There are easier ways to do illegal stuff, than to compromise a family member
BTH allows also that. You can open BTH and send your brother “Request for access”. All he needs is to approve it.
I agree, just with this feature you have social engineering vector more feasible due to its simplicity.
Well, the OP’s issue is RB750 doesn’t run back to home (BTH). It does run WG, so a “manual” process may be possible if one side has a static IP. But @normis is right, being able to “convert” a RouterOS login into a WG client in a couple taps in an app is pretty handy.
But if you have static IP, it really should just be a multi-step process as described in docs or @anav’s WG compendium post.
FWIW there was a recent discussion on the RB750 vs. hAPaxLite (later of which does support BTH) here if the OP wanted to swap routers:
http://forum.mikrotik.com/t/hap-ax-lite-vs-hex-750gr3/171771/1
Well, in that case, we should all stop using internet as there is always possibility that someone get hacked. Or use some of the VPN providers that “keeps your data safe”.
Mikrotik provided nice tool for all of us that don’t have access to public IP. And as always there will be some people that will exploit that feature.
Problem with a lot of people is that they want single button magic… They don’t want to learn how something works, they want fancy UI, wizards etc.
Thats was my point, to mitigate that maybe some option can be added for BTH to turn on connection logging (VPN->WAN) for forensic investigations or just warning text in app that if someone else is using your connection it can be used for illegal traffic on which you can have consequences.
Yea, but both of us know what will people do with this disclaimer 
That would be only good for Mikrotik, if some customer gets hacked or get charges for illegal activities on the Internet and they try to involve Mikrotik, Mikrotik can simply say that they had disclaimer.
The security topic is bit overtime here. But I guess I’m not see how the threat profile changes much from using BTH. If you have the RouterOS password, lots of bad stuff is possible.
And, you cannot set it up WITHOUT a RouterOS login via the winbox protocol (even if the app hides this detail). So unless winbox is open to internet, you have to be on the LAN to setup (and need the router password).
Now whether RouterOS should have better logging, that seems like a good feature request report at help.mikrotik.com…
My post for security (and legal) concern is related to sharing internet connection with others in such simple way for people who are not aware of potential consequences, not securing router or other devices in network from which you can access over LAN/VPN, that’s another thing.
Yes, my Orbi router gets that. The Mikrotik router gets a private ip inside my home network.
Internet → cable modem → Orbi router → Mikrotik router → wfh network
I’m interested in bth because it can traverse through my home router (at lease that what I gathered from my reading).
David
Thanks, checking that out now.
Thanks for all the input folks.
I ordered a hap ax2 from Amazon that should arrive Friday. I’ll give it a try and see how it works for me.
David
That be a nice upgrade. One note on ax2, all new Mikrotik come with a non-empty password – it’s printed on the label on the bottom of unit.
Yes- the new complex password is printed in almost microscopic size in smeary ink and in some cases very difficut to make out even with magnification… i.e., can’t tell the difference between 8 , B, O, 0, 1, l, etc. PLEASE try to do better on this Mikrotik..as a tech who sets up many of these for clients, my eyes and what’s left of my sanity will be most appreciative. Thanks
“BTH is free of charge if you have one of the supported devices (all new / currently manufactured mikrotik devices)”
So is there a list of what exactly is supported by BTH? Finding details has proven to be almost impossible… I see posts that ARM devices are only one’s supported, but not even all of those. But here you, official Mikrotik representative from what I can make out of your avatar, indicates “all new / currently manufactured mikrotik devices”)-- does that now mean that 3011? 4011? All items in the HEX range, ie Hex Lite? Thanks.
The tricky part is finding that list.
If it exists, it surely is on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard’ 
(together with a lot of other documentation).
Or perhaps just their website… There is a sortable product matrix: https://mikrotik.com/products/matrix
If you filter that by architecture, look for ARM, ARM64, or TILE there, which is what’s required BTH support.
TILE?
Cannot find it on that page, probably it belongs to products that are not (anymore) “new / currently manufactured”.