Carrier Grade NAT + Remote monitoring / management

nikc · September 8, 2016, 11:32am

Hi all.

This maybe more of a Linux question ultimately … but I will start here to make sure the concept works !

I have an SXT-LTE that I use to work from home with, no broadband here !

The SXT-LTE works like a charm but only gets an IP address from my provider that is allocated from the carrier grade NAT pool, so I cannot get to it from the outside world sadly.

If I where to want to manage / monitor this box remotely I think my only real option is to establish a VPN from the SXT-LTE to a remote VPN server (I have a soft-ether VPN server running).

My question really is … would this be even possible ? The remote VPN server has only one IP address so I’m not sure if it would even work for remote access to Winbox / Webfig … if it would be possible … could I use this VPN for multiple SXT-LTEs and still be able to at least manage them ? Possibly do some kind of monitoring to check they are up also ?

Thanks

NikC

nikc · September 12, 2016, 8:44am

I’m guessing not possible then ?

LaRP · September 12, 2016, 11:32am

Short answer: Yes it is possible (but if the SXT-LTE license allows for it to setup a VPN client im not sure of)

Long(ish) answer: Mikrotik devices support many VPN types, IPSec/l2tp is probably the easiest to setup imo and seems to be supported by soft-ether.

So if you setup the SXT-LTE to connect to your soft-ether server and not the other way around, it should be possible.

http://wiki.mikrotik.com/wiki/Manual:IP/IPsec

alinabl05 · January 30, 2018, 11:03am

Yes we can use SXT LTE to VPN server.SXT LTE is a SXT device, and doesn’t include a 802.11 wireless device..So by using VPN of SXT LTE we can do https://www.fltcase.com/remote-monitoring-management.php