Hi,
I have several Mikrotik routers connected to modem and routers where the ports cannot be open for the regular access. Is there a solution to remotely access the router when the ports are closed? Any service/solution? Some of those routers are over 200km away from my location and is being impossible to perform maintenance so I really need a soluition, please!!
Thanks!!
Port Knocking or VPN
After reading about Port Knocking, looks like my solution is the VPN.
Then I found a lot of links with a lot of different explanations… can you give me some directions about what type of VPN should I configure in the router to get remote access without opening ports in the modem/routers that are between Internet and my device?
Thanks!!
For anything you need to open ports… VPN included. You could mix VPN and port knocking, but unless you know the source and destination IP you need to open a port.
-Eric
Not good 
, I can’t open the port on many locations… I expected to find some solution (even paid) to solve this and manage to get remote access to the routers bypassing the devices in the middle…
I’m really confused. You want remote access to devices while you want to block remote access? How do you propose to access a device if you close all of the ports? Or do you not have access to the devices in the middle?..
You don’t need to globally open the ports… say if you know you are only connecting to them from a specific IP for remote management you can open a port to only that port.
If you don’t have access to the devices in the middle you could have the remote sites VPN in to a central site and use that for remote management. (e.g. manage backwards).
Hi Eric,
Let me give you a simple example of my problem:
I have one RB951 connected to one ADSL modem/router that has a DHCP Server enabled so my router is getting a local IP. Is not possible to switch this modem to bridge mode or to open ports so I can’t access my router, this is why I was asking for some solution to bypass this modem and get remote access to my device. Any idea? I guess I’m not the only one under this scenario…
Thanks!!
Oh, I think I got you now… you suggest to have the devices connected to a VPN installed in some server and then I can connect to the same VPN and access the devices, right?
In that case, is Open VPN the most simple solution in your opinion?
Start a sstp tunnel from each of your devices to some place you can accept incoming connections. You will no need to open any ports on those client devices, just on one server side.
But you will need to accept incoming connections in the device from the tunnel anyway.
use vpn
using scripts you can deal with dynamic ip changing
Any VPN would work. Basically you need a “admin network/router”… have all of your remote routers VPN in to the “admin” network. Only way I can think of if you don’t have access to make inbound requests. If one of the boxes dies/fails to establish the vpn though you are pretty much out of luck,.
Thanks for all the answers, is clear that a VPN is the best solution and probably SSTP the optimal one because the port 443 will always be open.
My problem now is the creation of the VPN. I was trying to configure the VPN in a VPS but I guess there are hosting company providing already VPN Servers ready to use, no? Do you know any?
Thanks!!