Community discussions

MikroTik App
 
fallingrock
just joined
Topic Author
Posts: 4
Joined: Sun Dec 10, 2023 8:17 pm

Back to home supported router

Sun Dec 10, 2023 8:28 pm

Folks:

New guy here.

I’ve got a RB750Gr3 and it’s working great for my work from home office. I’m primarily using it to keep my work and home networks isolated from each other.

The back to home vpn offering is very intriguing, but my current router doesn’t support it.

Can anyone recommend a router comparable to the RB750Gr3 that supports BTH?

Thanks,

David
 
holvoetn
Forum Guru
Forum Guru
Posts: 5081
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Back to home supported router

Sun Dec 10, 2023 9:45 pm

What's wrong using wireguard in the normal way ?
In essence, bth is the same.

If you REALLY want to change devices, AX Lite is the lowest budget alternative.
But 1 port less.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18697
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Back to home supported router

Sun Dec 10, 2023 9:47 pm

Sure the 750 supports wireguard what seems to be the issue?
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3039
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Back to home supported router

Sun Dec 10, 2023 10:02 pm

Sure the 750 supports wireguard what seems to be the issue?
Back to Home (BTH) is only on ARM, ARM64, and TILE. Just because a device supports WG, doesn't mean it support BTH (e.g. all the MIPS things, like the '750).
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18697
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Back to home supported router

Sun Dec 10, 2023 10:54 pm

BTH is not the only way to apply wireguard parameters silly ammo!
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3039
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Back to home supported router

Mon Dec 11, 2023 2:40 am

BTH is not the only way to apply wireguard parameters silly ammo!
Well, true enough. Unless the router is behind CGNAT...

@fallingrock does your ISP provide you with public IP on the router?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18697
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Back to home supported router

Mon Dec 11, 2023 5:34 am

Dont forget the other question,
a. do you have a public IP
b. IF NOT, can you forward a port from your ISP modem/router to your ROUTER.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5081
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Back to home supported router

Mon Dec 11, 2023 6:34 am

Well, true enough. Unless the router is behind CGNAT...
Why not ?
You only go out then towards a device with public IP (dynamic or static) but it will still work.
Same with Zerotier BTW when it's behind CGNAT.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Back to home supported router

Mon Dec 11, 2023 11:22 am

BTH is nice if both devices are behind NAT.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5081
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Back to home supported router

Mon Dec 11, 2023 2:12 pm

True but what's the rationale to limit to arm/arm64/Tile only ?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18697
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Back to home supported router

Mon Dec 11, 2023 2:38 pm

Dear Sir Holvoe, I have written many times of MTs unwritten agenda to move all users to newer ARM products, its called the 'obsolescence - death by 1000 cuts product strategy'

Just so I can get this straight the difference then between BTH and normal wireguard, and the power/allure of BTH, is that Mikrotik is providing a FREE CHR in the cloud for this service??? I dont mean anything the user can see/touch but a virtual server in the cloud is used/provided by MT to connect two ends of a WG tunnel where neither has a public IP and neither can port forward from their upstream router/modem to their MT device? IPSO FACTOR cloudflare type of service? and thus reliance on a third party?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Back to home supported router

Mon Dec 11, 2023 4:54 pm

You don't seem to get BTH idea at all, sorry about that.

- BTH is free of charge if you have one of the supported devices (all new / currently manufactured mikrotik devices)
- There is no middleman with access to your data, as opposed to traditional VPN providers
- Data goes directly between mobile device and home router, Relay only helps to establish connection (with holepunching method)
- Setting up BTH takes only a few steps in a mobile app, you do not have to open winbox or computer
- Giving friend or family access to your VPN service is a one click operation, no need to even see RouterOS
- If the ISP set up your device, or maybe you just use the default config and don't want to learn RouterOS, it sets up a modern and very secure VPN with 2-3 taps of your phone
- Of course, many other nice features are planned for the app
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18697
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Back to home supported router

Mon Dec 11, 2023 5:04 pm

Much thanks Normis, its slowly getting clearer.
Basically the process is

a. at home or office router setup BTH.
b. then any user can connect to this VPN
c. if the BTH is using a public IP, no relay service is used
d. If the BTH is used behind a cgnat or non port forwarding capable ISP, then relay service is used.

