I’m a newly baked MikroTik user, and I’m asking for help with this really basic, but challenging for me task of setting the router to allow my computer to be accessed via VNC from outside world.
I’ve watched videos on the internet and read topics on this forum on the subject, tried to follow this topic here, but still was not able to achieve the goal.
Please advise on how to open access for the outside world to VNC server on 192.168.8.254 port 8426 that is connected to the router by Wi-Fi.
Below I am attaching some relevant screenshots (click for the full-size image).
Paul, does the mobile operator give you a public IP ? Most likely not, so regardless of the router used, your device will not be accessible from the outside.
This is quite an advanced topic for me, and unforutnately I did not succeed in reaching my goal from following videos and tutorials on this subject elsewhere.
I hoped that someone could mention a specific set of rules for my device.
I don’t have a static/fixed IP, but I don’t think it is a must, and my MikroTik router even has a built-in DDNS feature.
Just before switching to the MikroTik LMT LTE18 router, I had a simple Huawei LTE router (mobile operator TELE2, with dynamic IP), and I was connecting to my computer with VNC server, via a free DDNS service, without issues.
Huawei router was dumb enough for me to configure port forwarding, but MikroTik is too smart for my skill
So you haven’t public IP address, this IP is from LMT internal network for clients, which is behind some NAT. Because they haven’t dst-nat from real public IP to your router’s external LTE interface, you can’t establish VNC connection. You should ask LMT for real public IP. It can be dynamic, you can use DDNS.
You can pay LMT to get real IP and consequently, ability to remote into your device. This is a paid service.
Without a real IP address, your only option is to have another router somewhere else, then do a VPN tunnel from your LMT router to the other router, and do remote to that one.
My previous setup (before the MikroTik router) was as follows:
• Huawei LTE router, which had an easy menu where I could open a port for the VNC server;
• dynamic IP by TELE2 mobile operator provider;
• No-IP service (noip.com) that, for free, assigned the xxxx.hopto.org hostname to my dynamic IP.
And I easily connected to my computer from another computer via VNC.
Could you please advise (in a broad sense) how the MikroTik/RouterOS are different from a standard consumer router like my old Huawei, for something like I described above not to work without the static/fixed IP or an additional router?
Previously you had dynamic, but still public IP. Obviously.
Now, your IP is private (doesn’t even matter it it is static or dynamic).
Without public IP it won’t work on any router.
Oh, so it is the Internet connection service that is the issue here.
Thank you all for taking your time to get this message through my skull.
I will enquire with my internet service provider about the public IP option.
Hopefully it would be possible to add this option, and then I’ll be back with my question about the settings for the device; hopefully you would not mind me bugging you again with this
This whole thread seems a bit pointless, because you really don’t want to be running an unencrypted protocol with poor security open to the world in the first place.
Unless you want to get hacked or have information stolen of course…
Still, I recommend establishing a VPN tunnel before making a VNC connection. And like said above, changing internet service (or asking them politely) to give you a public IP address (static or dynamic, doesn’t matter).
By the way your router also has a built-in DNS service, just like “NO-IP”., you would not have to set it up separately. It’s enabled by default.
The mobile service provider added the GPRS Plus option to my connection, and my router now has a public IP address, like so:
Thank you normis for your strong suggestion about the VPN tunnel, but for the moment I have only one router.
As such, it would be awesome if someone could please advise about the rules for my device to open access for the outside world to VNC server on 192.168.8.254 port 8426 that is connected to the router by Wi-Fi. I have posted a picture with the device’s interfaces in the 1st post, as well as pictures with the default rules.
You don’t need another one.
You establish VPN connection from a remote PC to your router, and then you run VNC inside VPN.
That is the secure way to do that.
Meanwhile, I was able to do the basic port forwarding (and consequently VNC) with this tutorial (just substituted the port number, IP address, and the interface (to “lte1”)). I also added an exact same rule also for the “udp” protocol, as RealVNC prefers it over the “tcp” protocol.
