MikroTik

Hi
i have a hap mikrotik router
by set firewall rule and port forwarding , i can connect remotely to my mikrotik roter.
( i set DDNS , and know my ip and can connect to it)

now I have new internet ADSL , my new ISP didn't give me valid ip
(my isp have a self NAT , and it give to user private invalid ip)
now i want to remote connect to my mikrotik router and i can't
Please help me how can i do it
thanks

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.

Can i use VPN or ppoe client or other service for this problem?
I can't get valid ip, (my ISP can't give valid ip)
But i need to remote connect mikrotik.

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.

Can i use VPN or ppoe client or other service for this problem?
I can't get valid ip, (my ISP can't give valid ip)
But i need to remote connect mikrotik.

Of course yes, you can use VPN - Mikrotik connect as client to your server. We expect ISP provider do not block VPN

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.

Can i use VPN or ppoe client or other service for this problem?
I can't get valid ip, (my ISP can't give valid ip)
But i need to remote connect mikrotik.

Of course yes, you can use VPN - Mikrotik connect as client to your server. We expect ISP provider do not block VPN

Thanks for your response
Please explain how i can use vpn service, to remotely connect to mikrotik

Hello, go to PPP, and then add a pptp (or l2tp) client. Configure it to connect to your server using your credentials.

There also is that "VPN access" checkmark on the startpage, which you can enable and read a
.sn.mynetname.net domainname listed there.

I think it is intended for remote support. I don't see documentation for it, no idea what it is really doing.

There also is that "VPN access" checkmark on the startpage, which you can enable and read a
.sn.mynetname.net domainname listed there.

I think it is intended for remote support. I don't see documentation for it, no idea what it is really doing.

No
by my new ISP, I cant to remote connect mikrotik by .sn.mynetname.net
I think its same DDNS and no diffrence been betwin .sn.mynetname.net and DDNS

It is unclear to me what that "VPN access" checkmark on the startpage is doing, maybe someone from MikroTIk
can explain? It is not in the documentation, only the DDNS thing is. But of course that would not be referred to
as "VPN access". I guess it is some thing that they or a dealer can ask a customer to set when they want to look
in a router which has some problem.

It is unclear to me what that "VPN access" checkmark on the startpage is doing, maybe someone from MikroTIk
can explain? It is not in the documentation, only the DDNS thing is. But of course that would not be referred to
as "VPN access". I guess it is some thing that they or a dealer can ask a customer to set when they want to look
in a router which has some problem.

look at this carefully
http://forum.mikrotik.com/viewtopic.php?t=85906


""
If your router sits behind NAT and does not get a public IP, then you would never have access to it anyway without the NAT router providing port forwards to you.

The cloud service reports to Mikrotik servers whatever public IP address it comes from. It does nothing to enable services in your mikrotik, just provides DNS name for your router if you have dynamic IP from your provider.
""

That topic is about IP Cloud. The IP Cloud page has a DDNS checkmark and it registers a DNS name for
your router. Fine.

But I am talking about the "VPN Access" checkmark that is on the startpage. What does THAT do? It is not documented.
When it is just an alias for the DDNS checkmark, I think it is badly named and should be renamed "DDNS enable".

I think it does setup some VPN to somewhere which enables callback using the name also given as the DDNS name,
but I have no idea how. Maybe should trace the network traffic to see what is going on.

That topic is about IP Cloud. The IP Cloud page has a DDNS checkmark and it registers a DNS name for
your router. Fine.

But I am talking about the "VPN Access" checkmark that is on the startpage. What does THAT do? It is not documented.
When it is just an alias for the DDNS checkmark, I think it is badly named and should be renamed "DDNS enable".

I think it does setup some VPN to somewhere which enables callback using the name also given as the DDNS name,
but I have no idea how. Maybe should trace the network traffic to see what is going on.

now see this page
http://serverfault.com/questions/725034 ... -public-ip



can you explain ,
"
You can create an outgoing SSTP tunnel which works using SSL/TLS over port 443 (so it shouldn't be blocked) to connect to another SSTP server outside the network.

Then you can access the router with the IP assigned on the SSTP interface
"
how can i do it ?

You need to have an outer device with public ip and enough bandwidth for it. Do you have such?

You can read that in the manual. The procedures for setting up all kinds of VPN on the MikroTik routers are quite simple.
But of course you need another router that is on a public accessible static IP to do that.
That is why I wonder if this "VPN Access" just does a pre-configured VPN to some fixed service.

its too easy
1- active dmz in the nat on your isp modem to wan ip on mikrotik
2- disable firewall on isp router
3- add line as the sam you see on Access Management >> ACL >> Lan but add other one as WAN on ISP rourer
Done

its too easy
1- active dmz in the nat on your isp modem to wan ip on mikrotik
2- disable firewall on isp router
3- add line as the sam you see on Access Management >> ACL >> Lan but add other one as WAN on ISP rourer
Done

Nothing says that the carrier isn't doing NAT though so it's not "too easy". If it was that easy this would be solved already.

@OP
You can create a free AWS CHR instance which is free to use forever. Get this running and a good firewall in place and then create a VPN server. Connect your router behind NAT to this VPN server and then you can VPN into your AWS-CHR and get access to your MikroTIk,

I have done this for a few people I have done work for and it works brilliantly.

Hello, it is not possible as your ISP provide you private ip address, so you are Natted.

You need to ask him for a public IP (it can be dynamic), but the risk is to pay more than now.

Can i use VPN or ppoe client or other service for this problem?
I can't get valid ip, (my ISP can't give valid ip)
But i need to remote connect mikrotik. :(

Of course yes, you can use VPN - Mikrotik connect as client to your server. We expect ISP provider do not block VPN

Hello.
Forgive me if I take this thread so old, but I also have the same problem. I created a PPTP tunnel between my main routerboard with static IP issued by my ISP and a 4G routerboard under NAT.
The tunnel works perfectly, the packets of the "client" routerboard come out through the static Public IP of the "master" routerboard which is good, but from the PCs connected to the LAN bridge of the "master" routerboard I cannot reach the "client" routerboard not even with the "ping" command. Pinging the client routerboard by the master routerboard I reach it perfectly. I don't even see the IP of the PPTP interface in the ARP table of the master rb.
I do not understand why. Can you give me some indication about it?
I tried to be very concise. Here you can find the diagram of my network and the precise configuration viewtopic.php?f=2&t=175284&p=857491#p857491
Thank you very much for the help you can give me