It is not clear how this relay service works?
What is the throughput of this relay service?

Clearly the BTH goes out on a specific port from the home or office router and talks to something on a server somewhere.......
How transparent is this? Is it based on RouterID??

From the user APP perspective, how does the app differentiate between going directly to public IP or to Relay Server.
(assuming admin gives credentials/setup to user and that determines the above)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Back to home supported router

Mon Dec 11, 2023 5:10 pm

There is all kinds of smart technology involved, I can't share details.
MikroTik knows nothing about the connections. Like I said, relay helps to establish hole-punched connections, but from then, the connection goes direct between users, not over relay.

About use cases, one example I like is this:

1) I go to my parents house, they have a mikrotik router. They need some help with it. I don't want to waste time there, so I open the BTH app on the phone, connect to the router with it, make a BTH tunnel. It takes 5 seconds to do this. Then I go home, when I have time, connect to my parents router, now I can even make another shared tunnel, and send pure wireguard config file to my computer and continue work there. So you can use it to make very quick management access for yourself.

2) of course all the basic stuff too. I can connect to my home device where my DNS is a PiHole. Now my phone no longer has ads. Or I can watch netflix via friends router, who is in another country etc.
 
optio
Long time Member
Long time Member
Posts: 627
Joined: Mon Dec 26, 2022 2:57 pm

Re: Back to home supported router

Mon Dec 11, 2023 5:35 pm

3) get arrested because someone who you give access to BTH VPN has done some illegal activities on the internet over your connection (this doesn't need to be directly by someone who you give access if client device is compromised)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Back to home supported router

Mon Dec 11, 2023 5:42 pm

share responsibly :D

P.S: how is this specific aspect different from VPN options any router has had for 30 years?
 
optio
Long time Member
Long time Member
Posts: 627
Joined: Mon Dec 26, 2022 2:57 pm

Re: Back to home supported router

Mon Dec 11, 2023 5:55 pm

Usually was not so easy to share VPN connection for reckless/technically non skilled people who usually don't know setup VPN manually
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Back to home supported router

Mon Dec 11, 2023 5:58 pm

I personally think this is more an imaginary problem, than reality. Maybe I just don't know as many digital criminals :D
 
optio
Long time Member
Long time Member
Posts: 627
Joined: Mon Dec 26, 2022 2:57 pm

Re: Back to home supported router

Mon Dec 11, 2023 6:01 pm

It's digital criminals heaven when can compromise someones VPN connection
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18697
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Back to home supported router

Mon Dec 11, 2023 6:03 pm

Hi Normis,
1. As an admin or helper admin, I can go to the local site and quickly setup a vpn connection which I can use later when remote.
2. What about the opposite, I want to send my brother the ability to connect to my MT wireguard router
a. from his device directly (no mt router), be it windows laptop or android/Iphone
b. from his MT router, where he may not be config savvy........... ( and assuming I dont have connectivity to it yet but I suppose the quick answer is teamviewer or anydesk.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Back to home supported router

Mon Dec 11, 2023 6:03 pm

There are easier ways to do illegal stuff, than to compromise a family member
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26264
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Back to home supported router

Mon Dec 11, 2023 6:04 pm

Hi Normis,
1. As an admin or helper admin, I can go to the local site and quickly setup a vpn connection which I can use later when remote.
2. What about the opposite, I want to send my brother the ability to connect to my MT wireguard router
a. from his device directly (no mt router), be it windows laptop or android/Iphone
b. from his MT router, where he may not be config savvy........... ( and assuming I dont have connectivity to it yet but I suppose the quick answer is teamviewer or anydesk.
BTH allows also that. You can open BTH and send your brother "Request for access". All he needs is to approve it.
 
optio
Long time Member
Long time Member
Posts: 627
Joined: Mon Dec 26, 2022 2:57 pm

Re: Back to home supported router

Mon Dec 11, 2023 6:07 pm

There are easier ways to do illegal stuff, than to compromise a family member
I agree, just with this feature you have social engineering vector more feasible due to its simplicity.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3039
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Back to home supported router

Mon Dec 11, 2023 6:14 pm

Well, the OP's issue is RB750 doesn't run back to home (BTH). It does run WG, so a "manual" process may be possible if one side has a static IP. But @normis is right, being able to "convert" a RouterOS login into a WG client in a couple taps in an app is pretty handy.

