field. ZeroTier and NetBird offer similar functionality but with important architectural and ideological differences.

ZeroTier: A Virtual Ethernet Switch

ZeroTier is one of the first and most well-known services implementing the mesh network concept. It works on the principle of a virtual local network. Instead of relying on the WireGuard protocol, ZeroTier uses its own protocol and creates a virtual L2 switch (Layer 2) that unites all devices into a single local network. Each device gets an IP address from a virtual subnet and can “see” other devices as if they were connected to the same physical switch.

What is Tailscale?

Tailscale is a VPN service that positions itself as a Zero-config VPN. It uses the WireGuard protocol to create a secure mesh network between all your devices. The key difference from other solutions is its simplicity. Instead of manually configuring tunnels and managing keys, Tailscale does all the work for you. All you need to do is install the app on each device and sign in.

How does it work under the hood?

When you sign in, the Tailscale client connects to the Control Plane server. This server essentially acts as the “brain” of the network: