Community discussions

MikroTik App
 
Ceatavares
just joined
Topic Author
Posts: 1
Joined: Thu Oct 08, 2020 7:40 am

Mikrotik cloud, choose IP interface to update

Sat Oct 10, 2020 6:58 am

Hi everyone, I have a situation. In my setup, I have two links with internet and need choose one of those to be my cloud ip. How I make this ?

Thanks 👍
 
sindy
Forum Guru
Forum Guru
Posts: 9065
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikrotik cloud, choose IP interface to update

Sat Oct 10, 2020 1:31 pm

I'd use policy routing - create a dynamic address list:
/ip firewall address-list
add address=cloud.mikrotik.com list=mikrotik-cloud
add address=cloud2.mikrotik.com list=mikrotik-cloud

An address-list configured this way is automatically updated with dynamic entries representing all the IP numbers to which these fqdns resolve.

Then, use a mangle rule to assign a routing-mark to all packets the router itself sends towards these destinations:
/ip firewall mangle
add chain=output dst-address-list=mikrotik-cloud action=mark-routing new-routing-mark=via-wan-x


The next thing is to add a route to actually use the routing-mark assigned:
/ip route
add routing-mark=via-wan-x gateway=ip.of.wan-x.gw


The above seems to be all, but nope, two more points come into play that are not obvious:
  • if wan-x goes down, no active route with routing-mark=via-wan-x will remain, and the routing will fall back to the main routing table in such case. You can prevent this by adding
    • either a type=blackhole default route with routing-mark=via-wan-x and distance=10
    • or a routing rule:
      /ip route rule
      add routing-mark=via-wan-x action=lookup-only-in-table table=via-wan-x
  • the routing in chain output (packets originated by the router itself) is done before the packets pass through the mangle table, so the source address is chosen according to the default route currently active. If a routing-mark is assigned in the output chain of mangle, the routing is repeated but the source address of the packet doesn't change. So you have to add a src-nat or masquerade rule to change this:
    /ip firewall nat
    add chain=srcnat action=masquerade routing-mark=via-wan-x src-address-type=local
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
miankamran7100
newbie
Posts: 28
Joined: Tue Sep 17, 2019 9:28 am

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 6:27 am

I'd use policy routing - create a dynamic address list:
/ip firewall address-list
add address=cloud.mikrotik.com list=mikrotik-cloud
add address=cloud2.mikrotik.com list=mikrotik-cloud

An address-list configured this way is automatically updated with dynamic entries representing all the IP numbers to which these fqdns resolve.

Then, use a mangle rule to assign a routing-mark to all packets the router itself sends towards these destinations:
/ip firewall mangle
add chain=output dst-address-list=mikrotik-cloud action=mark-routing new-routing-mark=via-wan-x


The next thing is to add a route to actually use the routing-mark assigned:
/ip route
add routing-mark=via-wan-x gateway=ip.of.wan-x.gw


The above seems to be all, but nope, two more points come into play that are not obvious:
  • if wan-x goes down, no active route with routing-mark=via-wan-x will remain, and the routing will fall back to the main routing table in such case. You can prevent this by adding
    • either a type=blackhole default route with routing-mark=via-wan-x and distance=10
    • or a routing rule:
      /ip route rule
      add routing-mark=via-wan-x action=lookup-only-in-table table=via-wan-x
  • the routing in chain output (packets originated by the router itself) is done before the packets pass through the mangle table, so the source address is chosen according to the default route currently active. If a routing-mark is assigned in the output chain of mangle, the routing is repeated but the source address of the packet doesn't change. So you have to add a src-nat or masquerade rule to change this:
    /ip firewall nat
    add chain=srcnat action=masquerade routing-mark=via-wan-x src-address-type=local
Dear,
I'm also facing problem with *Cloud* over dual Wan and two gateway.
Can you show me screenshot of this solution how I can resolve this
Thanks :)
 
gotsprings
Forum Guru
Forum Guru
Posts: 1551
Joined: Mon May 14, 2012 9:30 pm

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 11:51 am

Set up 2 dyndns like services. Set them to update the actual interface they are on.

