Community discussions

MikroTik App
 
d1str0
just joined
Topic Author
Posts: 5
Joined: Thu Apr 30, 2020 3:27 pm

Reverse SSH Tunnel

Thu Apr 30, 2020 4:12 pm

Hi,
I'm trying to establish a way so a client could connect to an IP camera that is behind a cellular connection that doesn't allow opening ports. So far I have been successful in doing that using a Raspberry Pi that bridges the IP camera to a jump server through a reverse SSH connection.
With a command like this:
ssh -R <bind address>:<bind port>:<source ip>:<source port> -N <user>@<jump server> -p <server's ssh port>
Example:
ssh -R 0.0.0.0:80:192.168.1.108:80 -N user@server.com -p 22222
Is there a way to do the same with RouterOS and replace the Raspberry Pi and current router/cellular modem with a Mikrotik device?

Thanks.
 
solar77
Long time Member
Long time Member
Posts: 586
Joined: Thu Feb 04, 2016 11:42 am
Location: Scotland

Re: Reverse SSH Tunnel

Fri May 01, 2020 11:32 am

yes you can.
using the same principle, use Mikrotik as a router, (or even just within the customer LAN network)
run a VPN client (PPTP, SSTP, L2TP, up to you) from customer site to a VPN server which you have access to,
by doing this, you have access from the VPN server to the VPN client (Mikrotik at customer site), then to the other devices on the client LAN network

we do this for 4G customers who we need to monitor remotely.

only extra step, is to give your customer VPN access to your VPN server, setup firewall so he only has access to his own network, not any of your core network

potential issue with this:
because it's IP camera, there might be
bandwidth issue: some mobile network operator block or throttle VPN connections
and latency issue : you adding one more hop to the route and traffic will go through the VPN router. 4G is not too bad but some PTZ cameras is sensitive to latency
 
d1str0
just joined
Topic Author
Posts: 5
Joined: Thu Apr 30, 2020 3:27 pm

Re: Reverse SSH Tunnel

Tue May 05, 2020 9:11 pm

Thanks for your help.
I should have clarified that I can't use a VPN because the client is not willing to do so, but you gave me the idea to establish a VPN connection to the jump server and then serve the client through a regular http port... if there is no way to establish a reverse SSH tunnel from the router to the server.

Really there isn't a way?
 
aleab
Member Candidate
Member Candidate
Posts: 110
Joined: Sat Sep 22, 2018 6:13 pm

Re: Reverse SSH Tunnel

Wed Mar 29, 2023 5:00 pm

Hello,
i read this thread and post here without open new one...

i have a similar situation.
i need to connect to my mikrotik devices (behind isp nat, so i can't use port forwarding).
now i'm using a VPN to mikrotik devices to a server in cloud (with public ip) and i can reach and connect to remote mikrotik.

but now i would use ssh reverse tunnel, so is possible create a tunnel from mikrotik (ssh client) to ssh server (cloud server with public ip) using public/private key for auth (no password)?
or VPN is only way to do this?

thank you

Who is online

Users browsing this forum: cciprian, onnyloh, sokalsondha and 44 guests