Community discussions

MikroTik App
 
Josephny
Member
Member
Topic Author
Posts: 454
Joined: Tue Sep 20, 2022 12:11 am

Remote management

Tue Sep 20, 2022 12:17 am

I really have read many threads on this, but still have problems.

I am trying to enable remote management of the router.

I understand that simply disabling the firewall for all non-lab originating traffic and forwarding port 80 to the router’s wan address is not recommended.

I understand that setting up a vpn is the recommended method.

I set up a vpn using the router’s built in vpn feature and am able to establish the vpn connection.

But, when I point a browser to 192.168.88.1 it can’t connect.

If I disable the firewall that blocks all non lan originating traffic, I can point a browser to the wan (public) ip and it works.

What am I missing?

EDIT: I have confirmed that if disable the firewall rule that blocks all non-LAN incoming connections, the VPN works and I can access the router from either the 192.168.88.1 address or the public address. If I enable the rule, I cannot access the router at either IP address (even though the VPN still connects).

Thank you!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Remote management

Tue Sep 20, 2022 3:54 pm

Lets look at the logic.

On the input chain (to the router), for services such as DNS, NTP etc, and to configure the router, the default rule is often in the form of.

add action=drop chain=input in-interface-list=!LAN


Since your VPN is not cinluded in the in-interface-list it is being blocked from accessing the router.

So simply add a rule above the drop all not LAN rule ( order is important! ) and it would look like

To access the router for config purposes:
add action=accept chain=input chain src-address=VPNaddress { where VPNaddress is the random Ip address you assigned to the VPN. }

To access the LAN subnets
add action=accept chain=forward chain src-address=VPNaddress dst-address=192.168.88.0/24 { where VPNaddress is the random Ip address you assigned to the VPN. }


More on firewall rules......... steep learning curve for sure......
viewtopic.php?t=180838
https://www.youtube.com/watch?v=6boYA7xdjZY&t=1376s
 
Josephny
Member
Member
Topic Author
Posts: 454
Joined: Tue Sep 20, 2022 12:11 am

Re: Remote management

Tue Sep 20, 2022 5:25 pm

Wow!

You made that so clear -- thank you so much.

Quick question:

Is "VPNaddress" 192.168.89.1 or 192.168.89.1/32

You also solved my port forwarding problem (at least while using the VPN).

Very much appreciated.

(Where do I sign up for the course you teach??)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Remote management

Tue Sep 20, 2022 5:30 pm

Jajajaja, you want an MTUNA certification, could by my first sith disciple! ;-)

No, I barely know anything, just enough to keep my head above water and depend on others (sob, mkx, sindy etc.....) to keep me from drowning,

As to your question I dont know............ how is it defined , and how do you use it to connect remotely.
By the way, I tend to use fake numbers for any forum posts, for public WANIP info and in this case your externally used vpn address too.........
So suggest go back and change it if its the actual.
 
Josephny
Member
Member
Topic Author
Posts: 454
Joined: Tue Sep 20, 2022 12:11 am

Re: Remote management

Wed Sep 21, 2022 2:07 pm

Just wanted to thank you again. I've been working on this and got it to a nice place (for now) where I am able to access everything from 2 locations that I am frequently at, as well as by VPN, with NAT (forwarding) for the camera.
Screenshot 2022-09-21 070632.jpg
Screenshot 2022-09-21 070632.jpg
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: arebelo and 44 guests