Community discussions

 
User avatar
janisk
MikroTik Support
MikroTik Support
Topic Author
Posts: 6248
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

New IP cloud is coming.

Tue Jun 12, 2018 3:22 pm

Starting since 6.43rc21 new ip-cloud implementation is available for the first adopters. The feature set for now is the same as in older versions however that is about to change. It has improvements in security, responsiveness and expandability.

Current upgrade path:
1) disable ip-cloud /ip cloud set ddns-enabled=no
this is to remove your entry from the old database, so when you decide to not use the feature in newer version, it would not return your old address.
2) upgrade to verion 6.43rc21 or newer
3) enable the ip-cloud /ip cloud set ddns-enabled=yes
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1759
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: New IP cloud is coming.

Tue Jun 12, 2018 4:12 pm

/ip cloud set sdwan-enabled=yes

;)
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
Samot
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sat Nov 25, 2017 10:01 pm

Re: New IP cloud is coming.

Tue Jun 12, 2018 6:05 pm

/ip cloud set sdwan-enabled=yes
Ugh. Just, ugh.
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1093
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: New IP cloud is coming.

Tue Jun 12, 2018 6:50 pm

Multi-WAN support for DDNS pretty please?
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
bommi
just joined
Posts: 23
Joined: Fri Jan 24, 2014 9:13 am
Location: Germany
Contact:

Re: New IP cloud is coming.

Tue Jun 12, 2018 10:07 pm

Will we get IPv6 Support?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8029
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: New IP cloud is coming.

Wed Jun 13, 2018 12:26 pm

Will we get CHR support? :)
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4578
Joined: Mon Jun 08, 2015 12:09 pm

Re: New IP cloud is coming.

Wed Jun 13, 2018 2:13 pm

Will the cloud time accuracy be more reasonable?
I mean, I could live with a 2 second error and a 1 second resolution but more than that is really sub-par.
(especially as NTP and SNTP work OK but are not enabled by default as the cloud time option is)
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 211
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: New IP cloud is coming.

Wed Jun 13, 2018 4:06 pm

It was maintained backward compatibility with previous versions or the BugFix or Current versions? with the problems kept?

How does MK release a new Cloud that works better only with RC firmware?

I can not put the RC in production.

I prefer to disable the cloud of MK and use a DDNS own that I have configurate.
I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8029
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: New IP cloud is coming.

Wed Jun 13, 2018 6:29 pm

with the problems kept?
What problems?
How does MK release a new Cloud that works better only with RC firmware?
Any feature is first released in RC. Then it becomes 'current'.
I can not put the RC in production.
You must not do this. Use RC only in controlled test environments.
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
Sob
Forum Guru
Forum Guru
Posts: 3278
Joined: Mon Apr 20, 2009 9:11 pm

Re: New IP cloud is coming.

Wed Jun 13, 2018 9:19 pm

Will we get CHR support? :)
You would need to find something else than serial number to use for hostname. There's System ID, but it seems to be generated randomly, so it might not be unique. It also seems to make a difference between case of letters, so it would not work well with dns either. But I'm sure something could be invented, at least for licensed instances.

Btw, with security being a big topic lately, it would be interesting to know, how this whole thing works. I mean, when there's regular DDNS service, it depends on username/password. Nobody else can know it, so it's not possible to send fake requests for updates. But what is here? I don't see any unique secret unknown to anyone else. If I learn someone's RB serial number, is there anything else than so far unknown algorithm how to generate a valid request?
 
Paternot
Member
Member
Posts: 374
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: New IP cloud is coming.

Wed Jun 13, 2018 9:47 pm

Will we get CHR support? :)
You would need to find something else than serial number to use for hostname. There's System ID, but it seems to be generated randomly, so it might not be unique. It also seems to make a difference between case of letters, so it would not work well with dns either. But I'm sure something could be invented, at least for licensed instances.
md5sum of the license number? Kinda big, but...
 
User avatar
macsrwe
Long time Member
Long time Member
Posts: 613
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: New IP cloud is coming.

Wed Jun 13, 2018 11:08 pm

It has improvements in security, responsiveness and expandability.
Maybe a little elaboration on this, so I can decide if I care? I use this feature only to locate MikroTik routers I have installed that don’t have static IP addresses.


