Community discussions

MikroTik App
 
User avatar
hosseinkhosh
just joined
Topic Author
Posts: 9
Joined: Sat Nov 21, 2015 10:09 pm

Remote connect to mikrotik behind NAT

Tue May 10, 2016 2:59 pm

Hi
i have a hap mikrotik router
by set firewall rule and port forwarding , i can connect remotely to my mikrotik roter.
( i set DDNS , and know my ip and can connect to it)

now I have new internet ADSL , my new ISP didn't give me valid ip
(my isp have a self NAT , and it give to user private invalid ip)
now i want to remote connect to my mikrotik router and i can't
Please help me how can i do it
thanks
 
User avatar
evince
Member
Member
Posts: 353
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: Remote connect to mikrotik behind NAT

Tue May 10, 2016 5:37 pm

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.
 
User avatar
hosseinkhosh
just joined
Topic Author
Posts: 9
Joined: Sat Nov 21, 2015 10:09 pm

Re: Remote connect to mikrotik behind NAT

Tue May 10, 2016 6:33 pm

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.
Can i use VPN or ppoe client or other service for this problem?
I can't get valid ip, (my ISP can't give valid ip)
But i need to remote connect mikrotik. :(
 
Senux
newbie
Posts: 34
Joined: Wed Jun 30, 2010 6:19 pm

Re: Remote connect to mikrotik behind NAT

Tue May 10, 2016 6:49 pm

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.
Can i use VPN or ppoe client or other service for this problem?
I can't get valid ip, (my ISP can't give valid ip)
But i need to remote connect mikrotik. :(
Of course yes, you can use VPN - Mikrotik connect as client to your server. We expect ISP provider do not block VPN
 
User avatar
hosseinkhosh
just joined
Topic Author
Posts: 9
Joined: Sat Nov 21, 2015 10:09 pm

Re: Remote connect to mikrotik behind NAT

Tue May 10, 2016 9:29 pm

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.
Can i use VPN or ppoe client or other service for this problem?
I can't get valid ip, (my ISP can't give valid ip)
But i need to remote connect mikrotik. :(
Of course yes, you can use VPN - Mikrotik connect as client to your server. We expect ISP provider do not block VPN
Thanks for your response
Please explain how i can use vpn service, to remotely connect to mikrotik
 
User avatar
evince
Member
Member
Posts: 353
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: Remote connect to mikrotik behind NAT

Wed May 11, 2016 9:35 am

Hello, go to PPP, and then add a pptp (or l2tp) client. Configure it to connect to your server using your credentials.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Remote connect to mikrotik behind NAT

Wed May 11, 2016 11:29 am

There also is that "VPN access" checkmark on the startpage, which you can enable and read a
.sn.mynetname.net domainname listed there.

I think it is intended for remote support. I don't see documentation for it, no idea what it is really doing.
 
User avatar
hosseinkhosh
just joined
Topic Author
Posts: 9
Joined: Sat Nov 21, 2015 10:09 pm

Re: Remote connect to mikrotik behind NAT

Wed May 11, 2016 12:44 pm

There also is that "VPN access" checkmark on the startpage, which you can enable and read a
.sn.mynetname.net domainname listed there.

I think it is intended for remote support. I don't see documentation for it, no idea what it is really doing.
No
by my new ISP, I cant to remote connect mikrotik by .sn.mynetname.net
I think its same DDNS and no diffrence been betwin .sn.mynetname.net and DDNS
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Remote connect to mikrotik behind NAT

Wed May 11, 2016 2:59 pm

It is unclear to me what that "VPN access" checkmark on the startpage is doing, maybe someone from MikroTIk
can explain? It is not in the documentation, only the DDNS thing is. But of course that would not be referred to
as "VPN access". I guess it is some thing that they or a dealer can ask a customer to set when they want to look
in a router which has some problem.
 
User avatar
hosseinkhosh
just joined
Topic Author
Posts: 9
Joined: Sat Nov 21, 2015 10:09 pm

Re: Remote connect to mikrotik behind NAT

Wed May 11, 2016 5:03 pm

It is unclear to me what that "VPN access" checkmark on the startpage is doing, maybe someone from MikroTIk
can explain? It is not in the documentation, only the DDNS thing is. But of course that would not be referred to
as "VPN access". I guess it is some thing that they or a dealer can ask a customer to set when they want to look
in a router which has some problem.
look at this carefully
http://forum.mikrotik.com/viewtopic.php?t=85906


""
If your router sits behind NAT and does not get a public IP, then you would never have access to it anyway without the NAT router providing port forwards to you.

