Hello!
I have an ISP router with NAT and dynamic IP.
I want to set up VPN Server on the Mikrotik (MT will be connected to the ISP router) and connect to VPN provided by MT by DDNS (form Mikrotik) from outside.
The IP on ISP router is dynamic.
I want to configure DDNS on MT router that is behind the ISP router (which with dynamic IP).
is it sounds ok?
Do I need port forwarding on ISP router if I have DDNS configured on MT?
I think what Sob and rextended are missing in this discussion is your desire to use the IP cloud service on the router.
However if it is the client for Wireguard for example, its the ISP routers ISP address you need and one can add a free dydns type service to that WANIP etc…
However here is the interesting tidbit, on my ip cloud for a Switch behind the router, the homeIP is the actual ISP of the IP address. So technically I could use the IP cloud URL for the switch as an entry argument for a wireguard client endpoint address.
This means one could use the ip cloud of a device behind the router for certain things…
However as noted, one still has to forward the ports from the ISP to the secondary device for traffic flow (port forwarding_.
Assuming you are using the MT device behind your ISP device as the server in a connection…
Yes, just port forward the port to the MT WANIP which is the same as the LANIP of the MT device on the ISP router network.
you will need a input chain rule for that port allowing access to that port UDP
If you have clients coming in on your wg connection and expecting internet access you will have another issue to deal with.
You have to source nat the clients to the IP address of the MT device so that the ISP router knows where to send return traffic from the internet.