Community discussions

MikroTik App
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Do you assign your wifi nodes public IPs for manageability?

Wed Nov 23, 2005 11:57 am

Hi,

just tried to tell it all in subject field :-) We are about building our network, where we use MT router. From that central point, we want to distribute to two kinds of nodes:

1) 5GHZ, locally 2.4 GHz APs
2) retranslation nodes, which will forward on 5GHZ to other nodes

The question is, what IP strategy to take? From external network, I can get to central MT machine, using winbox, webbox, whatever. But how can I manage my other RB532 MT nodes? Should I route somehow on specific ports traffic for winbox to work? (I will not configure the network, so my questions might be pretty lame, I know :-), or is it wise to assign such nodes public IPs? My brother suggest exactly that, but what if I later want to interconnect two users on local network, so that their traffic would not go via main router e.g.? Or public IPs here would not be a problem?

Just curious how you guys build your network's IP strategy-wise.

Thanks a lot,
Petr
 
User avatar
HarvSki
Member
Member
Posts: 398
Joined: Fri May 28, 2004 3:37 pm
Location: London, UK

Wed Nov 23, 2005 1:26 pm

You can use public IP addresses and the other option is to use private addresses on the inside and then VPN (like PPtP) into your network and manage it like that from the internet. This has the advantage of only having to harden one router against external (internet) attack.
 
pekr
Member Candidate
Member Candidate
Topic Author
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Wed Nov 23, 2005 4:54 pm

Any free VPN clients around MT can work with? What about OpenVPN. IIRC it is not full-fledged VPN client, but I read good reviews on it. Any other suggestions?

-pekr-
 
User avatar
HarvSki
Member
Member
Posts: 398
Joined: Fri May 28, 2004 3:37 pm
Location: London, UK

Wed Nov 23, 2005 5:03 pm

I just make a new pptp connection from either OSX Win2k or XP, it is buit in.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6624
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Wed Nov 23, 2005 8:15 pm

pekr, there is possibility to setup other tunnels too (L2TP, IPSec, etc.).

one note, if you will have other routers behind one public IP address (Main MT router), than probably, there might be some problems accessing routers via Winbox from public networks.
 
User avatar
HarvSki
Member
Member
Posts: 398
Joined: Fri May 28, 2004 3:37 pm
Location: London, UK

Wed Nov 23, 2005 9:28 pm

That is why you use the VPN into the Public facing MikroTik router, you get assigned an IP address (private one) that is routable accross your wireless network so Winbox will work and you can manage other devices too that have private adresses without any need to do dst-NAT at all.

I run my network like this.

Who is online

Users browsing this forum: andya, gfhahsvhj, ruwi000 and 63 guests