MikroTik CHR on AWS t3.small at $0.02/hour = complete cloud VPN gateway for remote workers. CHR license $45 one-time. Total $15/month vs $300+/month equivalent AWS VPN.
What Is CHR
Cloud Hosted Router is full RouterOS virtual edition for AWS, GCP, Azure, DigitalOcean, any KVM VPS. BGP, OSPF, WireGuard, IPsec, layer 7 firewall, QoS — all running on pennies per hour instance.
AWS Setup
Find CHR on AWS Marketplace. t3.small for 10-30 workers at $0.0208/hour. Security group: SSH from management IP only, WireGuard UDP 51820 from anywhere.
Initial Config
SSH in. Set admin password. Assign IP to ether1. Configure DNS. Update RouterOS v7.
WireGuard VPN
Unique key pairs per worker. WireGuard interface on 51820. Persistent keepalive=25 for NAT traversal. Each worker unique key for individual revocation.
NAT and Routing
IP masquerade on WAN interface. VPC subnet routing through tunnel interfaces.
CHR vs AWS VPN
Cost: CHR $15/month + $45 license, no bandwidth charges. AWS VPN $360/year/tunnel plus per-GB transfer.
Features: CHR full BGP/OSPF/firewall/QoS. AWS just IPsec tunnels.
Flexibility: CHR portable to any cloud. AWS locks into their networking.
Pros and Cons
Pros: $15/month. Full RouterOS features. No vendor lock-in. One-time $45 license. Migrate between clouds by exporting config.
Cons: Manual maintenance. Security group complexity. No HA without second instance. Community support only.
Verdict
Cheapest cloud VPN gateway available. Perfect for remote worker VPN, multi-cloud bridges, testing before physical deployment.
No comments:
Post a Comment