Community discussions

 
charliecrash
just joined
Topic Author
Posts: 21
Joined: Tue Nov 13, 2018 4:04 pm
Location: Sweden

Easiest way to access router in app through WAN?

Thu Nov 07, 2019 10:20 am

It would be fantastic if there was some sort of dyndns pairing to do when I am logged in to the router on my WiFi - or some other trick. I need to access the router in the app, outside the home network. How do I do that? Is it the romon agent that is the secret?
Things to know:
# I have a dynamic IP
# More than one user needs access
# I do have a one.com domain if that's of any use to solve the problem.
# I also have a local server. (Win10 machine)
# The router should still be protected.

Thankful for any help.
 
anav
Forum Guru
Forum Guru
Posts: 3100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Easiest way to access router in app through WAN?

Thu Nov 07, 2019 8:53 pm

Access to servers on the network is WAY WAY different from access to the router itself to manage the router.

For the latter I use IKEv2 to VPN to the router and then (from smart phone for example use MT app)
For the former you should have methods to allow users to access servers that require authentication to the server (HTTPS).

DYDNS method is common to identify the correct WANIP for users to access the network. I believe MT has their own DYNDNS type cloud service that could be used for this but not sure??
Some firewall rules will be required to make filter/dstnat/srcnat
If you can limit the WANIPs external (users) that need access via firewall address list even better.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
charliecrash
just joined
Topic Author
Posts: 21
Joined: Tue Nov 13, 2018 4:04 pm
Location: Sweden

Re: Easiest way to access router in app through WAN?

Thu Nov 07, 2019 9:22 pm

Thanks for a swift reply.

About the local server, was my hopes that som sort of client could ping the app to report what the inbound wan IP is at the moment (not sure of the correct names of everything) and make a tunnel for the app in the firewall. That would keep it pretty secure and not leave any doors wide open for evil traffic.

Or if this method exists to be installed on a domain somehow.

I think Ubiquity is doing this. Atleast I have their client and can access my WiFi units far away from home. Haven't thought of if I can log in to my routerboard through them, but I think not.

But Im still very curious what can be done with the romon agent. It's present in the app too.
Last edited by charliecrash on Thu Nov 07, 2019 9:29 pm, edited 1 time in total.
 
anav
Forum Guru
Forum Guru
Posts: 3100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Easiest way to access router in app through WAN?

Thu Nov 07, 2019 9:29 pm

What you do is give your users a domain name or URL to use.
Charlieshomelan.com for example.

A company that provides dyndns names can associated that name above with your WANIP address.
If the WANIP address is dynamic you can put a script into the router that keeps the IP address accurate.

Also should have noted that if you are going to have a server on the LAN put it on its own vlan with only access to the internet permitted.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
charliecrash
just joined
Topic Author
Posts: 21
Joined: Tue Nov 13, 2018 4:04 pm
Location: Sweden

Re: Easiest way to access router in app through WAN?

Thu Nov 07, 2019 9:50 pm

Hmm. Maybe I'm over-complicating things. How would average Joe do it?

Say I make two narrow firewall rules for app-traffic in and out. (If I knew how)
If I know my networks current wan ip from some other app talking to my system, how do I write the physical adress with ip and username in the app login? Is it like this example: admin@123.123.123.123/4567 ?
 
anav
Forum Guru
Forum Guru
Posts: 3100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Easiest way to access router in app through WAN?

Fri Nov 08, 2019 6:09 am

Your request is getting more confusing not clearer.
Are you referring to a server on your network when you say app?
Or
Are you referring to a client software residing on a PC or smart phone and how that client software would talk to a server on your network?

What is it that you are trying to accomplish without any talk of network equipment or configurations??

As far as I know there is no way for the app to be able to ping your WANIP without knowing its WANIP................... so the question seems pointless?
That is why people use dyndns name - and a script on the router in case the WANIP is dynamic.
In this way the dyndns name always has the correct WANIP available.
User or client software does not have to ping anything and they only have to enter in the URL Charlieserver.net for ex.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
charliecrash
just joined
Topic Author
Posts: 21
Joined: Tue Nov 13, 2018 4:04 pm
Location: Sweden

Re: Easiest way to access router in app through WAN?

Fri Nov 08, 2019 10:31 am

Ok, I'm sorry, I am a bit confused.

My goal is to use the Mikrotik Android app to access my mikrotik routerboard.

I also have a pair of Unify AP's connected to the routerboard which I can reach from a different android app, and they have their own controller software, (with some sort of dyndns against ubiquity I suppose) that is running on my local windows server. If the server is down, I cannot reach the AP's.

I hoped there was some way to use the information manually from the unify app to log in to the routerboard, but that is probably more hassle than fun...

So, I guess I need to have a second dyndns program always running on my local server to have a physical address that is my dynamic IP.

From there to create the firewall rules, and the login, I am lost.
 
mkx
Forum Guru
Forum Guru
Posts: 3177
Joined: Thu Mar 03, 2016 10:23 pm

Re: Easiest way to access router in app through WAN?

Fri Nov 08, 2019 11:14 am

There's dynDNS function built into ROS, you can find it under /ip clud.

When enabled, it creates a DNS entry in form <serialnumber>.sn.myname.net and you can use that DNS name to access your WAN (whether that's router itself or some internal service such as ubnt controller software it's up to router configuration).
You can enable the functionality by setting /ip cloud ddns-enabled=yes. If you check the status of "cloud", you will get the FQDN name assigned to router/WAN.
BR,
Metod
 
anav
Forum Guru
Forum Guru
Posts: 3100
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Easiest way to access router in app through WAN?

Fri Nov 08, 2019 3:50 pm

Even better (no cost) but its the security aspect of what you are trying to do that has me concerned.
If you are trying to reach the router and not the devices behind the router a VPN is a must.
If you are trying to reach devices behind the router a VPN is recommended (not as good but there is port knocking as well) but not friendly for a bunch of users.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
pe1chl
Forum Guru
Forum Guru
Posts: 5913
Joined: Mon Jun 08, 2015 12:09 pm

Re: Easiest way to access router in app through WAN?

Fri Nov 08, 2019 3:54 pm

Also, make sure you enable the VPN found on the quick set page and use that to access the router.
(make a corresponding VPN entry in your phone and connect that first when you want to connect)
Do NOT open the winbox port directly to the internet!!!

Who is online

Users browsing this forum: No registered users and 34 guests