How Can I change for mirotik cloud (ddns) update and mikrotik update checking with vpn ?
Because I have vpn connection
As @erkexzcx has suggested, you can make the router itself use the VPN tunnel to connect to mikrotik.com destinations, by using action=mark-routing
rules in chain output
of /ip firewall mangle
. But you have to set use-local-address
under /ip cloud advanced
, and hope that it will work the expected way. When set to no
, the DDNS resolves the xxxx.sn.mynetname.net
FQDN to the IP address from which it has received the update request, which is the public IP of the remote VPN server; when set to yes, the update request contains the local IP of the router, which I assume is the one attached to the interface through which the update request has been routed.
[speculation]the ddns update process checks the routing table main before actually sending the packet, so when the mangle rules assign the routing-mark and thus change the routing-table actually used, the address in the update request remains the one that would be used if the packet wasn't redirected.[/speculation].
However, I'd be afraid that the authorities might be scanning responses from sn.mynetname.net, and if they spot a response that contains an IP address from the range assigned to one of your country's ISPs, they would easily track down the user of that address at that time.
So spawning a virtual router (CHR) in some data center abroad, with a fixed address, might be a safer option.