Page 1 of 1

Localhost tunnel service

Posted: Thu Sep 21, 2017 4:28 am
by cutedrummerboy
it will be very helpful if mikrotik provide us (home users) a localhost tunnel service aka cloud login service like ubnt unifi does. then we can access our router from internet without having a public ip in the router. i use a service called ngrok (https://ngrok.com/) to access my small home server.

Re: Localhost tunnel service

Posted: Thu Sep 21, 2017 6:23 pm
by TomjNorthIdaho
it will be very helpful if mikrotik provide us (home users) a localhost tunnel service aka cloud login service like ubnt unifi does. then we can access our router from internet without having a public ip in the router. i use a service called ngrok (https://ngrok.com/) to access my small home server.
At this time, there is no 3rd party "man-in-the-middle" service available on a Mikrotik which does what you are asking for.

However ... There are some (free) tools that should be able accomplish what you may want to do.

#1A - On a PC behind the Mikrotik you want remote access to , download TeamViewer.
#1B - Configure the TeamViewer to always accept a remote session
#1C - Set the power management on the PC so that it will not power-save in sleep or suspend
#1D - Make a note of "Your ID" and your "Password"

#2A - On your PC (the PC you want to be able to remotely get into your Mikrotik network), download TeamViewer
#2B - On your PC type in the "Partner ID" (from #1D above) and click "Connect to partner"
#2C - Type in the "Password" (from #1D above)

#3A - At this time, your #2 PC should have full console/windows GUI control of your #1 PC
#3B - Start Winbox (or http or telnet or ssh) on your #1 PC and connect to your Mikrotik at location #1

With Winbox , you not only accomplish what you wanted to do -and- you also have full control of your #1 PC to do almost anything you may want to do if you were physically in-front-of / on-the-console of your #1 PC

I hope this helps.

FYI - TeamViewer can be also used on Android cell phones, Linux computers/servers & I think possibly Apple computers (not sure about Apple).

TeamViewer is also a handy tool to gain control of somebody else's computer when you are working with them on the phone and decide you need access.

Also, TeamViewer allows a local person in front of the remote PC computer to also see what you are doing with your remote control session.

TeamViewer for non-commercial use is free. It does use a TeamViewer man-in-the-middle service. It also works well when one or both locations are behind firewalls. With TeamViewer, you don't need to make any special firewall configurations to use TeamViewer.

North Idaho Tom Jones

Re: Localhost tunnel service

Posted: Thu Sep 21, 2017 9:32 pm
by pe1chl
It is actually something that MikroTik could offer through the "IP cloud" service. In fact, before I fully studied what that (and the VPN button on the quickstart screen) does,
I presumed that this is the functionality it would offer. But unfortunately, it does not work that way.

Re: Localhost tunnel service

Posted: Fri Sep 22, 2017 1:15 am
by TomjNorthIdaho
It is actually something that MikroTik could offer through the "IP cloud" service. In fact, before I fully studied what that (and the VPN button on the quickstart screen) does,
I presumed that this is the functionality it would offer. But unfortunately, it does not work that way.
If Mikrotik were to add a feature like this ...
I would like to see an option in the configuration where "the-cloud" server could be set to use a local cloud-service.

I for one, might see a default cloud service as a possible security issue.
If the 3rd party cloud-service defined in the Mikrotik could optionally to use in-house cloud instead, then I would feel that nobody on the outside could get to one of my Mikrotiks except what is allowed from and seen from my local cloud-server.
Of course, a (Linux or Windows) server would be needed to provide this local 3rd-party man-in-the-middle service for my Mikrotik network - which might need to be a software program available from Mikrotik.

Working with some government and hospital networks and PCI security networks, such an option for which man-in-the-middle service is used might help satisfy PCI security rules used by those organizations.

North Idaho Tom Jones

Re: Localhost tunnel service

Posted: Fri Sep 22, 2017 11:31 am
by pe1chl
There is no need for that, because that capability already exists. When you have your own cloud server, just setup a VPN service
there and a VPN client on all your routers, and you are go. I am doing that all the time.

The place for a mikrotik-provided cloud server with that purpose would be to allow users of a single router to have such a VPN tunnel
and logon to their router from elsewhere, without having to setup a private service just for this purpose.
Of course this should not be enabled by default, and it should only be possible to enable it after a password has been set.
Currently IP cloud only provides a DDNS service and an (inexplicably inaccurate) time server, but this VPN tunnel service would
be useful for those that are behind NAT so they cannot login merely using the DDNS registered name.

Re: Localhost tunnel service

Posted: Fri Sep 22, 2017 12:04 pm
by idlemind
It would draw a parallel to Meraki in a way. They tunnel management traffic to their DCs which then let you configure the device via their pretty HTML5 UI. It's all the same concept and can be incredibly handy.