I am looking for a way to access a MikroTik LtAP that’s connected to the internet via an LTE connection. The use case looks like this: the LtAP is connected to a Network device’s console port (Switch, Router …) via its serial0 interface and to the internet via LTE. So in essence I want to be able to have a remote console connection basically from anywhere I may roam. Problem is that Mobile Providers use RFC1918 addresses which results in no public address to be used for a direct SSH access.
How can I circumvent that problem? I thought of a reverse SSH tunnel connection or some other kind of tunnel, but that means I always to carry the other tunnel end (piece of hardware) with me.
Does anyone have such a setup running or an idea how to set it up with reasonable effort.
The typical solution to this problem is that you have a VPN server and each router connects to it automatically once it gets signal. So from the server you can reach any of the devices.
It will cause idle traffic, though, as keeping alive the connection is the only way to have it available when it is needed.
@nostromog is right, most LTE carrier NATs require the remote router to initiate the connect, and can’t just listen on a port.
The other alternative is to get a static IP from your LTE provider. In the US, the carrier charge a fee to setup once, then a small fee per month to have a static public IP address. We use this method, then run enable a VPN server on the Mikrotik. With a public IP address from our LTE carrier, the ROS can then listen for VPN traffic, and then access the serial port or whatnot.
Twilio’s SIM cards have “preview” feature that offer LTE with “built-in” VPN tunnel, so you don’t need a static IP nor a SSH tunnel server. Haven’t tried it since we already did the paperwork to get static IPs directly, but might be worth a look too: https://www.twilio.com/docs/wireless/vpn