Community discussions

 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Mikrotik cloud remote access

Mon May 21, 2018 3:47 pm

Hi guys

I have configured a Mik WAP LTE to run in my car with a Vodacom SIM card and 2 x SSID’s

1. Private - private use in the car for the family
2. Free WiFi - public wifi that people outside my car can use when I’m parked. I have configured a hotspot for this.

Both are working perfectly.

Now I am trying to access the Mik in my car from my office.

I have already configured the cloud setting by enabling DDNS.
I have configured the firewall to accept requests from port 8921.

I cannot connect remotely to my device in the car using winbox and the DDNS address I got from cloud.
It appears the ip addresses are the problem but I don’t understand what to do next.

Any help will be much appreciated. I am a beginner user.
4 wheels move the body... 2 wheels move the soul...
 
atlanticd
newbie
Posts: 29
Joined: Thu Jun 11, 2015 6:42 pm

Re: Mikrotik cloud remote access

Mon May 21, 2018 4:51 pm

Please change the firewall rule from 8921 to 8291. Alternatively change the Winbox service port to 8921 in IP/Services and leave your current firewall rule.
 
solar77
Member
Member
Posts: 437
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Mikrotik cloud remote access

Mon May 21, 2018 4:54 pm

in addition to the port issue: for most 4G connection, you are either behind a NAT or any incoming connection (originated from the WAN) is blocked.
you can tell if you use uplookup and then check against what you get on the LTE interface, if they are different. you are behind NAT.

you either need a static IP
or dial VPN from car Mikroitk to your office, and then you can access the car Mikroitk on the remote IP of the VPN tunnel.
MTCNA MTCTCE UEWA
 
User avatar
jspool
Member
Member
Posts: 396
Joined: Sun Oct 04, 2009 4:06 am
Location: Oregon

Re: Mikrotik cloud remote access

Mon May 21, 2018 5:24 pm

Most LTE connections give you an IP in the 100.64.0.0/10 range. This is actually a non public IP that is used with CGNAT. As already stated the only way this typically works is if your device is setup with a VPN client that connects to a VPN server that has a publicly accessible IP address.
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 10:17 am

Please change the firewall rule from 8921 to 8291. Alternatively change the Winbox service port to 8921 in IP/Services and leave your current firewall rule.
Thank you. I did double check and it was a typo on my behalf.
4 wheels move the body... 2 wheels move the soul...
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 10:19 am

in addition to the port issue: for most 4G connection, you are either behind a NAT or any incoming connection (originated from the WAN) is blocked.
you can tell if you use uplookup and then check against what you get on the LTE interface, if they are different. you are behind NAT.

you either need a static IP
or dial VPN from car Mikroitk to your office, and then you can access the car Mikroitk on the remote IP of the VPN tunnel.
Ok, I am behind NAT. I will attempt what you have suggested.
4 wheels move the body... 2 wheels move the soul...
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 11:57 am

Most LTE connections give you an IP in the 100.64.0.0/10 range. This is actually a non public IP that is used with CGNAT. As already stated the only way this typically works is if your device is setup with a VPN client that connects to a VPN server that has a publicly accessible IP address.
Thank you. Is there documentation specifically for my solution that you can point me to? When googling, I am overwhelmed with all the different solutions presented. I'm not sure which solution to follow.
4 wheels move the body... 2 wheels move the soul...
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 2:30 pm

IMG_0372.jpg
The diagram shows what I'm trying to achieve.

If access from all devices is going to cause an issue, I would like an option to work where I can at least get access from my office network. In this case, I am connected to the internet via an adsl modem (AZTECH) and the IP address I get from my ISP is dynamic.

I want to connect to the Car Mikrotik from my office PC via Winbox in order to change configurations in the Car Mikrotik...
You do not have the required permissions to view the files attached to this post.
Last edited by RussellRSA on Tue May 22, 2018 2:35 pm, edited 1 time in total.
4 wheels move the body... 2 wheels move the soul...
 
solar77
Member
Member
Posts: 437
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Mikrotik cloud remote access

Tue May 22, 2018 2:31 pm

semi detailed steps:
1. set up VPN from car Mikroitk to your office. make sure it's connected. but add without "Add Default route option" . many simple tutorial online and wiki can help you. try this PPTP VPN
https://mikrotik.com/testdocs/ros/3.0/vpn/pptp.php
(asuming your office router accept this type of VPN, otherwise use whatever is available)

2. once connected. you will get a IP address on the VPN tunnel connection. On the car Mikrotik, check the status of your VPN inerface, It is the Local address. in my set up, it is 192.168.89.9
2a: without Adding default route option, you need to add static route. For example
add distance=1 dst-address=192.168.2.0/24 gateway=192.168.89.1
where 192.168.2.0/24 should be changed to the ip range of your office network, 192.168.89.1 should be changed to the remote address of your VPN connection.