But if you have static IP, it really should just be a multi-step process as described in docs or @anav's WG compendium post.

FWIW there was a recent discussion on the RB750 vs. hAPaxLite (later of which does support BTH) here if the OP wanted to swap routers:
viewtopic.php?t=202248
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1115
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Back to home supported router

Mon Dec 11, 2023 6:46 pm

There are easier ways to do illegal stuff, than to compromise a family member
I agree, just with this feature you have social engineering vector more feasible due to its simplicity.
Well, in that case, we should all stop using internet as there is always possibility that someone get hacked. Or use some of the VPN providers that "keeps your data safe".

Mikrotik provided nice tool for all of us that don't have access to public IP. And as always there will be some people that will exploit that feature.

Problem with a lot of people is that they want single button magic... They don't want to learn how something works, they want fancy UI, wizards etc.
 
optio
Long time Member
Long time Member
Posts: 627
Joined: Mon Dec 26, 2022 2:57 pm

Re: Back to home supported router

Mon Dec 11, 2023 6:56 pm

Problem with a lot of people is that they want single button magic... They don't want to learn how something works, they want fancy UI, wizards etc.
Thats was my point, to mitigate that maybe some option can be added for BTH to turn on connection logging (VPN->WAN) for forensic investigations or just warning text in app that if someone else is using your connection it can be used for illegal traffic on which you can have consequences.
 
gigabyte091
Forum Guru
Forum Guru
Posts: 1115
Joined: Fri Dec 31, 2021 11:44 am
Location: Croatia

Re: Back to home supported router

Mon Dec 11, 2023 7:33 pm

Yea, but both of us know what will people do with this disclaimer :lol:

That would be only good for Mikrotik, if some customer gets hacked or get charges for illegal activities on the Internet and they try to involve Mikrotik, Mikrotik can simply say that they had disclaimer.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3039
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Back to home supported router

Mon Dec 11, 2023 7:47 pm

The security topic is bit overtime here. But I guess I'm not see how the threat profile changes much from using BTH. If you have the RouterOS password, lots of bad stuff is possible.

And, you cannot set it up WITHOUT a RouterOS login via the winbox protocol (even if the app hides this detail). So unless winbox is open to internet, you have to be on the LAN to setup (and need the router password).

Now whether RouterOS should have better logging, that seems like a good feature request report at help.mikrotik.com...
 
optio
Long time Member
Long time Member
Posts: 627
Joined: Mon Dec 26, 2022 2:57 pm

Re: Back to home supported router

Mon Dec 11, 2023 7:53 pm

My post for security (and legal) concern is related to sharing internet connection with others in such simple way for people who are not aware of potential consequences, not securing router or other devices in network from which you can access over LAN/VPN, that's another thing.
 
fallingrock
just joined
Topic Author
Posts: 4
Joined: Sun Dec 10, 2023 8:17 pm

Re: Back to home supported router

Wed Dec 13, 2023 2:44 am

@fallingrock does your ISP provide you with public IP on the router?
Yes, my Orbi router gets that. The Mikrotik router gets a private ip inside my home network.

Internet -> cable modem -> Orbi router -> Mikrotik router -> wfh network

I’m interested in bth because it can traverse through my home router (at lease that what I gathered from my reading).

David
 
fallingrock
just joined
Topic Author
Posts: 4
Joined: Sun Dec 10, 2023 8:17 pm

Re: Back to home supported router

Wed Dec 13, 2023 2:50 am

FWIW there was a recent discussion on the RB750 vs. hAPaxLite (later of which does support BTH) here if the OP wanted to swap routers:
viewtopic.php?t=202248
Thanks, checking that out now.
 
fallingrock
just joined
Topic Author
Posts: 4
Joined: Sun Dec 10, 2023 8:17 pm

Re: Back to home supported router

Wed Dec 13, 2023 7:48 pm

Thanks for all the input folks.

