Community discussions

MikroTik App
 
tryuys
just joined
Topic Author
Posts: 17
Joined: Wed Apr 03, 2019 9:31 pm

VPN accesspoint/gateway ? connect to remote location and Mikrotik after NAT

Thu Jun 10, 2021 11:13 pm

Hello,

A. At the beginning I would like to establish some things - I know that some ISPs can block some traffic, and make the problems on their edge routers / gateways which they are giving to clients when there is need to pass vpn traffic, but please, to that topic needs, please assume that we don't have similar problems.
B. Please assume that on remote routers/gateways there is no any VPN client possibility on the device. So, that are ultra stupid devices like totolink chinese boxes.
C. I rather would like to name Mikrotik device as a VPN gateway, I am not sure, if I mean correctly?

I have some locations where is public WAN IP, even stable one.
But... there is any chinese stupid routers/ISPgateways only with port forwarding on edge of remote network and I cannot push remote admin to change these devices. Or I don't want, as everything is working.

I would like to have possibility to have preconfigured mapLite device (L4 license) in pocket - for example - map Lite [https://mikrotik.com/product/RBmAPL-2nD ] which I could send to remote location and ask their remote admin to make reservation on his DHCP server for IP of mikrotik, and make the port forwarding to pass OpenVPN for example. Example [WAN IP]178.100.1.1:1194 > 192.168.1.2:1194 [mikrotik]

Would it be possible to connect this way? I do not need any special discovery services, as I need to keep existing network configuration in remote location.

So, for example, my parents house, they have internet from any ISP with public WAN IP address. They have router/gateway from ISP which allows VPN traffic and portforwarding.
But I want to connect only to one RDP host, which LAN IP address I know and that address could also be fixed and unchangeable in time.
So, at remote side we need to make portforwarding on their router/gateway, and connect the mikrotik to LAN.

When I connect to the VPN server hosted on Mikrotik I don't see any network hosts connected to the ISP router, as the Mikrotik is only the next ethernet device connected as DHCP client to that ISP router/gateway. There is no any service discovery (I assume here, that in simple configruation that is not needed to scan whole remote network).

But from my local computer, where I have connected OpenVPN in TAP mode I can call through the RDP client local address from the remote network - for example 192.168.1.123.

SO, in points, to make some clearence - what I guess - that I want to do.

1. Disabling dhcp server on mapLite, enabling OpenVPN server, configruing it.
2. Maybe here is need to set any static routes on mapLite? To give mikrotik instructions where in LAN at parents house are gateways and DNS server?
3. Enabling dhcp client on ethernet interface in mapLite
4. Put the mapLite to any ethernet port on remote router
5. set the ip reservation on remote router/gwa
6, Connect from PC to OpenVPN tunnel created in step 1. and go to the desired host in remote LAN - etc RDP:192.168.1.123
7. Maybe here is need to have static route on local PC? That route which will ask my Windows workstation to connect 192.168.1.123 from remote LAN through the OpenVPN TAP virtual adapter.
8. Or maybe would be sufficient DNS requests forwarded to the OpenVPN TAP device?

If that is possible?
Any help would be very appreciated.

Thank you in advance !
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19101
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VPN accesspoint/gateway ? connect to remote location and Mikrotik after NAT

Fri Jun 11, 2021 7:24 pm

Suggesting that wireguard VPN is the way to go.
Using beta6 firmware I am able to connect devices if the edge router is my own (MIKROTIK) or the ISPs router (ONLY CAN PORT FORWARD).
Works great, easy to implement.
The only thing is to wait for wireguard to move out of beta.
WHich is taking far too long!!!!
 
tryuys
just joined
Topic Author
Posts: 17
Joined: Wed Apr 03, 2019 9:31 pm

Re: VPN accesspoint/gateway ? connect to remote location and Mikrotik after NAT

Sun Jun 13, 2021 10:37 pm

yep, thats very interesting topic, as that is based on VPN client architecture I suppose?
So, the Mikrotik in that case would connect to Wireguard VPN server anywhere on the world?
If yes - that is my next project, but without Wireguard, - based on my VPN hub in Azure. I am thinking and dreaming about doing it from many years...


Anyway,I wouldn't use beta versions. What I have read before, there is no fixed time to deliver stable version of official firmware.
If my thinking listed above is correct? I know that this is many unneded steps, which could be made simpler....

Who is online

Users browsing this forum: AtomikRoach and 50 guests