3, you should be able to ping any IP on the office network, and from a office PC, you should be able to ping the Local address. in my case, office PC canping 192.168.89.9.
(if office router is also Mikroitk, you need to masquerade VPN network range as well)

4. finally, accept port 8291 on input chain of your car Mikroitk, you should be able to winbox into it from the office.

PS: it is the office router that gives you the VPN address and typically it will be in the same range as the office LAN IP. but not always, in my case, the office network is 192.168.2.0/24 but the VPN network in office is 192.168.89.0/24
MTCNA MTCTCE UEWA
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 2:38 pm

semi detailed steps:
1. set up VPN from car Mikroitk to your office. make sure it's connected. but add without "Add Default route option" . many simple tutorial online and wiki can help you. try this PPTP VPN
https://mikrotik.com/testdocs/ros/3.0/vpn/pptp.php
(asuming your office router accept this type of VPN, otherwise use whatever is available)

2. once connected. you will get a IP address on the VPN tunnel connection. On the car Mikrotik, check the status of your VPN inerface, It is the Local address. in my set up, it is 192.168.89.9
2a: without Adding default route option, you need to add static route. For example
add distance=1 dst-address=192.168.2.0/24 gateway=192.168.89.1
where 192.168.2.0/24 should be changed to the ip range of your office network, 192.168.89.1 should be changed to the remote address of your VPN connection.

3, you should be able to ping any IP on the office network, and from a office PC, you should be able to ping the Local address. in my case, office PC canping 192.168.89.9.
(if office router is also Mikroitk, you need to masquerade VPN network range as well)

4. finally, accept port 8291 on input chain of your car Mikroitk, you should be able to winbox into it from the office.

PS: it is the office router that gives you the VPN address and typically it will be in the same range as the office LAN IP. but not always, in my case, the office network is 192.168.2.0/24 but the VPN network in office is 192.168.89.0/24
WOW! What an amazing effort to help me thank you very much. I'll get started now and see what happens.
4 wheels move the body... 2 wheels move the soul...
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 3:22 pm

semi detailed steps:
1. set up VPN from car Mikroitk to your office. make sure it's connected. but add without "Add Default route option" . many simple tutorial online and wiki can help you. try this PPTP VPN
https://mikrotik.com/testdocs/ros/3.0/vpn/pptp.php
(asuming your office router accept this type of VPN, otherwise use whatever is available)

2. once connected. you will get a IP address on the VPN tunnel connection. On the car Mikrotik, check the status of your VPN inerface, It is the Local address. in my set up, it is 192.168.89.9
2a: without Adding default route option, you need to add static route. For example
add distance=1 dst-address=192.168.2.0/24 gateway=192.168.89.1
where 192.168.2.0/24 should be changed to the ip range of your office network, 192.168.89.1 should be changed to the remote address of your VPN connection.

3, you should be able to ping any IP on the office network, and from a office PC, you should be able to ping the Local address. in my case, office PC canping 192.168.89.9.
(if office router is also Mikroitk, you need to masquerade VPN network range as well)

4. finally, accept port 8291 on input chain of your car Mikroitk, you should be able to winbox into it from the office.

PS: it is the office router that gives you the VPN address and typically it will be in the same range as the office LAN IP. but not always, in my case, the office network is 192.168.2.0/24 but the VPN network in office is 192.168.89.0/24
WOW! What an amazing effort to help me thank you very much. I'll get started now and see what happens.
I am unable to follow the instructions you gave me. There are too many things I don't understand.
Do you have an hourly rate? Perhaps I could give you teamviewer access to my network and you help me?
4 wheels move the body... 2 wheels move the soul...
 
solar77
Member
Member
Posts: 437
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Mikrotik cloud remote access

Tue May 22, 2018 4:21 pm

I am happy to take a look for you if you already have VPN details to the office network etc. (this would be public IP of your office network, vpn type, vpn username and password) obviously don't post it here. PM me with teamviewer details.
consider this as a good deed.

however I am restricted by how much time I can spent so for more complicated setups, I can recommend https://ip-pro.eu/en/contact-us
he is my trainer.
MTCNA MTCTCE UEWA
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1439
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 4:58 pm

@Solar77, how do you PM on this forum?

@RussellRSA, I am also in good old RSA, give me a shout if need assistance
MTCNA, MTCTCE, MTCRE & MTCINE
 
solar77
Member
Member
Posts: 437
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Mikrotik cloud remote access

Tue May 22, 2018 6:12 pm

@CZfan

just checked and I am not sure...something I'd consider a standard feature but never actually used.
MTCNA MTCTCE UEWA
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 6:32 pm

@Solar77, how do you PM on this forum?

@RussellRSA, I am also in good old RSA, give me a shout if need assistance
@Solar77 - I just thought I didn't know how to find the PM lol...