I ordered a hap ax2 from Amazon that should arrive Friday. I’ll give it a try and see how it works for me.

David
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3039
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Back to home supported router

Wed Dec 13, 2023 9:11 pm

I ordered a hap ax2 from Amazon that should arrive Friday. I’ll give it a try and see how it works for me.
That be a nice upgrade. One note on ax2, all new Mikrotik come with a non-empty password – it's printed on the label on the bottom of unit.
 
EFN
just joined
Posts: 3
Joined: Tue Dec 19, 2023 3:18 pm

Re: Back to home supported router

Sun Dec 31, 2023 9:20 am

I ordered a hap ax2 from Amazon that should arrive Friday. I’ll give it a try and see how it works for me.
That be a nice upgrade. One note on ax2, all new Mikrotik come with a non-empty password – it's printed on the label on the bottom of unit.
Yes- the new complex password is printed in almost microscopic size in smeary ink and in some cases very difficut to make out even with magnification... i.e., can't tell the difference between 8 , B, O, 0, 1, l, etc. PLEASE try to do better on this Mikrotik..as a tech who sets up many of these for clients, my eyes and what's left of my sanity will be most appreciative. Thanks
 
EFN
just joined
Posts: 3
Joined: Tue Dec 19, 2023 3:18 pm

Re: Back to home supported router

Sun Dec 31, 2023 9:25 am

You don't seem to get BTH idea at all, sorry about that.

- BTH is free of charge if you have one of the supported devices (all new / currently manufactured mikrotik devices)
- There is no middleman with access to your data, as opposed to traditional VPN providers
- Data goes directly between mobile device and home router, Relay only helps to establish connection (with holepunching method)
- Setting up BTH takes only a few steps in a mobile app, you do not have to open winbox or computer
- Giving friend or family access to your VPN service is a one click operation, no need to even see RouterOS
- If the ISP set up your device, or maybe you just use the default config and don't want to learn RouterOS, it sets up a modern and very secure VPN with 2-3 taps of your phone
- Of course, many other nice features are planned for the app

"BTH is free of charge if you have one of the supported devices (all new / currently manufactured mikrotik devices)"

So is there a list of what exactly is supported by BTH? Finding details has proven to be almost impossible... I see posts that ARM devices are only one's supported, but not even all of those. But here you, official Mikrotik representative from what I can make out of your avatar, indicates "all new / currently manufactured mikrotik devices")-- does that now mean that 3011? 4011? All items in the HEX range, ie Hex Lite? Thanks.
 
jaclaz
Member
Member
Posts: 403
Joined: Tue Oct 03, 2023 4:21 pm

Re: Back to home supported router

Sun Dec 31, 2023 6:34 pm

"all new / currently manufactured mikrotik devices"
The tricky part is finding that list.

If it exists, it surely is on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard' :wink: (together with a lot of other documentation).
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3039
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Back to home supported router

Sun Dec 31, 2023 7:18 pm

"all new / currently manufactured mikrotik devices"
The tricky part is finding that list.

If it exists, it surely is on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard' :wink: (together with a lot of other documentation).
Or perhaps just their website... There is a sortable product matrix: https://mikrotik.com/products/matrix

If you filter that by architecture, look for ARM, ARM64, or TILE there, which is what's required BTH support.
 
jaclaz
Member
Member
Posts: 403
Joined: Tue Oct 03, 2023 4:21 pm

Re: Back to home supported router

Sun Dec 31, 2023 7:56 pm


Or perhaps just their website... There is a sortable product matrix: https://mikrotik.com/products/matrix

If you filter that by architecture, look for ARM, ARM64, or TILE there, which is what's required BTH support.
TILE?

Cannot find it on that page, probably it belongs to products that are not (anymore) "new / currently manufactured".

Who is online

Users browsing this forum: rkondratenko and 21 guests