Sent from my iPhone using Tapatalk
 
User avatar
doneware
Trainer
Trainer
Posts: 421
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: New IP cloud is coming.

Thu Jun 14, 2018 6:41 pm

Will we get IPv6 Support?
old cloud was v4 only, w/o any theoretic chance for ipv6 support.
cy-bear:~ bat$ host cloud.mikrotik.com
cloud.mikrotik.com has address 81.198.87.240
but RCs use cloud2...
cy-bear:~ bat$ host cloud2.mikrotik.com
cloud2.mikrotik.com has address 159.148.147.201
cloud2.mikrotik.com has address 159.148.172.251
cloud2.mikrotik.com has IPv6 address 2a02:610:7501:1000::201
cloud2.mikrotik.com has IPv6 address 20a2:610:7501:4000::251
now putting it to the test:
a box w/o ipv4 address, but full access to ipv6 internet supposed to be able to connect the v6 hosts.
[admin@tgcpe2] /ip cloud> /ip dns cache print 
Flags: S - static 
 #   NAME          ADDRESS                                         TTL         
 0 S router.lan    192.168.88.1                                    1d          
 1   ttt0-cegle... 2001:4c48:xxxxx::1                             40s         
 2   tgcpenms.d... 2001:4c48:xxxxx::3                               20m6s       
 3   cloud2.mik... 159.148.172.251                                 1h16m16s    
 4   cloud2.mik... 159.148.147.201                                 1h16m16s  

[admin@tgcpe2] /ip cloud> /ip cloud print 
    ddns-enabled: yes
     update-time: no
  public-address: 188.6.129.21
          status: connecting...
we're not there yet.
#TR0359
 
User avatar
janisk
MikroTik Support
MikroTik Support
Topic Author
Posts: 6248
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: New IP cloud is coming.

Fri Jun 15, 2018 11:19 am

To give more authoritative weight behind some excellent answers given by other users:
1) do not put RC in production - all new features come to RC, then get into current and only then it is placed into bugfix.
2) backwards compatibility was considered and then removed. So no, to use this, you will need to wait for stable and/or bugfix release to use in production
3) the new cloud works much faster, so the precision will be better - this is for setups where you cannot run NTP/SNTP or don't need the time so precise. This is enabled by default to get some, any time for logs where a user could benefit from seeing a time of occurrence. The moment you get NTP/SNTP time IP-cloud time service stops even if enabled.
4) it is not possible to send fake updates to the IP-cloud. To the IP-cloud your router is unique.
5) CHR - it is complicated. There is a lot of things that have to be resolved for this to become a reality.

> I use this feature only to locate MikroTik routers I have installed that don’t have static IP addresses.
this is the intended use - you are our target audience for the IP-cloud's DDNS feature

> Will we get IPv6 Support?
Yes.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4578
Joined: Mon Jun 08, 2015 12:09 pm

Re: New IP cloud is coming.

Fri Jun 15, 2018 11:57 am

3) the new cloud works much faster, so the precision will be better - this is for setups where you cannot run NTP/SNTP or don't need the time so precise. This is enabled by default to get some, any time for logs where a user could benefit from seeing a time of occurrence.
I completely understand that the cloud time is based on a http timestamp so it offers only 1-second resolution and cannot set the clock very accurately, but that was never an excuse for serving time that is wrong by 10 minutes.
It is important that the cloud servers themselves are well synchronized to NTP time and that this situation is actively monitored by MikroTik and action is taken when the served time is noticed to be drifting away from correct time.
This is already true for the IP cloud as it exists now. At this moment the cloud time is ahead by 6 seconds! Why?? By configuring NTP on the servers you can easily keep it within 10 milliseconds so the actually served time is well within the 1 second resolution of the method used.
 
User avatar
macsrwe
Long time Member
Long time Member
Posts: 613
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: New IP cloud is coming.

Fri Jun 15, 2018 5:06 pm

> I use this feature only to locate MikroTik routers I have installed that don’t have static IP addresses.
this is the intended use - you are our target audience for the IP-cloud's DDNS feature
OK... so, as I don't really care about using it for NTP or on IPV6, does this new implementation give me anything superior for my needs that would give me incentive to turn it on? Maybe I have overlooked an explanation, but I don't think one has yet been presented.
 
