Hello.

I try to setup access to a Mikrotik router, which will be behind a(ny) NAT router - without changeing anything on that NAT router (like portforwarding or services like changeip.com or dyndns for keeping the dynamic ip address.)

What I have done, what is working and what fails:

I’ve configured the Mikrotik router as a PPTP-client, which connects to a PPTP-Server (not Mikrotik). Connect ist working (pptp-out interface is running) and I’m getting the fixed IP for that account. IP-address is assigned to my pptp-out-interface.

As long as I have traffic on my pptp-out interface I can ping the Mikrotik router behind NAT from outside this network via it’s public IP, received by pptp. Access via ssh is working.

As soon as I don’t have traffic on the pptp-out interface, I can not reach the Mikrotik router anymore.

I can stop generating traffic from the Mikrotik itself if I keep ping-ing the Mikrotik from outside (traffic is generated on the pptp-out-interface). As long as I have traffic on pptp-out I can reach the IP, assigned to the pptp-out-interface.

The pptp-out-interface is marked as running all the time. Connection to the PPTP-server is established.

Any ideas, what’s wrong with my setup?

[admin@MikroTik] > /ip address print
Flags: X - disabled, I - invalid, D - dynamic

ADDRESS NETWORK BROADCAST INTERFACE

0 10.10.0.121/24 10.10.0.0 10.10.0.255 ether1
1 D 1.2.202.23/32 1.2.202.1 0.0.0.0 pptp-out1

[admin@MikroTik] > /interface pptp-client print
Flags: X - disabled, R - running
0 R name=“pptp-out1” max-mtu=1460 max-mru=1460 connect-to=1.2.206.1
user=“ap-1” password=“password” profile=default-encryption
add-default-route=no allow=mschap2

1.2.202.23 is the official IP. 1.2.206.1 is the PPTP-Server (aka 1.2.202.1).

Mikrotik version is 2.9.30

Thanks in advance for any hints,
insel