get through to home system from work

cylent · June 18, 2006, 4:42am

i want to be able to create a tunnel to my home computer from work so i can VNC into my home computer.

Since my experience with RouterOS is very limited i’d like some help please.

andrewluck · June 18, 2006, 5:11am

http://www.mikrotik.com/docs/ros/2.9/interface/pptp

Regards

Andrew

cylent · June 18, 2006, 5:19pm

ok that worked
sadly i am on satellite internet and i dont know my ip.

in any case what i really want to do is connect my winbox remotely to my server.

is this possible?

so from work i want to open winbox for my server.

maroon · June 19, 2006, 4:42pm

you should know the IP Address of the wan interface, and you must enable the port 80 on /ip service set www enabled=yes. so you can download winbox and access it remotely, I prefer to use SSH instead of winbox.
is winbox that secure?

Regards,

cmit · June 19, 2006, 5:23pm

Port 80 isn’t needed anymore for a WinBox connection. You just would have to enable it to download the Winbox.exe itself.

And if you feel WinBox communication with the RouterOS machine isn’t secure enough and you like SSH, you can always tunnel your WinBox connection over a SSH connection …

Best regards,
Christian Meis

cylent · July 2, 2006, 6:19am

can you please tell me how thats accomplished?

cmit · July 3, 2006, 7:19am

Really, I think WinBox encryption should be good enough, but anyway:

Let’s take PuTTY as SSH client in this example.
Open PuTTY, enter the destination address (your RouterOS ip address), but do NOT click the “Open” button to connect yet.
In the left options tree go to “Connection => SSH => Tunnels”, enter “8291” in the “Source port” field. Then type “127.0.0.1:8291” in the “Destination” field. Click the “Add” button.
Now start your SSH connection (click “Open” in the lower right part of the PuTTY window).

After you have successfully authenticated your SSH session, you can start your WinBox, tell to connect to “localhost” (or “127.0.0.1”) and use the username/password of your RouterOS machine to log in with WinBox (tunneled via your SSH connection).

You can only end your SSH connection AFTER you ended your WinBox session (as the SSH tunnel is still in use as long as the WinBox is opened).

Try this, if you want to get the extra security of an SSH layer above the WinBox encrypted communication.

Best regards,
Christian Meis

cylent · July 3, 2006, 7:41am

oddly enough i can get a response by pinging and i can ftp into the router from work but i cant telnet //ssh or winbox to it

cmit · July 3, 2006, 8:20am

Have you disabled telnet/ssh in “/ip services”, by any chance?
Or does a firewall rule reject those connections?

Tried to do a layer 2 (MAC-telnet/MAC-WinBox) connection?

Best regards,
Christian Meis

cylent · July 3, 2006, 8:24am

no i have not disabled them and there isnt any firewall rule to reject them

I havent tried the Layer 2 you’re talking about. I dont know how to.

i fear the problem maybe a work firewall?

cmit · July 3, 2006, 10:19am

That might very well be the case…

The layer 2 approach will only work if you’re on the same physical network segment with your router (i.e. “at home”) - sorry for that confusion…

Best regards,
Christian Meis