Sob
Forum Guru
Forum Guru
Posts: 3278
Joined: Mon Apr 20, 2009 9:11 pm

Re: New IP cloud is coming.

Fri Jun 15, 2018 8:06 pm

4) it is not possible to send fake updates to the IP-cloud. To the IP-cloud your router is unique.
It's nice to hear. I just hoped we could get a little "peek under the hood", how it works. And please don't say "secret algorithm", because when it has to be on every single router, one bored person with decompiler could be all what's needed to make it not secret anymore.

Don't take me wrong, I'm not trying to insinuate anything. I can imagine some possible ways how it could be done. E.g. if each router had some unique secret (password) stored on flash, and if you had database with <serial number>=<secret>, that would be good enough, because nobody could get the secret from someone else's router. But it would have to be something you had even before DDNS was introduced, because it works even on older RBs. Knowing that you have something like that (or even better) would help us sleep better.

And you missed this one:
Multi-WAN support for DDNS pretty please?
If it would be possible to add multiple DDNS clients (with some reasonable limit), something like (just a quick thought, there might be better way):
/ip cloud ddns
add name=wan1 routing-table=isp1
add name=wan2 routing-table=isp2
which would give us wan1.<serial>.sn.mynetname.net, etc.., it would be fantastic. Or it could be directly linked to DHCP or PPPoE client.
 
User avatar
juliokato
Member Candidate
Member Candidate
Posts: 211
Joined: Mon Oct 26, 2015 4:27 pm
Location: Brazil

Re: New IP cloud is coming.

Sat Jun 16, 2018 2:32 am

To give more authoritative weight behind some excellent answers given by other users:
1) do not put RC in production - all new features come to RC, then get into current and only then it is placed into bugfix.
2) backwards compatibility was considered and then removed. So no, to use this, you will need to wait for stable and/or bugfix release to use in production
3) the new cloud works much faster, so the precision will be better - this is for setups where you cannot run NTP/SNTP or don't need the time so precise. This is enabled by default to get some, any time for logs where a user could benefit from seeing a time of occurrence. The moment you get NTP/SNTP time IP-cloud time service stops even if enabled.
4) it is not possible to send fake updates to the IP-cloud. To the IP-cloud your router is unique.
5) CHR - it is complicated. There is a lot of things that have to be resolved for this to become a reality.

> I use this feature only to locate MikroTik routers I have installed that don’t have static IP addresses.
this is the intended use - you are our target audience for the IP-cloud's DDNS feature

> Will we get IPv6 Support?
Yes.
ok, thanks..

@chupaka: Chupa essa!!!!
I apologize my grammatical errors, my english not so good, I am not a native speaker.
Wiki is maintained in English. I use Google translator. 8)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8029
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: New IP cloud is coming.

Sat Jun 16, 2018 8:31 pm

Huh?
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
Paternot
Member
Member
Posts: 374
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: New IP cloud is coming.

Sat Jun 16, 2018 11:38 pm

Huh?
Literal translation: "Suck this".
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8029
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: New IP cloud is coming.

Sun Jun 17, 2018 1:41 pm

Sounds a bit roughly :) Let his momma slap him
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
huntah
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Sep 09, 2008 3:24 pm

Re: New IP cloud is coming.

Wed Jun 20, 2018 9:39 am

@janisk: I have multiple Clients with IKEv2 Server with RSA (Certificates). Those Certificates are made with ddns hostname (7dgfdghgssaa1.sn.mynetname.net) from IP Cloud.will the hostname remain the same. If not I have a big problem since I have to reissue all certificates to users on multiple sites.
 
Paternot
Member
Member
Posts: 374
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: New IP cloud is coming.

Wed Jun 20, 2018 10:03 am

@janisk: I have multiple Clients with IKEv2 Server with RSA (Certificates). Those Certificates are made with ddns hostname (7dgfdghgssaa1.sn.mynetname.net) from IP Cloud.will the hostname remain the same. If not I have a big problem since I have to reissue all certificates to users on multiple sites.
You can avoid the reissue problem by creating a CNAME, with the old name, pointing to the new one. Not ideal, I agree, but keeps You from reissuing the certificates.
 