I.e.
Ether 1 = primary.mydomain.com
Ether 2 = secondary.mydomain.com

So the netname is updated on both on a schedule.

Then use the built in ipcloud netname as your "connect to what's hot".
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
miankamran7100
newbie
Posts: 28
Joined: Tue Sep 17, 2019 9:28 am

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 12:30 pm

Set up 2 dyndns like services. Set them to update the actual interface they are on.

I.e.
Ether 1 = primary.mydomain.com
Ether 2 = secondary.mydomain.com

So the netname is updated on both on a schedule.

Then use the built in ipcloud netname as your "connect to what's hot".

Thanks for reading my post and reply.
Sir, can you help me on TeamViewer or can explain how I can make primary and secondary domain.
Please tell me how i can do this.
Where to perform?? Ip, Firewall etc

I just want to access Mikrotik with Cloud from anywhere / from my cell phone with mynetname.sn
Tell about this scenario

Thanks :)
 
miankamran7100
newbie
Posts: 28
Joined: Tue Sep 17, 2019 9:28 am

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 1:16 pm

I'd use policy routing - create a dynamic address list:
/ip firewall address-list
add address=cloud.mikrotik.com list=mikrotik-cloud
add address=cloud2.mikrotik.com list=mikrotik-cloud

An address-list configured this way is automatically updated with dynamic entries representing all the IP numbers to which these fqdns resolve.

Then, use a mangle rule to assign a routing-mark to all packets the router itself sends towards these destinations:
/ip firewall mangle
add chain=output dst-address-list=mikrotik-cloud action=mark-routing new-routing-mark=via-wan-x


The next thing is to add a route to actually use the routing-mark assigned:
/ip route
add routing-mark=via-wan-x gateway=ip.of.wan-x.gw


The above seems to be all, but nope, two more points come into play that are not obvious:
  • if wan-x goes down, no active route with routing-mark=via-wan-x will remain, and the routing will fall back to the main routing table in such case. You can prevent this by adding
    • either a type=blackhole default route with routing-mark=via-wan-x and distance=10
    • or a routing rule:
      /ip route rule
      add routing-mark=via-wan-x action=lookup-only-in-table table=via-wan-x
  • the routing in chain output (packets originated by the router itself) is done before the packets pass through the mangle table, so the source address is chosen according to the default route currently active. If a routing-mark is assigned in the output chain of mangle, the routing is repeated but the source address of the packet doesn't change. So you have to add a src-nat or masquerade rule to change this:
    /ip firewall nat
    add chain=srcnat action=masquerade routing-mark=via-wan-x src-address-type=local
Sindy.
I'm waiting for your kind response.
Thanks :)
 
gotsprings
Forum Guru
Forum Guru
Posts: 1551
Joined: Mon May 14, 2012 9:30 pm

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 1:17 pm

Dealing with the 2 ISPs would be:
Recursive routing.

Multiple dyndns like hosts:
Account.dyn.com
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
miankamran7100
newbie
Posts: 28
Joined: Tue Sep 17, 2019 9:28 am

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 1:26 pm

Dealing with the 2 ISPs would be:
Recursive routing.

Multiple dyndns like hosts:
Account.dyn.com
Sir, can you share your whatsapp number nmbr for help?
Thanks :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11985
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 1:36 pm

Sindy, do pray tell, what is the value of this IP, in other words, how does the router find out what the IP is???>>

The next thing is to add a route to actually use the routing-mark assigned:
/ip route
add routing-mark=via-wan-x gateway=ip.of.wan-x.gw



Second the question is :how do I choose one of the WANIPs to be my cloud IP.
I dont understand the question and thus dont understand your answer either.

