Also, ZeroTier works though a CGNAT and I know that it works with starlink. Just need a ARM device however.
Yeah sorry, I missed the "lite" part of hAP. I run into the remote access to MIPSBE problem myself, which ZeroTero solves perfectly for ARM... It is annoying.Unfortunately my hAP ac lite router is not ARM but it is MIPSBE one.
@Larsa, what do you mean by "enable LAN access"? I wasn't aware that was an option in the desktop clients...
Node ZT WAN LAN
1 10.0.0.10 92.168.10.0/24
2 10.0.0.20 92.168.20.0/24
3 10.0.0.30 92.168.30.0/24
I have my own RB3011 (ARM32). It has static WAN address and it is working 24/7His best bet in this case is
a. a friend who will host wireguard server on friends MT
You probably already have one at home, that is good enough if not for high speed connection, if you have a cabled connection.What public VPN Server is better to use for this purpose? Is there free (without paid subscription) service?
If you connect to it, does it give you a public IP address? If so, then yes that helps. But the Surfshark has any stateful firewall or gives you a private address, then NO.Question: Is it 100% that Surfshark can't help?
Fair enough. But enabling IP forwarding is a pretty big change that's not the default on most OSes – I was thinking there was a ZT client option I'd missed. Doesn't seem like it even help here however.@Larsa, what do you mean by "enable LAN access"? I wasn't aware that was an option in the desktop clients...
That's the beauty of ZT, it works like any normal network with routing etc.
Larsa, the issue is that the MT on site is NOT ARM. Therefore it cannot host zerotier.
I have to configure this system to have access to the router. For now, this system is with me and I have only a few days before I should send it to the field. Question: Is it 100% that Surfshark can't help?
Perfect, that is all you need to setup wireguard.I have my own RB3011 (ARM32). It has static WAN address and it is working 24/7His best bet in this case is
a. a friend who will host wireguard server on friends MT
So how this ARM router can help for "starlink+hAP ac lite"? May I ask you for further steps?
Yes, I have static public IP at my RB3011. This is additional paid service of my ISP.BUT is the static WAN a public IP. How do you get it? ISP modem provides it to you ?
When you go whats my IP, is it the same IP in your router settings???
But enabling IP forwarding is a pretty big change that's not the default on most OSes – I was thinking there was a ZT client option I'd missed. Doesn't seem like it even help here however.
More annoyed that this be trivial with ZeroTier on MIPSBE. Drop the ZeroTier interface into the bridge and enabling bridging on ZT central**. Or use IP routing if perferred.I do understand there might be a challange managing this directly in regular routers like Mikrotik, but it should definitely be standard on common clients for Windows, macOS and Linux.But enabling IP forwarding is a pretty big change that's not the default on most OSes – I was thinking there was a ZT client option I'd missed. Doesn't seem like it even help here however.
More annoyed that this be trivial with ZeroTier on MIPSBE. Drop the ZeroTier interface into the bridge and enabling bridging on ZT central**. Or use IP routing if perferred.
Not sure a potentially fragile script that requires a beta version of ROS be recommended in this case.How about setting up Wireguard as suggested and use the Telegram bot feature to aftewards change to what IP it should connect to?
Or use a script to pull the IP from a webpage every xx mins/hours.Not sure a potentially fragile script that requires a beta version of ROS be recommended in this case.
I'm not sure what the purpose should be? If it was enough to have command line access to the remote Tiks, the Telegram solution alone would be sufficient (but I fully agree with @Amm0's remark regarding it's fragility). But the OP wants to use Winbox so a command line solution is clearly insufficient. And if he's got a router on a static public IP, there's no point in using a complicated solution to change the address to connect to on the remote routers. Using a DNS rather that a fixed address would of course be more flexible; using of two or more routers on different public IPs makes it possible to change the address of one of them and reconfigure the remote routers using the other one(s).Or use a script to pull the IP from a webpage every xx mins/hours.
It's awesome!Here is a sample of what you need to do on both MT devices.
Step 1
As per your question, I would offer you to contact Mikrotik support, as they should help you better with your question and finding the solution, you can find them here: https://mikrotik.com/support
Not my experience. The SSTP disappears and a new one is created (with the same IP address as set in SSTP user)you have to use a script in the profile to remove the old one
Dear @ax25. Glory to the Heroes! Thank you a lot for #StandingWithUkraine.@vitaly2016 – I've deployed a similar setup (but not with a Starlink). Other guys are right that you need something like a droplet on Digital Ocean which will be used as a WireGuard peer. DigitalOcean will cost you $5 per month, you need very basic configuration. In a nutshell:
If you need assistance, please leave your contact details, I will be happy to help. Slava Ukraini!