@CZF - that's amazing thanks... you aren't by any chance in CT?
4 wheels move the body... 2 wheels move the soul...
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1439
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 7:08 pm

...
@CZF - that's amazing thanks... you aren't by any chance in CT?
I wish, northern part of JHB
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 9:39 pm

...
@CZF - that's amazing thanks... you aren't by any chance in CT?
I wish, northern part of JHB
I moved down to CT a few years ago from Pretoria.

Do you have a working solution for my problem?

This is where my research, sparked by the help of @Solar77, has got me so far:

1) I have signed up with vultr.com for a cloud instance
2) I have connected my Mikrotik LTE to the service and it is running
3) I’m trying to figure the rest out whilst keeping my wits about me :-)
4 wheels move the body... 2 wheels move the soul...
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1439
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 9:52 pm

One way of doing this is use dynamic DNS on your office router/modem, then use the WAP in the car to connect to the office via site to site VPN, then you should be able to access the WAP from office via this site to site VPN tunnel.

EDIT: Apologies, just noticed that is exactly what Solar77 suggested, and should work. If you want, you can contact me via skype ( see my profile) and we can take from there
Last edited by CZFan on Tue May 22, 2018 9:56 pm, edited 1 time in total.
MTCNA, MTCTCE, MTCRE & MTCINE
 
solar77
Member
Member
Posts: 437
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Mikrotik cloud remote access

Tue May 22, 2018 9:55 pm

provided VPN server is already been set up on your office network (if not, provide the type of router ,then remote access by teamviewer should be able to set this up)
after that, all you need to provide are
public IP of your office network,or DDNS
vpn user /pass

config on the car mikroitk won't take long.

PS: just wondering, why do you need access to the car Mikroitk? just to check status of your hotspot users?
for all these work above, you could just use a Unifi Access Point, even a entry level one, then all cloud access is taken care for you by the Unifi controller which is free.
an UAP AC Lite or AC Mesh will do the job nicely or a basic UAP at £48.98 exc. VAT which only gives you 2.4GHz wifi but should be enough for what you need.
MTCNA MTCTCE UEWA
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1439
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 10:04 pm

...
for all these work above, you could just use a Unifi Access Point, even a entry level one, then all cloud access is taken care for you by the Unifi controller which is free.
an UAP AC Lite or AC Mesh will do the job nicely or a basic UAP at £48.98 exc. VAT which only gives you 2.4GHz wifi but should be enough for what you need.

Can you power the above from car battery, i.e. lighter socket?
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1439
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 10:16 pm

...
PS: just wondering, why do you need access to the car Mikroitk? just to check status of your hotspot users?
...

I think it is a "Party Bus" and not his car, and he wants to access some cameras in bus remotely... :lol:
MTCNA, MTCTCE, MTCRE & MTCINE
 
solar77
Member
Member
Posts: 437
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Mikrotik cloud remote access

Tue May 22, 2018 10:44 pm

oh well, party bus sounds good.

power hopefully is not an issue if it is a bus. event the USP mesh is only 8.5 W but normally it would run at 3.5-4 W. 24V POE or 802.3af .

8w is nothing when there is already cameras, laser lights, Hi-Fi systems etc. Sorry if I am not thinking about the right kind of bus... :-)

Cameras these days would have cloud management anyway...
MTCNA MTCTCE UEWA
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 10:49 pm

...
PS: just wondering, why do you need access to the car Mikroitk? just to check status of your hotspot users?
...

I think it is a "Party Bus" and not his car, and he wants to access some cameras in bus remotely... :lol:
Yeah man... stripper limousine services. Only like you get them in JHB tho😂
4 wheels move the body... 2 wheels move the soul...
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 11:44 pm

@CZfan

just checked and I am not sure...something I'd consider a standard feature but never actually used.
3A4C3917-EE00-4C59-A6FF-F019FE13619F.jpeg
You do not have the required permissions to view the files attached to this post.
4 wheels move the body... 2 wheels move the soul...
 
User avatar
RussellRSA
just joined
Topic Author
Posts: 13
Joined: Mon May 21, 2018 2:49 pm
Location: Cape Town
Contact:

Re: Mikrotik cloud remote access

Tue May 22, 2018 11:50 pm

oh well, party bus sounds good.

power hopefully is not an issue if it is a bus. event the USP mesh is only 8.5 W but normally it would run at 3.5-4 W. 24V POE or 802.3af .

8w is nothing when there is already cameras, laser lights, Hi-Fi systems etc. Sorry if I am not thinking about the right kind of bus... :-)

Cameras these days would have cloud management anyway...
Ok we are definitely moving away from the topic here lol.

I’m not sure how you can be comparing the ubiquiti units to the lte Mikrotik?
4 wheels move the body... 2 wheels move the soul...

Who is online

Users browsing this forum: No registered users and 27 guests