User avatar
macsrwe
Long time Member
Long time Member
Posts: 613
Joined: Mon Apr 02, 2007 5:43 am
Location: Arizona, USA
Contact:

Re: New IP cloud is coming.

Wed Jun 20, 2018 10:05 am

@janisk: I have multiple Clients with IKEv2 Server with RSA (Certificates). Those Certificates are made with ddns hostname (7dgfdghgssaa1.sn.mynetname.net) from IP Cloud.will the hostname remain the same. If not I have a big problem since I have to reissue all certificates to users on multiple sites.
You can avoid the reissue problem by creating a CNAME, with the old name, pointing to the new one. Not ideal, I agree, but keeps You from reissuing the certificates.
I don’t understand the solution. Certainly the administrator of mynetname.net could do that, but that’s not him.


Sent from my iPhone using Tapatalk
 
huntah
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Sep 09, 2008 3:24 pm

Re: New IP cloud is coming.

Wed Jun 20, 2018 11:26 am

@janisk: I have multiple Clients with IKEv2 Server with RSA (Certificates). Those Certificates are made with ddns hostname (7dgfdghgssaa1.sn.mynetname.net) from IP Cloud.will the hostname remain the same. If not I have a big problem since I have to reissue all certificates to users on multiple sites.
You can avoid the reissue problem by creating a CNAME, with the old name, pointing to the new one. Not ideal, I agree, but keeps You from reissuing the certificates.
I don’t understand the solution. Certainly the administrator of mynetname.net could do that, but that’s not him.
As pointed out it is not possible to add a CNAME for domain that is not mine :).
Maybe it will be enough to Re-issue IKEv2 VPN Server Cert and set it on VPN Server and redistribute CA public Cert to users if needed (if they only have public Cert of VPN Server and not CA)...

Damn I wish a native solution for LetsEncrypt (DNS-01 would be enaugh for me :))
 
User avatar
janisk
MikroTik Support
MikroTik Support
Topic Author
Posts: 6248
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: New IP cloud is coming.

Wed Jun 20, 2018 12:26 pm

@janisk: I have multiple Clients with IKEv2 Server with RSA (Certificates). Those Certificates are made with ddns hostname (7dgfdghgssaa1.sn.mynetname.net) from IP Cloud.will the hostname remain the same. If not I have a big problem since I have to reissue all certificates to users on multiple sites.
The hostnames will be the same for the same router. Do not worry about that.

If anything - the new DNS servers are already up and running and responding to all querries.

The domain name will always be tied to the serial number of the router. If you are going to change routers - then you better create on your your own DNS server CNAME entry that points to the <SN>.sn.mynetname.net FQDN. It will not be possible to assign your 7dgfdghgssaa1.sn.mynetname.net to another router.


And sure you can create an entry in bind something akin to this:
my.domain.example. IN CNAME 7dgfdghgssaa1.sn.mynetname.net.
This is not only that is allowed, that is encouraged.

p.s. yes, the dots in that snippet are important. all of them.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4578
Joined: Mon Jun 08, 2015 12:09 pm

Re: New IP cloud is coming.

Wed Jun 20, 2018 12:53 pm

When you have your own DNS, why would you bother with something like "IP cloud"? You can make the router update your own DNS directly.
The usability of something like "IP cloud" is for those that want something like this without doing the work themselves.
 
pavanear
just joined
Posts: 1
Joined: Thu Mar 01, 2018 12:42 pm
Location: Bangalore
Contact:

Re: New IP cloud is coming.

Wed Jun 20, 2018 1:23 pm

Will get CHR support? :)
 
User avatar
janisk
MikroTik Support
MikroTik Support
Topic Author
Posts: 6248
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: New IP cloud is coming.

Wed Jun 20, 2018 2:34 pm

When you have your own DNS, why would you bother with something like "IP cloud"? You can make the router update your own DNS directly.
The usability of something like "IP cloud" is for those that want something like this without doing the work themselves.
it is all about ease of use. Just check the box and you got your static FQDN for your router. Got your own DNS server, use those DNS names for CNAMEs.
 
jarda
Forum Guru
Forum Guru
Posts: 7437
Joined: Mon Oct 22, 2012 4:46 pm

Re: New IP cloud is coming.

