Community discussions

 
irfanhamidi
just joined
Topic Author
Posts: 3
Joined: Fri Feb 22, 2019 3:11 pm
Contact:

Remotely access Mikrotik router

Sat Mar 23, 2019 11:32 am

Hello everyone!

I have a Mikrotik RB951g router in office which we are using internet. sometimes I have to login to the router from home using another connection so I would like to know how to configure the router so I can accessed from home remotely?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1310
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Remotely access Mikrotik router

Sat Mar 23, 2019 12:05 pm

This has been discussed many time.
Best option, setup a VPN from Mikrotik to your home. (This will also work of your router is behind nat)

If that can not be done, take care. Open up a router from outside add a huge risc for attack on it.
* Use access list
* Do not use default port
* Use port knocking
* Log all access
* +++
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
neutronlaser
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Jan 18, 2018 5:18 pm

Re: Remotely access Mikrotik router

Sun Mar 24, 2019 12:05 am

PPTP good too
 
anav
Forum Guru
Forum Guru
Posts: 3120
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Remotely access Mikrotik router

Sun Mar 24, 2019 4:22 am

PPTP good too
Brain dead?
The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1310
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Remotely access Mikrotik router

Mon Mar 25, 2019 11:11 am

I do agree with anav here, why in the world use obsolete PPTP when you can use a much better L2TP with IPsec?
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
Joni
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Fri Mar 20, 2015 2:46 pm
Contact:

Re: Remotely access Mikrotik router

Mon Mar 25, 2019 9:43 pm

There is a much simpler way... dynamic whitelisting
1) Get a DynDNS client (or URL) on your client device (hint: could also be another Mikrotik device on the same client network https://wiki.mikrotik.com/wiki/Manual:IP/Cloud )
2) Add that DynDNS name (not IP address) to Firewall address list in the router you wish to access (hint: timeout recommended but not required https://wiki.mikrotik.com/wiki/Manual:I ... dress_list )
3) Add a firewall exception rule for that address list
4) Result = Secure (with no open ports at all to attack) authenticated encrypted (Winbox / HTTPS) remote access, to as many sites (devices) or users your like with zero overhead

Hint: https://www.cloudns.net/features/ is Google recommended and has non-authenticated dynamic DNS for free ( https://www.cloudns.net/wiki/article/255/ ), including the free domain.

Something along the lines of:
/ip firewall address-list add address=xxxxxxxxxxxx.sn.mynetname.net list=whitelisted-admin comment="some other Mikrotik device with Cloud IP"
/ip firewall address-list add address=mydyndnsclient.dyn.com list=whitelisted-admin comment="some other DynDNS client"
/ip firewall filter add action=accept chain=input comment="Allow whitelisted-admin" in-interface-list=WAN src-address-list=whitelisted-admin
Please note: if the two DNS names resolve to the same IP address then only one item is added on the list.
Last edited by Joni on Mon Mar 25, 2019 10:19 pm, edited 9 times in total.
 
anav
Forum Guru
Forum Guru
Posts: 3120
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Remotely access Mikrotik router

Mon Mar 25, 2019 9:47 pm

How does dddn and address list provide secure encrypted connections?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
anav
Forum Guru
Forum Guru
Posts: 3120
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Remotely access Mikrotik router

Mon Mar 25, 2019 9:48 pm

You could also setup IKEv2 and access via the MT mobile App from anywhere, home, coffee shop or via cellular data.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
neutronlaser
Member Candidate
Member Candidate
Posts: 212
Joined: Thu Jan 18, 2018 5:18 pm

Re: Remotely access Mikrotik router

Mon Mar 25, 2019 11:25 pm

PPTP good too
Brain dead?
The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues.
Mikrotik's implementation of PPTP is secure. It's the Windows one you're mocking my mental disability with.
 
anav
Forum Guru
Forum Guru
Posts: 3120
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Remotely access Mikrotik router

Tue Mar 26, 2019 3:40 pm

PPTP good too
Brain dead?
The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues.
Mikrotik's implementation of PPTP is secure. It's the Windows one you're mocking my mental disability with.
https://www.youtube.com/watch?v=MMzd40i8TfA
Last edited by anav on Tue Mar 26, 2019 4:07 pm, edited 1 time in total.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
krisjanisj
MikroTik Support
MikroTik Support
Posts: 60
Joined: Wed Feb 20, 2019 2:53 pm
Contact:

Re: Remotely access Mikrotik router

Tue Mar 26, 2019 4:02 pm

As much as I hate to intervene in this discussion, I must remind to @anav and everyone else to keep it civil and lets not throw insults around.

Ok? Ok!
* Wager of "The Holy War" against users who don't paste their config/export/print into [code][/code] blocks
* Avid coffee consumer
* Provider of stupid solutions for simple problems
 
anav
Forum Guru
Forum Guru
Posts: 3120
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Remotely access Mikrotik router

Tue Mar 26, 2019 4:08 pm

Thanks for the reminder kris, I have modified my previous post.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: Google [Bot] and 116 guests