Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Remote Access to dyndns

Locked
 
kneuzgi
just joined
Topic Author
Posts: 23
Joined: Thu Mar 13, 2014 10:33 am

Remote Access to dyndns

Fri May 06, 2016 9:38 am

Hi

I'm having a webcam within my mikrotik LAN. Webcam is working fine but I'm not able
to use within my network the dnyndsn address for connecting ...

From Internal LAN:
connecting to these via internal IP adresse it's working fine
connecting to these via extenal IP (dyndns) it doesn't work

From external / Internet:
connecting to these via extenal IP (dyndns) it's working fine

What do I need to do that I'm able to connect also from internal LAN
webcam using my dyndns?


Thanks

Kind Regards

Michel


My config ...

[admin@KMikroTik] > export
# may/06/2016 08:25:50 by RouterOS 6.35.1
# software id = 3G1U-3LR6
#
/interface bridge
add admin-mac=XXXXXXXX auto-mac=no mtu=1500 name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC country=XXXXXXXX disabled=no distance=indoors

frequency=2462 mode=ap-bridge ssid=XXXXXXXX wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether6 ] name=ether6-master-local
set [ find default-name=ether7 ] master-port=ether6-master-local name=ether7-slave-local
set [ find default-name=ether8 ] master-port=ether6-master-local name=ether8-slave-local
set [ find default-name=ether9 ] master-port=ether6-master-local name=ether9-slave-local
set [ find default-name=ether10 ] master-port=ether6-master-local name=ether10-slave-local
set [ find default-name=sfp1 ] name=sfp1-gateway speed=100Mbps
/ip neighbor discovery
set wlan1 discover=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-

shared-key=XXXXXXXX wpa2-pre-shared-key=XXXXXXXX
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=XXXXXXXXGUEST supplicant-

identity="" wpa2-pre-shared-key=XXXXXXXX
/interface wireless
add disabled=no mac-address=XXXXXXXX master-interface=wlan1 name=ap-guest security-profile=XXXXXXXXGUEST ssid=XXXXXXXXGUEST wds-

cost-range=0 wds-default-cost=0
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,3des pfs-group=none
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.99
add name=l2tp-pool ranges=192.168.77.101-192.168.77.111
add name=dhcp_pool1 ranges=192.168.77.100-192.168.77.111
add name=vpn ranges=192.168.89.2-192.168.89.255
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge-local lease-time=5d name=default
add address-pool=dhcp_pool1 disabled=no interface=ap-guest lease-time=1d name=dhcp1
/ppp profile
set *FFFFFFFE local-address=192.168.89.1 remote-address=vpn
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=wlan1
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=XXXXXXXX max-mru=1460 max-mtu=1460 use-ipsec=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.88.1/24 comment="Local LAN" interface=ether2 network=192.168.88.0
add address=192.168.99.1/24 comment="Child protected LAN" interface=ether2 network=192.168.99.0
add address=192.168.77.1/24 interface=XXXXXXXXGUEST network=192.168.77.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=sfp1-gateway
/ip dhcp-server lease
add address=192.168.88.100 comment=Camera mac-address=XXXXXXXX
/ip dhcp-server network
add address=192.168.77.0/24 gateway=192.168.77.1
add address=192.168.88.0/24 dns-server=192.168.88.1,8.8.8.8 domain=kneuzgi.local gateway=192.168.88.1 netmask=24
add address=192.168.99.0/24 dns-server=208.67.222.123,208.67.220.123 domain=XXXXXXXX gateway=192.168.99.1 netmask=24
/ip dns
set allow-remote-requests=yes cache-max-ttl=2d
/ip dns static
add address=192.168.99.1 name=router
add address=192.168.88.1 name=mikrotik.local
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=log chain=input comment="VPN Log" connection-state=new dst-port=500,1701,4500 in-interface=ether1-gateway protocol=udp
add chain=input comment=VPN connection-state=new dst-port=500,1701,4500 in-interface=ether1-gateway protocol=udp
add chain=forward comment="input XXXXXXXX" dst-address=192.168.88.100 dst-port=88 in-interface=ether1-gateway protocol=tcp
add chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=sfp1-gateway
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add action=drop chain=input dst-address=192.168.77.0/24 src-address=192.168.88.0/24
add action=drop chain=input dst-address=192.168.88.0/24 src-address=192.168.77.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-gateway
add action=masquerade chain=srcnat comment="default configuration" out-interface=sfp1-gateway
add action=masquerade chain=srcnat out-interface=ether1-gateway src-address=192.168.77.0/24
add action=dst-nat chain=dstnat comment="XXXXXXXX.dyndns.org input XXXXXXXX" dst-port=XXXXXXXX in-interface=ether1-gateway

