Hello everybody.
My Mikrotik router (RB951Ui-2HnD) is behind private IP (LTE, no way to get public IP) and I have to manage it remotely.
I was able to connect it to my office server (Softether VPN, public IP) using Mikrotik L2PT client.
How I can get access by Winbox to Mikrotik in this case?
Thank you in advance.
The answer to the question is simple…
Since you are connected to your Offices VPN Server through L2TP, your Mikrotik has an IP assigned from the VPN Sever…
Lets say your VPN Server at the Office is the 10.10.10.1 and has assigned the address e.g 10.10.10.254 to the Mikrotik…
At your Mikrotik you must then allow in the Input Chain access from the L2TP Interface, in case you block access in the input chain from non LAN Interfaces…
Case 1: if you are inside the Office you will be able to access Winbox by just using the address 10.10.10.254
Case 2: If you are outside the Office, you must first create a second L2TP connection between your computer and the Office, you will be assigned lets say 10.10.10.253, so again you will still be able to reach 10.10.10.254…
Notice, i do not know what firewall policies your Office VPN Server might follow… So obviously nothing of the above might work… But this does not have to do with the Mikrotik VPN Client…
You have some options.
- Get port forward through the LTE (may not be possible) to the RB951
- Setup an L2TP/IPSec or other VPN from the RB951 to a sentral host.
a. once a week for 15 min so you can reach it at a give period
b. permanent VPN so you can reach it all the time.
Since it looks like you already have a VPN setup, it just up to route the Winbox/SSH etc correctly to reach the RB951 through the VPN tunnel.
Hello.
Thank you for all the answers.
As I mentioned, I can establish communication with my office server and everything is ok from its side.
Unfortunately I still cannot connect to Mikrotik via Winbox from my office.
Please see attached screenshots for your reference.
I believe the problem lies on Mikrotik side and its configuration.
From the sentral router, can you ping the remote router IP (or even do an ssh) /system ssh x.x.x.x
Can i see your NAT rules as well? Unless anything strange happens there, your office router possibly blocks you…
Please see below:
Did you ask the office IT if this was permissible…
It is my home office and I am the admin 
haha then check your office router as well…
You should at least be able to ping the home router from your office…
Notice, you do not need any routes,NAT or anything at this point…
You have a VPN server e.g 10.10.10.1/32 and a VPN Client 10.10.10.2/32, as soon as the tunnel is established you must be able to ping each other with no additional configuration…
If you cant…check the office’s firewall and NAT rules in case they mess something…