Where I live, unlimited mobile internet is very expensive, and its unlimitedness usually means 200 GB of traffic, after which the speed slows down.
My router has USB, so I can connect LTE/5G to it if necessary.
What confuses me is how you get a public IP type address from your neighbours router?
I am not sure we can make any progress unless we know how its setup ?
Make Model? Can you get a printout of the config of it?
Which ISP, what type of connection...
It must be able to handle a block of IPs if you are getting one??
At end of day, BTH relay mode was built for this kinda case.
Port forwarding, through the multiple routers is right strategy to enable direct WG - however based on traceroute vs ipinfo...that looks like the provide has a CGNAT (which would not, generally, allow port forwarding from internet which the most important part). TO @anav point... If OP has neighbor's config (or screenshots) and current MikroTik config... perhaps we could confirm ports are forwarded right for standalone WG... but that ain't going to help if provider is using CGNAT.
-Requirements
-network diagram
-Config of devices
Tenda N301, this is a Chinese router with very limited firmware, unfortunately, it does not have the ability to export configurations. Here's what I was able to find out:
Connection Type - Dynamic IP
LAN IP 192.168.0.1
WAN IP 192.168.1.3
Subnet 255.255.255.0
WAN MTU 1500
Default Gateway 192.168.1.1
Preferred DNS Server 192.168.1.1
Provider Rostelecom (Armenia).
These are the network settings of the neighbor's router.
My Mikrotik receives a local address 192.168.0.100, as I wrote earlier, I see the public IP through the site myip.com, 78.54.XX.XXĐ„
I also tried to connect my PC directly to neighborâs router, did port forwarding on the neighborâs router, but even so I couldnât connect through the public address.
I was able to make sure that it was CGNat.
I think there is no point in deciding further, the only solution is another provider with a normal connection. And as for the Mikrotik relay, I thought that I could conditionally send any request to the selected relay port, and the relay would forward this request to my Mikrotik. But this is not possible.
Thank you all for your help, for helping me understand and making it all clear, I learned something new for myself.
1 Like
One of the usual solutions for these situations is to have a third party to which both sides can connect, and they forward traffic between the two parties.
This can be a friend who has a proper public ip (even if not static). It's also common to just rent a vps from the likes of ovh/hetzner (choices vary widely depending on your location.) The going rate is around usd 5/mo.
There is one more question to ask. It would appear the TENDA is strictly a router, or is it supplied by the ISP. Does it connect to an ISP modem over ethernet cable? Does it connect to the ISP over wifi?
If its actually connected to an ISP modem/router that gets that public IP, which then has a LAN which feeds your neighbour, can the owner either access this upstream device or ask the ISP to forward a port to his tenda router, lets say 45678.
Another way to know for sure, is to go the 4G LTE route for testing purposes. This what I do, maybe itâll helpâŠ
If your countryâs mobile operators offer prepaid options, do a search of their websites and find one that offers public IPs. Here where I am, they all use CGnat. However, digging deeper into their websites a couple do offer public IPs as well. When you go to these sites, search for the operatorâs APN. Here in NZ they all use âinternetâ for the APN, which is CGnat. What I look for here is anything that isnât âinternetâ. It might be âdirectâ or something like that. Those are likely to be public IPs. Itâs those ones you want. of course, it maybe different for you. Public APNs donât usually discriminate between prepaid and on account plans. Once connected a traceroute (tracert) of your IP would confirm this.
Many operators offer daily or hourly deals where you donât have to sign up for a plan but you can access the deal. It might be $1 for an hour of unlimited access, which would be all you need for this.
To make life easier, buy the SIM from the mobile operatorâs store. That way you can pop some credit on (minimum value) and get them to activate the SIM while youâre instore.
Pop the SIM into your USB device, configure the APN to the public IP version, establish a connection and test from there.
If you can establish your BTH wireguard connection that way, then you know where your problem is and decide what to do from there. If it still doesnât work, then at least you know you have a public IP connection and a clean slate to work from. The object of the exercise here is to try to remove anything that impeeds the BTH connection. Removing a double nat and CGnat will go, at least, someway toward a resolution IMO.
