just tried to tell it all in subject field We are about building our network, where we use MT router. From that central point, we want to distribute to two kinds of nodes:
5GHZ, locally 2.4 GHz APs
retranslation nodes, which will forward on 5GHZ to other nodes
The question is, what IP strategy to take? From external network, I can get to central MT machine, using winbox, webbox, whatever. But how can I manage my other RB532 MT nodes? Should I route somehow on specific ports traffic for winbox to work? (I will not configure the network, so my questions might be pretty lame, I know , or is it wise to assign such nodes public IPs? My brother suggest exactly that, but what if I later want to interconnect two users on local network, so that their traffic would not go via main router e.g.? Or public IPs here would not be a problem?
Just curious how you guys build your network’s IP strategy-wise.
You can use public IP addresses and the other option is to use private addresses on the inside and then VPN (like PPtP) into your network and manage it like that from the internet. This has the advantage of only having to harden one router against external (internet) attack.
Any free VPN clients around MT can work with? What about OpenVPN. IIRC it is not full-fledged VPN client, but I read good reviews on it. Any other suggestions?
pekr, there is possibility to setup other tunnels too (L2TP, IPSec, etc.).
one note, if you will have other routers behind one public IP address (Main MT router), than probably, there might be some problems accessing routers via Winbox from public networks.
That is why you use the VPN into the Public facing MikroTik router, you get assigned an IP address (private one) that is routable accross your wireless network so Winbox will work and you can manage other devices too that have private adresses without any need to do dst-NAT at all.
We are about building our network, where we use MT router. From that central point, we want to distribute to two kinds of nodes: