Support/Monitoring Data Line has dynamic IP
Sprints 3G Data Service has dynamic IP.
I am looking for the best way to monitor and support these 8 devices now and more down the road.
I do have an account with DYNDNS.com, but searching the forums seems indicate this is not very desirable.
I am interested in knowing what others are using and what success they are having.
Put a mikrotik somewhere in a data center (on a static IP) and have the 3g dial into that with a VPN. Do not route between them. Then you basically have a central admin point. I do th same for some remote office s (except I run all traffi over the VPN, too, and from there to a central firewall for cleaning it).
I have decided the same thing. Mikrotik (other than the Hotspot Feature) is all new to me. I have static IP’s coming and will then see what I can figure out myself regarding VPN’s. I just want to be able to reach the MT with WinBox or Webfig and so far just knowing the IP has not worked. I think I have firewalled remote access off the boxes. I really wish I knew more about these kind of stuff. Thank you for the response, I don’t seem to get many.
Firewalling router access is done via the input chain. Make sure you list your administrative central networks there with an accept clause and you’ll always have access.
On a (friendly) side note, I haven’t responded to your threads because you made the same thread at least three times. I find it a waste of my time to respond to such threads since answers will get duplicated all over the place and I’ll say things already said elsewhere. Again, despite the content that’s supposed to be a friendly pointer, and just a personal opinion.
Thank you fewi, I have trouble keeping track of things in a non linear format. I think from start to finish on a project, not in sections. I have a lot of trouble taking the ddns script and tying that into an L2TP server, then adding the Certificate and doing all this with the CLI. I think in general terms not specific and this is really hard because people don’t want you to go into 3 different topics in the same thread. I try to break it down. But the Location with this Router Board with this requirement includes everything, in my mind. The WAN, LAN, Hotspot and RADIUS as they tie together are what I understand. However, it seems that if I have an SSL issue then the topic needs to be SSL. The worst part is that I need help getting the complete solution figured out. The specifics can be addressed later isn’t something that works for me. Now I have 3 certificates bought can only use one, should have used a different type and in reality didn’t really need any of them as I am just setting up a VPN to log in local to the MT’s anyway. I am used to using Domain Names to address most issues. so if I want 8 MT’s to vpn back to one device it would be simple for me to have vpn1.domain.com simply connect to vpnserver.domain.com. where the actual IP’s are irrelevant, but MT’s don’t seem to like that much. I realize this is long winded, but I really need help with simple things, but don’t know what to ask because if I knew what I needed would know how to fix it.
EX. I have two MT rb411u boards with Sprint 3G USB’s for the WAN. I can’t access the ROS v5 on either one remotely. Don’t have a clue what is causing it to not work. Thus no clue how to ask for help. Is it a firewall question, is it a service issue or is it a ROS Version issue or am I just doing it wrong? It would be easier to just put the WAN IP in the post set up a user fixme password please and just offer a $20.00 reward to make it work… lol
You can hire a consultant if you want. They are listed on the Mikrotik home page.
WAN access issues. Unfortunately it’s hard to help based on such few details. Do you have the boards near you? Can you access them via a serial cable and get information out? If yes, post the output of “/interface print detail”, “/ip route print detail”, “/interface print detail”, and “/ip firewall export” and add how you’re trying to access the router (method: SSH, winbox, etc.) from where (IP address).
Thanks Fewi, I did hire a consultant. However, I can’t afford to pay for someone learning how to set it up. I did pick up 5 static IP’s on my DSL line but took a hit on the Upload/Download. This allows me to have a WRAP 1e-1 used for the VPN side. Unfortunately, I am unable to upgrade the ROS 2.9.38 (posted in different thread, thus the reason I missed responding quickly to this thread). Anyway, I am trying to figure out VPN server on Wrap 1e-1 ROS 2.9.38 Static DSL WAN and VPN client on RB411U with Sprint EVDO WAN (DHCP). I am giving myself a headache. I am not even able to get an ICMP response to work on the RB411U at this point. Doing more damage than good.
Wish me luck.
RB411U v5.1 w/ Sprint USB EVDO
Working - (dynamic IP script, PPTP VPN back to x86 v5.1 for Terminal Access)
Not Working - (Ping from Dude, Winbox from Dude, Webfig from Dude)
DuDe - Win7 x.x.133.65 (running Kiwi Syslog also)
I am just needing to find something that lets me see when the RB411U’s are online and then access them when a config change is needed.