@Amm0 is correct in saying that BTH is designed to deal with the CGnat issue, but youâve also got what looks to me a triple nat issue even before it gets to CGnat. So, what Iâd say is if none of your mobile providers offer public IPs, it might be enough to try one that uses CGnat just to test without the current nat issues preceeding it.
Having said all that, youâve got some other really good ideas posted by my more learned friends, so some stuff to chew over.
Thank you for your detailed response.
I think I will be able to start looking for such an operator soon. I have seen several attractive offers, but they are all intended for use only on smartphones. I think they use TTL to determine whether I am using a modem and sharing the Internet. I am sure there is a solution for this case.
I don't want to deal with my neighbor's router and its connections anymore. It takes a lot of time and doesn't work.
Thank you for trying to help me figure this out, but at this stage, I've already realized that digging deeper into the issue of my neighbor's router is not worth the effort.
Yup, same here. But if they allow you to use your own 4G router for post-paid data plans (called fixed wireless here), then the prepaid options also work on MT gear. Even when a provider makes it so you have to use their routers, most times you can still use their prepaid SIMs.
All three of our mobile providers allow (donât block) their prepaid SIMs to be used with MT gear, with only one blocking post-paid (on account) fixed wireless using anything else but their equipment.
Remember, the object of the game here is to prove you can connect, once proven youâll probably want to find a provider who will allow the use of your own 4G router on their network. That, or another method of gaining access to the internet with as less hoops to jump through as possible.
Itâs a shame you donât have a MT LTE device. Having one would allow you to buy a prepaid SIM for a few providers, insert one at a time in the MT 4G router and see whether they âlight upâ on their network, even before you pay for a plan. You could then check which ones use public IPs and go from there. BTH will work with CGnat, but always best if you can get a public IP. It maybe still possible with a 4G dongle, but youâd need to be able to get access to itâs web UI to see whether each SIM will work and set up that providerâs APN. I hope this makes sense.
All the best, and let us know how you get on, eh?
Back to the original question, so if you say Back to Home works fine for you, but you want something else that is not BTH and still works? You can try ZeroTier, it also works with heavily restricted networks.
BtH, Wireguard, ZeroTier, etc.
All of these require the installation of software on the client side in order to access devices.
I wanted to access devices without any clients, using only a public address where the server accepts requests and redirects them directly to these subnets.
I already have a VPS for such purposes, but unfortunately, I am not satisfied with the delay.
And BtH only exists on mobile platforms.
IPSec. Most clients support it without special software.
But Public facing RDP is NEVER the correct answer 
I have already found the right provider that offers unlimited mobile Internet (only for smartphones) where I can also enable a static IP address.
When and if I get to this solution, I will definitely try it.
1 Like
I don't want to have âanyâ additional connections from my work PC(via clients software).
If I activate any VPN, or the same IPSec, then my work PC will be on a different subnet, and I can't do that.
Even if we assume this scenario, it complicates administration in places where I don't even have administrator rights.
I still don't understand the situation. BTH also requires to install something. If you need âanyoneâ to access your server, without software on their device, all you can do is buy a public IP from the ISP (and ask to remove restrictions) or host your service elsewhere.
1 Like
Normis, he wants to be able to appear to be conducting normal traffic from his work place but somehow reach his home network, in some sort of secure manner. A reverse proxy type scenario I think.
He cannot frig with work networks and has no real access to the router that provides internet to him and thus the search for his own provider to at least have some reasonable flexiblity in the WAN side of his home network.
1 Like
also no software in his own computer can be installed?
I can install anything I want on my own PC and use anything I want on my own PC.
But I can't do the same on work PC.
Look at Tailscale. You will need to intall on a PC or Raspberry Pi (or some other supported hardware, perhaps a container on a sufficiently powerful MikroTik) at your Home.
Then you can connect from a remote PC with tailscale installed and with access to your personal tailnet.
How to get started with Tailscale in under 10 minutes Note the video is 10 minutes (not the time to start with no knowledge to a working solution). But it is a good overview of what it is and how it can be used.
I use it, and it is a good solution.