Wed Jun 20, 2018 3:23 pm

Not to use ip cloud is much easier than using it. Own dns is reliable and stable working in comparison to mikrotik ip cloud service. The same applies to time server too. I wish ip cloud related settings were fully off by default. And any other even future calling home features also.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4578
Joined: Mon Jun 08, 2015 12:09 pm

Re: New IP cloud is coming.

Wed Jun 20, 2018 3:37 pm

To make ip cloud anything near useful it should provide a VPN service for management.
You create an account, then you register your routers under it and they (optionally) setup a VPN connection to the cloud server and you can connect
your winbox to the devices registered within your account.
That would add some value as it enables the remote management of routers that are on dynamic addresses, by users on dynamic addresses,
without exposing the management ports on the internet. And it also works for routers that are behind ISP NAT routers or CGNAT.
The IP cloud servers would be VPN servers that offer separate virtual networks per customer.

(in fact my initial understanding of the IP Cloud function was that it provided this functionality, instead of being yet another DYNDNS clone)
 
jarda
Forum Guru
Forum Guru
Posts: 7437
Joined: Mon Oct 22, 2012 4:46 pm

Re: New IP cloud is coming.

Wed Jun 20, 2018 4:19 pm

Actually this would put the mikrotik in the middleman role. It has to be considered as unsafe. I understand that some people do not care about it, but I rather build my own management network instead of rely on services that I cannot control and that can do whatever I do not know what above what they promote.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4578
Joined: Mon Jun 08, 2015 12:09 pm

Re: New IP cloud is coming.

Wed Jun 20, 2018 4:45 pm

Actually this would put the mikrotik in the middleman role. It has to be considered as unsafe. I understand that some people do not care about it, but I rather build my own management network instead of rely on services that I cannot control and that can do whatever I do not know what above what they promote.
Me too, but that is why I don't use IP cloud and probably you don't use it either. But, i can understand why a service like that would be worthwile, considering the vulnerability problems we have seen lately.
Those affected usually had enabled remote management without configuring a VPN. Apparently it is too difficult for many of those wannabe WiSP guys to setup a secure management network, and MikroTik could help by providing that facility via IP cloud.
(of course IP cloud would be nothing more than a passthrough, so authentication of the admin to the router in winbox would still be in place)
 
Sob
Forum Guru
Forum Guru
Posts: 3278
Joined: Mon Apr 20, 2009 9:11 pm

Re: New IP cloud is coming.

Wed Jun 20, 2018 4:49 pm

When you have your own DNS, why would you bother with something like "IP cloud"?
Because there's difference between "domain with DNS servers under your control" and "domain with DNS hosted somewhere else". If you have own servers, you don't need MikroTik's DDNS (even though it might still be easier for some to use it, as it's just one click away). But with hosted DNS (e.g. offered by domain registrar as free bonus with domain), there's often no automated access and all changes have to be made manually in some web interface. That's where CNAME is the right solution.
 
Paternot
Member
Member
Posts: 374
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: New IP cloud is coming.

Wed Jun 20, 2018 9:30 pm

@janisk: I have multiple Clients with IKEv2 Server with RSA (Certificates). Those Certificates are made with ddns hostname (7dgfdghgssaa1.sn.mynetname.net) from IP Cloud.will the hostname remain the same. If not I have a big problem since I have to reissue all certificates to users on multiple sites.
You can avoid the reissue problem by creating a CNAME, with the old name, pointing to the new one. Not ideal, I agree, but keeps You from reissuing the certificates.
I don’t understand the solution. Certainly the administrator of mynetname.net could do that, but that’s not him.


Sent from my iPhone using Tapatalk
My mistake - I misread the domain: thought it were his own.
 
huntah
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Sep 09, 2008 3:24 pm

Re: New IP cloud is coming.

Thu Jun 21, 2018 10:37 am


The hostnames will be the same for the same router. Do not worry about that.

The domain name will always be tied to the serial number of the router. If you are going to change routers - then you better create on your your own DNS server CNAME entry that points to the <SN>.sn.mynetname.net FQDN. It will not be possible to assign your 7dgfdghgssaa1.sn.mynetname.net to another router.
Thanks Janisk for the confirmation, that everthing would stay the same only better (in my case :).. no pun intended).

