Community discussions

MikroTik App
 
gezir
just joined
Topic Author
Posts: 12
Joined: Sat Jan 27, 2018 8:16 pm

mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sat Aug 07, 2021 8:33 pm

Hi,

mikrotik.com blocked on our country from last week and mikrotik cloud (ddns) and update check not working

How can I update cloud (ddns) IP ?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sat Aug 07, 2021 9:00 pm

IS blocked by IP or by name?

Try to ping 159.148.147.204


MikroTik IPs
AS51894
159.148.147.0/24
159.148.150.0/24
159.148.172.0/24
2a02:610:7501::/48

upgrade.mikrotik.com
 
gezir
just joined
Topic Author
Posts: 12
Joined: Sat Jan 27, 2018 8:16 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sat Aug 07, 2021 9:15 pm

I have ping 159.148.147.204 but timeout
it's meaning ip blocked and i have try 159.148.147.196 ip is same blocked
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sat Aug 07, 2021 10:33 pm

but... if you reach the forum.... probably block selectively the IP than country
Last edited by rextended on Sun Aug 08, 2021 12:28 am, edited 1 time in total.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19104
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sat Aug 07, 2021 11:01 pm

You need wireguard LOL Its coming soon!
 
gezir
just joined
Topic Author
Posts: 12
Joined: Sat Jan 27, 2018 8:16 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sun Aug 08, 2021 9:16 am

I reach mikrotik forum with vpn here all mikrotik.com is blocked
And this problem I have try on all ISP
but... if you reach the forum.... probably block selectively the IP than country
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sun Aug 08, 2021 11:36 am

mikrotik.com blocked on our country from last week
Why would "they" do that and what country are you in?
You should change the government or change country. 😉
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sun Aug 08, 2021 12:59 pm

How irronic would it be if they blocked it using Miktotik devices and by error they blocked the access also for all, Mikrotik.
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sun Aug 08, 2021 9:56 pm

viewtopic.php?f=23&t=169273

Get NordVPN or any other trusted VPN provider subscription, then 2nd method (by destination) to Mikrotik ASN:

For example, Mikrotik.com resolves to "159.148.147.196". Quick google revealed the Mikrotik has it's own ASN which contains 512 ips, or in other words, If you wish to access Mikrotik services/websites under NordVPN, you should add 159.148.147.0/24 and 159.148.172.0/24 to your address list using this (2nd) method.

The only difference here is that you would also need to mark traffic in OUTPUT chain as well (guide marks only in FORWARD). Works like a charm, I've tested it myself since I've had issues reaching mikrotik.com services about a year ago. :)
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sun Aug 08, 2021 10:16 pm

The problem is that he can't use ddns because when you go through a VPN your public address changes. Now you can get your own public IP agains paying for it with NordVPN so that are also reachable with that public IP.

There surely must be DDNS services that allow you supply the public IP separate.
 
gezir
just joined
Topic Author
Posts: 12
Joined: Sat Jan 27, 2018 8:16 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Mon Aug 09, 2021 9:41 pm

How Can I change for mirotik cloud (ddns) update and mikrotik update checking with vpn ?
Because I have vpn connection
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Mon Aug 09, 2021 10:59 pm

How Can I change for mirotik cloud (ddns) update and mikrotik update checking with vpn ?
Because I have vpn connection
As @erkexzcx has suggested, you can make the router itself use the VPN tunnel to connect to mikrotik.com destinations, by using action=mark-routing rules in chain output of /ip firewall mangle. But you have to set use-local-address under /ip cloud advanced to yes, and hope that it will work the expected way. When set to no, the DDNS resolves the xxxx.sn.mynetname.net FQDN to the IP address from which it has received the update request, which is the public IP of the remote VPN server; when set to yes, the update request contains the local IP of the router, which I assume is the one attached to the interface through which the update request has been routed.
[speculation]the ddns update process checks the routing table main before actually sending the packet, so when the mangle rules assign the routing-mark and thus change the routing-table actually used, the address in the update request remains the one that would be used if the packet wasn't redirected.[/speculation].

However, I'd be afraid that the authorities might be scanning responses from sn.mynetname.net, and if they spot a response that contains an IP address from the range assigned to one of your country's ISPs, they would easily track down the user of that address at that time.