The cloud service reports to Mikrotik servers whatever public IP address it comes from. It does nothing to enable services in your mikrotik, just provides DNS name for your router if you have dynamic IP from your provider.
""
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Remote connect to mikrotik behind NAT

Wed May 11, 2016 5:12 pm

That topic is about IP Cloud. The IP Cloud page has a DDNS checkmark and it registers a DNS name for
your router. Fine.

But I am talking about the "VPN Access" checkmark that is on the startpage. What does THAT do? It is not documented.
When it is just an alias for the DDNS checkmark, I think it is badly named and should be renamed "DDNS enable".

I think it does setup some VPN to somewhere which enables callback using the name also given as the DDNS name,
but I have no idea how. Maybe should trace the network traffic to see what is going on.
 
User avatar
hosseinkhosh
just joined
Topic Author
Posts: 9
Joined: Sat Nov 21, 2015 10:09 pm

Re: Remote connect to mikrotik behind NAT

Wed May 11, 2016 5:21 pm

That topic is about IP Cloud. The IP Cloud page has a DDNS checkmark and it registers a DNS name for
your router. Fine.

But I am talking about the "VPN Access" checkmark that is on the startpage. What does THAT do? It is not documented.
When it is just an alias for the DDNS checkmark, I think it is badly named and should be renamed "DDNS enable".

I think it does setup some VPN to somewhere which enables callback using the name also given as the DDNS name,
but I have no idea how. Maybe should trace the network traffic to see what is going on.
now see this page
http://serverfault.com/questions/725034 ... -public-ip



can you explain ,
"
You can create an outgoing SSTP tunnel which works using SSL/TLS over port 443 (so it shouldn't be blocked) to connect to another SSTP server outside the network.

Then you can access the router with the IP assigned on the SSTP interface
"
how can i do it ?
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Wed May 11, 2016 5:57 pm

You need to have an outer device with public ip and enough bandwidth for it. Do you have such?
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: Remote connect to mikrotik behind NAT

Wed May 11, 2016 5:59 pm

You can read that in the manual. The procedures for setting up all kinds of VPN on the MikroTik routers are quite simple.
But of course you need another router that is on a public accessible static IP to do that.
That is why I wonder if this "VPN Access" just does a pre-configured VPN to some fixed service.
 
khaloudy
Frequent Visitor
Frequent Visitor
Posts: 92
Joined: Mon Jun 29, 2009 6:12 am

Re: Remote connect to mikrotik behind NAT

Thu Oct 03, 2019 9:38 pm

its too easy
1- active dmz in the nat on your isp modem to wan ip on mikrotik
2- disable firewall on isp router
3- add line as the sam you see on Access Management >> ACL >> Lan but add other one as WAN on ISP rourer
Done
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1120
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Remote connect to mikrotik behind NAT

Fri Oct 04, 2019 11:19 am

its too easy
1- active dmz in the nat on your isp modem to wan ip on mikrotik
2- disable firewall on isp router
3- add line as the sam you see on Access Management >> ACL >> Lan but add other one as WAN on ISP rourer
Done
Nothing says that the carrier isn't doing NAT though so it's not "too easy". If it was that easy this would be solved already.

@OP
You can create a free AWS CHR instance which is free to use forever. Get this running and a good firewall in place and then create a VPN server. Connect your router behind NAT to this VPN server and then you can VPN into your AWS-CHR and get access to your MikroTIk,

I have done this for a few people I have done work for and it works brilliantly.
 
simonefil
newbie
Posts: 42
Joined: Tue Apr 13, 2021 9:22 pm
Location: Bergamo - Italy
Contact:

Re: Remote connect to mikrotik behind NAT

Sat May 15, 2021 6:22 pm

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.
Can i use VPN or ppoe client or other service for this problem?
I can't get valid ip, (my ISP can't give valid ip)
But i need to remote connect mikrotik. :(
Of course yes, you can use VPN - Mikrotik connect as client to your server. We expect ISP provider do not block VPN
Hello.
Forgive me if I take this thread so old, but I also have the same problem. I created a PPTP tunnel between my main routerboard with static IP issued by my ISP and a 4G routerboard under NAT.
The tunnel works perfectly, the packets of the "client" routerboard come out through the static Public IP of the "master" routerboard which is good, but from the PCs connected to the LAN bridge of the "master" routerboard I cannot reach the "client" routerboard not even with the "ping" command. Pinging the client routerboard by the master routerboard I reach it perfectly. I don't even see the IP of the PPTP interface in the ARP table of the master rb.
I do not understand why. Can you give me some indication about it?
I tried to be very concise. Here you can find the diagram of my network and the precise configuration viewtopic.php?f=2&t=175284&p=857491#p857491
Thank you very much for the help you can give me

Who is online

Users browsing this forum: gigabyte091, gkoleff, outtahere and 52 guests