As for why DDNS in IP Cloud. Sometimes I cannot get static IP and in past I have relied on DynDNS and others.. But now almost all want same sort of 30 day or something to renew the hostname (free editions). Therefore the IP Cloud is free and simply working. Not to mention manual script/Schedule to update the IP...
 
User avatar
janisk
MikroTik Support
MikroTik Support
Topic Author
Posts: 6248
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: New IP cloud is coming.

Thu Jun 28, 2018 12:21 pm

Actually this would put the mikrotik in the middleman role. It has to be considered as unsafe. I understand that some people do not care about it, but I rather build my own management network instead of rely on services that I cannot control and that can do whatever I do not know what above what they promote.
While you find some feature not so useful to yourself and relentlessly bash them - consider that there are other features made by RouterOS developer team that you are using. This one particular - IP-Cloud - is touted by you as very unsafe and understandably so - MikroTik hasn't disclosed information - but from time to time your posts look like just bashing.

Ona brighter note - there are new features in testing, new features in the development and one feature that just came out of testing and is included in new RC - IPv6 support.

this is what "IPv6 support" entails -
*) DNS requests via IPV6
*) IP-Cloud services (DDNS update, timezone) via IPv6
*) AAAA support for *.ns.mynetname.net domains

For now - there is only AAAA OR A entry support. Due to nature of RouterOS - if you have a dual-stack router and want the IP-Cloud address to be IPv6 you have to force it via /ip dns static entry - add cloud2.mikrotik.com with these IPv6 addresses 20a2:610:7501:4000::251 and 2a02:610:7501:1000::201
 
jarda
Forum Guru
Forum Guru
Posts: 7437
Joined: Mon Oct 22, 2012 4:46 pm

Re: New IP cloud is coming.

Thu Jun 28, 2018 1:38 pm

Bashing? Maybe you feel it so. On the other hand, I am proud user of mikrotik products and software. It is full of features I like and use. I don't hide it. I advice to use mikrotik to everyone who wants to listen reasons. The opinion that ip cloud is not generally good feature and above that it can be misused (and I don't suspect mikrotik, but whoever can hack you, don't forget) is just one of few negatives. Nothing is purely white, there are also black sides. It is fair to point at them and open a discussion about. And when noone cares? Fine, why not, you can freely build your own Facebook (don't want to write "army") of routers... But I will do everything to prevent my routers to participate.

Do you think I do anything bad?
 
freemannnn
Long time Member
Long time Member
Posts: 605
Joined: Sun Oct 13, 2013 7:29 pm

Re: New IP cloud is coming.

Thu Jun 28, 2018 1:42 pm

i love ip cloud. for me is working flawless.

+easy to setup. just one click to enable it. (modem=bridge mode or wan static ip address)
+free. you buy even the the cheapest hap lite and its build into ros.
+winbox address book. add your clients ip cloud address and you have one easy support address book.

i can connect to my customers routers from my home/office so easy without having to test long scripts like dydns, noip etc.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4578
Joined: Mon Jun 08, 2015 12:09 pm

Re: New IP cloud is coming.

Thu Jun 28, 2018 4:49 pm

- when used without VPN, it requires the admin interface (winbox, ssh, webfig) to be exposed on internet, which is quite dangerous.

To have such remote support of customer routers, at least you should config a VPN service which you can connect via the DNS name (SSTP, L2TP/IPsec, OVPN).
Or, setup some "port knocking" firewall.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8029
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: New IP cloud is coming.

Thu Jun 28, 2018 5:01 pm

- when used without VPN, it requires the admin interface (winbox, ssh, webfig) to be exposed on internet, which is quite dangerous.
Isn't the same with dyndns, noip or your own ddns server? :)
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
Paternot
Member
Member
Posts: 374
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: New IP cloud is coming.

Thu Jun 28, 2018 5:13 pm

- when used without VPN, it requires the admin interface (winbox, ssh, webfig) to be exposed on internet, which is quite dangerous.

To have such remote support of customer routers, at least you should config a VPN service which you can connect via the DNS name (SSTP, L2TP/IPsec, OVPN).
Or, setup some "port knocking" firewall.
But I (and many others, I think) use it exactly to be able to connect at my house VPN!