So spawning a virtual router (CHR) in some data center abroad, with a fixed address, might be a safer option.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Mon Aug 09, 2021 11:04 pm

set the <VPN-INTERFACE> and paste on terminal
/ip route
add distance=1 dst-address=159.148.147.0/24 gateway=<VPN-INTERFACE>
add distance=1 dst-address=159.148.150.0/24 gateway=<VPN-INTERFACE>
add distance=1 dst-address=159.148.172.0/24 gateway=<VPN-INTERFACE>
do not touch DNS, cloud2.mikrotik.com resolve to 159.148.147.201 and 159.148.172.251 and go through VPN.
Last edited by rextended on Tue Aug 10, 2021 12:36 am, edited 1 time in total.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Tue Aug 10, 2021 12:06 am

I assume you had in mind <VPN-INTERFACE>, hadn't you? Otherwise yes, your suggestion is definitely simpler and less error-prone than an additional routing table and mangle rules, but the use-local-address=yes setting may not provide the desired outcome in this case, as the source address sent in the DDNS update request will most like be the one assigned by the VPN server, attached to the <VPN-INTERFACE>.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Tue Aug 10, 2021 12:36 am

ops, is late... obviously an error :P

The idea is to use another IP, the IP of the VPN, because if the IP are country-locked, passing the right IP to cloud, change nothing....
No incoming traffic possible.

Or not?
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Tue Aug 10, 2021 1:04 pm

@rextended,

the OP has not explained why he needs to update the DNS record, but typically you do this when you have a public IP address but a dynamically changing one, and you want to run a service on that address, so your clients are configured with the FQDN rather than with an IP number.

For such a purpose, you usually cannot use the public address from which your traffic emerges from the remote public VPN server, because such a server usually doesn't forward (or permit) incoming connections to the client, or even uses a single public IP for many clients - unless it is a VPN server under your own control, as I've suggested in my older post.

So depending on what is the OP's actual need, it may be correct to update the DDNS with the actual public IP, or to update it with the VPN one, or none may help.

Of course, it is also possible that the OP's device is acting as a client, and the remote server may verify the source address by reverse DNS lookup that must yield a known fqdn.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Tue Aug 10, 2021 1:39 pm

My hint on post #13 is for specific question the OP ask on post #11
viewtopic.php?f=2&t=177435#p872011
...mikrotik update checking with vpn ?...
 
gezir
just joined
Topic Author
Posts: 12
Joined: Sat Jan 27, 2018 8:16 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Tue Aug 10, 2021 11:52 pm

Thank you for reply ,
It's working but set vpn ip to DDNS
How can is change to get ip from pppoe interface
set the <VPN-INTERFACE> and paste on terminal
/ip route
add distance=1 dst-address=159.148.147.0/24 gateway=<VPN-INTERFACE>
add distance=1 dst-address=159.148.150.0/24 gateway=<VPN-INTERFACE>
add distance=1 dst-address=159.148.172.0/24 gateway=<VPN-INTERFACE>
do not touch DNS, cloud2.mikrotik.com resolve to 159.148.147.201 and 159.148.172.251 and go through VPN.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Wed Aug 11, 2021 12:32 am

It's working but set vpn ip to DDNS
How can is change to get ip from pppoe interface
If so, you need to use the approach I gave above. Instead of the three direct routes to Mikrotik subnets via VPN, you have to do the following:

/ip route
add gateway=<VPN-INTERFACE> routing-mark=via-vpn

/ip firewall mangle
add chain=output dst-address=159.148.147.0/24 action=mark-routing new-routing-mark=via-vpn
add chain=output dst-address=159.148.150.0/24 action=mark-routing new-routing-mark=via-vpn
add chain=output dst-address=159.148.172.0/24 action=mark-routing new-routing-mark=via-vpn


(if there are already other rules in chain output of mangle, place these ones before (above) them)

/ip cloud advanced set use-local-address=yes

This way, the DDNS should get updated with the PPPoE address.
 
mha7
just joined
Posts: 3
Joined: Tue Aug 09, 2022 11:54 am

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sun Oct 02, 2022 1:32 am

Unfortunately Mikrotik DDNS is also blocked in Iran!
When I check "Use Local Address" the DDNS record will update to the local address of the VPN interface. Is there any options to select my PPPoE interface instead?

Thanks
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Sun Oct 02, 2022 9:19 am

I would love to know what country this is? Sounds more like an ISP's actions than a whole country?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

Mon Oct 03, 2022 10:43 am

Maybe somebody can post short tutorial to make some free VPN ONLY for traffic to mikrotik cloud :) ?
I guess it could be to amazon cloud in any of their regions, since "micro" instance is free, and resources would be enough for "only mikrotik updates" traffic.

Who is online

Users browsing this forum: Amazon [Bot], EmuAGR, GoogleOther [Bot], stefhapx6 and 78 guests