protocol=tcp to-addresses=192.168.88.100 to-ports=XXXXXXXX
add action=dst-nat chain=dstnat comment=Hairpin_NAT dst-port=XXXXXXXX protocol=tcp to-addresses=192.168.88.101 to-ports=XXXXXXXX
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1
/ip service
set telnet address=0.0.0.0/0
set ftp address=0.0.0.0/0
set www address=0.0.0.0/0
set ssh address=0.0.0.0/0
set api disabled=yes
set winbox address=0.0.0.0/0
/lcd
set backlight-timeout=5m read-only-mode=yes time-interval=daily
/lcd interface pages
set 0 interfaces=sfp1-gateway,ether1-gateway,ether2,ether3,ether4,ether5,ether6-master-local,ether7-slave-local,ether8-slave-

local,ether9-slave-local,ether10-slave-local
/ppp secret
add name=vpn password=XXXXXXXX
/system clock
set time-zone-autodetect=no time-zone-name=Europe/Zurich
/system identity
set name=Kneuzgi_MikroTik
/system ntp client
set enabled=yes primary-ntp=37.59.115.231 secondary-ntp=85.10.246.226
/system scheduler
add interval=1m name=DynDns on-event=DynDns policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=startup
/system script
add name=DynDns owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive source=":global ddnsuser \"mkneubue

\"\r\
\n:global ddnspass \"XXXXXXXX\"\r\
\n:global theinterface \"ether1-gateway\"\r\
\n:global ddnshost XXXXXXXX.dyndns.org\r\
\n:global ipddns [:resolve \$ddnshost];\r\
\n:global ipfresh [ /ip address get [/ip address find interface=\$theinterface ] address ]\r\
\n:if ([ :typeof \$ipfresh ] = nil ) do={\r\
\n :log info (\"DynDNS: No ip address on \$theinterface .\")\r\
\n} else={\r\
\n :for i from=( [:len \$ipfresh] - 1) to=0 do={ \r\
\n :if ( [:pick \$ipfresh \$i] = \"/\") do={ \r\
\n :set ipfresh [:pick \$ipfresh 0 \$i];\r\
\n } \r\
\n}\r\
\n \r\
\n:if (\$ipddns != \$ipfresh) do={\r\
\n :log info (\"DynDNS: IP-DynDNS = \$ipddns\")\r\
\n :log info (\"DynDNS: IP-Fresh = \$ipfresh\")\r\
\n :log info \"DynDNS: Update IP needed, Sending UPDATE...!\"\r\
\n :global str \"/nic/update\\\?hostname=\$ddnshost&myip=\$ipfresh&wildcard=NOCHG&mx=NOCHG&backmx=NOCHG\"\r\
\n /tool fetch address=members.dyndns.org src-path=\$str mode=http user=\$ddnsuser \\\r\
\n password=\$ddnspass dst-path=(\"/DynDNS.\".\$ddnshost)\r\
\n :delay 1\r\
\n :global str [/file find name=\"DynDNS.\$ddnshost\"];\r\
\n /file remove \$str\r\
\n :global ipddns \$ipfresh\r\
\n :log info \"DynDNS: IP updated to \$ipfresh!\"\r\
\n } else={\r\
\n :log info \"DynDNS: dont need changes\";\r\
\n }\r\
\n} "
/tool graphing interface
add
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=wlan1
add interface=bridge-local
[admin@MikroTik] >
Top
Locked

Who is online

Users browsing this forum: Bing [Bot] and 21 guests
  4. RouterOS
  5. Beginner Basics