Overview
Use the CHR for protecting your cloud servers using RouterOS firewall which supports Layer7 filtering, dynamic address lists and more; for running your own VPN service or monitoring network infrastructure using The Dude! It can be used as simple to deploy HTTP proxy with domain name filtering, centralized RADIUS server for AAA (Authentication, Authorization and Accounting). CHR itself can be monitored using SNMP and monitor traffic using Traffic flow. CHR can function as a DNS cache and/or static DNS for a local network. Expand the local network using BCP (Bridge Control Protocol) bridging of tunnels. Use CHR as a platform for learning networking and RouterOS at your own pace, for testing configuration before deployment in production.
Highlights
- The Dude server for monitoring network infrastructure, CAPsMAN server for rapid deployment of wireless networks.
- CHR supports IPsec, WireGuard, SSTP, L2TP, EoIP, PPTP, IPIP, OpenVPN, GRE, 6to4 and VPLS/MPLS tunnels.
- CHR can even be used for BGP peering, RIP route distribution and as an OSPF node in network.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Additional AWS infrastructure costs
Type | Cost |
---|---|
EBS General Purpose SSD (gp3) volumes | $0.08/per GB/month of provisioned storage |
Vendor refund policy
License can be transferred to another CHR instance. There are no refunds possible after the purchase of the license.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
RouterOS CHR 7.15.1
Additional details
Usage instructions
The default configuration provides decent security for your router. You have to use SSH RSA key to log in using SSH service on port #22 that should be set up in the firewall of the guest. From there it is possible to set up different types of access methods, HTTP/HTTPS/API/API-SSL or proprietary Winbox connection. For all these extra methods you have to secure your default user with the password before general access to the instance is allowed.
Resources
Vendor resources
Support
Vendor support
Please allow 72 hours for support to respond
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
RECOMENDADO TOTALMENTE
Tiene una estabilidad impresionante, lo utilizo solo para hacer forwarding y obtener acceso remoto y me impresiona la estabilidad con la que mantiene la comunicación VPN.
Works great
This works just like the physical hardware. You can use it for VPN and firewall services, at a much lower cost. I can go over a year of uptime on the VPN!
Best ever
We ripped out all of our Cisco gear and replaced it with Mikrotik. has saved us 115,000$ and 1,000's a month
The best router for an IT admin
I have been using this mikrotik for all our networks with more than 300 systems. This is one of the best for routing, hotspot, vpn etc. it takes minimum resource and cut down your costs. If you know little programming, you can do wonders with this powerful router.
Mikrotik CHR as a secure router to connect remote sites and to get around Mobile B/band Telco CGNAT
I have been running a Mikrotik CHR for 6 weeks as a theory of concept so that I can locate and access a remote site (farm) for monitoring of security cameras and remote Amateur Radio site. The AWS VPC and the CHR instance works exactly as they intend to.
In Australia the telcos providing mobile phone services primarily use CGNAT (Carrier Grade Network Address Translation). This is good for normal users as it helps to keep them safe from port scanning etc. However the downside is that there is no way of finding the end node as it doesn't have a real external IP Address. Unfortunately DDNS isn't a solution either.
The only way in Australia to obtain a 'real' IP Address is to be a registered company and that also comes at an additional cost to have one applied to your 3g/4g SIM. For me this wasn't an option.
My solution works exceptionally well and that the end nodes will always automatically established a L2TP secure tunnel to the CHR and then routing (in this case RIP) does the rest. So in effect the remote site/s make an automatic connection to the Mikrotik CHR and you establish a connection from your own location. Then you have full remote access functionality.
Can't recommend it enough.