We, who have dynamic IP, need something like this. It is not perfect, but is good enough - and it's improving.
 
jarda
Forum Guru
Forum Guru
Posts: 7437
Joined: Mon Oct 22, 2012 4:46 pm

Re: New IP cloud is coming.

Thu Jun 28, 2018 5:22 pm

Are we still talking about this?
viewtopic.php?p=669439#p669439
 
pe1chl
Forum Guru
Forum Guru
Posts: 4578
Joined: Mon Jun 08, 2015 12:09 pm

Re: New IP cloud is coming.

Thu Jun 28, 2018 5:24 pm

Are we still talking about this?
viewtopic.php?p=669439#p669439
It would be nice when that was part of IPcloud, but as long as it isn't you need to setup your own VPN or other security solution.
I'm afraid many of the users who claim to have benefit from the IPcloud DDNS are not aware of that and just connect directly to the DNS name using Winbox.
(after having modified the firewall to make that work)
 
Paternot
Member
Member
Posts: 374
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: New IP cloud is coming.

Thu Jun 28, 2018 7:18 pm

Are we still talking about this?
viewtopic.php?p=669439#p669439
It would be nice when that was part of IPcloud, but as long as it isn't you need to setup your own VPN or other security solution.
I'm afraid many of the users who claim to have benefit from the IPcloud DDNS are not aware of that and just connect directly to the DNS name using Winbox.
(after having modified the firewall to make that work)
There isn't a solution to this problem: we can't make a knife that will cut meat but not your fingers. The tool exists - it's up to the user to learn it.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4578
Joined: Mon Jun 08, 2015 12:09 pm

Re: New IP cloud is coming.

Thu Jun 28, 2018 8:34 pm

There isn't a solution to this problem: we can't make a knife that will cut meat but not your fingers. The tool exists - it's up to the user to learn it.
The advantage of a VPN integrated with IP cloud would be that it could also work on routers that are behind NAT, either CGNAT or a local ISP router.
Also, IP cloud appears to be in the "one click solution without too much learning" area so it would never hurt to have such features in it.

Of course I would not use this feature - in fact most of the routers I manage do true routing, not some form of NAT, and are not directly connected
to internet. I can manage them over the "local" network. But I see an opportinity here to add some value.
 
Paternot
Member
Member
Posts: 374
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: New IP cloud is coming.

Thu Jun 28, 2018 9:28 pm

There isn't a solution to this problem: we can't make a knife that will cut meat but not your fingers. The tool exists - it's up to the user to learn it.
The advantage of a VPN integrated with IP cloud would be that it could also work on routers that are behind NAT, either CGNAT or a local ISP router.
Also, IP cloud appears to be in the "one click solution without too much learning" area so it would never hurt to have such features in it.

Of course I would not use this feature - in fact most of the routers I manage do true routing, not some form of NAT, and are not directly connected
to internet. I can manage them over the "local" network. But I see an opportinity here to add some value.
I'd hate to see a solution that used a third part network, besides my own. Also, it's a can of worms: all that GDPR compliance and whatnot. We already have several VPNs to choose from, and OpenVPN is quite NAT friendly. Not the eight wonderful, being TCP, but more than enough to administration purposes.
 
jarda
Forum Guru
Forum Guru
Posts: 7437
Joined: Mon Oct 22, 2012 4:46 pm

Re: New IP cloud is coming.

Thu Jun 28, 2018 9:33 pm

It's necessary just to have public ip and run l2tp tunnels to there from each site in your custody.
 
User avatar
doneware
Trainer
Trainer
Posts: 421
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: New IP cloud is coming.

Tue Jul 03, 2018 3:47 pm

there we are: 6.43rc40

Other changes in this release:

!) cloud - added support for licensed CHR instances (including trial);
#TR0359
 
User avatar
janisk
MikroTik Support
MikroTik Support
Topic Author
Posts: 6248
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: New IP cloud is coming.

Wed Jul 04, 2018 11:33 am

Had to make some limitations for whom IP-Cloud is available on CHR. Now that we can auth your CHR you can have the domain and other goodies that are available and ones that are coming down the pipe.

Who is online

Users browsing this forum: No registered users and 10 guests