The cloud IP is assigned per router, not per ISP connection.
Also, is this a load balance scenario or use one and the other is strictly for failover?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
gotsprings
Forum Guru
Forum Guru
Posts: 1551
Joined: Mon May 14, 2012 9:30 pm

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 1:56 pm

Dealing with the 2 ISPs would be:
Recursive routing.

Multiple dyndns like hosts:
Account.dyn.com
Sir, can you share your whatsapp number nmbr for help?
Thanks :)
I don't use Facebook if I can avoid it.

Knowing what the people I know think and realizing just how f--king stupid they are, has made me grind my teeth at night... And drink during the day to get some sleep.

Recursive routing has been covered here a bunch of times.

You need to set up your routes to use it.

Once done... The router will "check external hosts". As long as those are reachable... It will use the LOWER cost IP as it's connection. IGNORING the secondary.

This is important... There is no load balancing in "recursive routing" by default. It's simply... "This one works... Push traffic over it."
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
sindy
Forum Guru
Forum Guru
Posts: 9065
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 2:53 pm

Sindy, do pray tell, what is the value of this IP, in other words, how does the router find out what the IP is???
...
Second the question is :how do I choose one of the WANIPs to be my cloud IP.
I dont understand the question and thus dont understand your answer either.

The cloud IP is assigned per router, not per ISP connection.
All the above are various aspects of the same thing.
From the bottom
  • in the IP world, an IP address is assigned to an interface, not to a device. (In e.g. the OSI world, this is different).
  • in the Mikrotik world, there is a single domain name available on their dynamic (cloud) DNS for each Mikrotik device, which resolves to just a single IP address.
The Mikrotik cloud determines the public address of the router (or the public address of the NAT device via which the router is connected to internet) to respond with to the DNS queries about the xxxx.sn.mynetname.net by looking at the source address of the received update packets from the router. Plus it tells you in the response what that address was, so your router can compare it to the one it has sent the update request from, and print a warning if they differ.

So if you have multiple WANs, the address associated to xxxx.sn.mynetname.net may change depending on your routing configuration and state of the WAN interfaces. If you want to affect the result, you must configure specific routing for the cloud updates, to force them to be routed via the desired WAN. The way to do that is in my answer to the OP.

As for determining the IP of the gateway of that WAN, either you don't need the router itself to determine it because it doesn't change (it is a typical case that you have a high-speed WAN with a dynamic or private address so you use it for most of the traffic, and then you have a low-speed one with a fixed public address which you want to use for remote access), or you need a script similar to the one we have recently disussed, to copy the gateway IP to the marked route each time a DHCP assignment is received.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
miankamran7100
newbie
Posts: 28
Joined: Tue Sep 17, 2019 9:28 am

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 5:39 pm

Is any one has solutions of Mikrotik Cloud over dual wan. (dual gateway)

Thanks :)
 
gotsprings
Forum Guru
Forum Guru
Posts: 1551
Joined: Mon May 14, 2012 9:30 pm

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 5:44 pm

Is any one has solutions of Mikrotik Cloud over dual wan. (dual gateway)

Thanks :)
Did you not understand?

Ip cloud updates 1 interface.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11985
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Mikrotik cloud, choose IP interface to update

Thu Mar 18, 2021 7:21 pm

Dear,
I'm also facing problem with *Cloud* over dual Wan and two gateway.
Can you show me screenshot of this solution how I can resolve this
Thanks :)
Please explain your requirements with respect to the two ISP connections.
1. Are they load balanced (shared between users, and if so how are they shared).
2. Are they used as a Primary and Failover (only one at a time).
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
jarvisMaina
just joined
Posts: 1
Joined: Mon Oct 12, 2020 4:03 pm

Re: Mikrotik cloud, choose IP interface to update

Tue Apr 26, 2022 10:44 pm

I'd use policy routing - create a dynamic address list:
/ip firewall address-list
add address=cloud.mikrotik.com list=mikrotik-cloud
add address=cloud2.mikrotik.com list=mikrotik-cloud

An address-list configured this way is automatically updated with dynamic entries representing all the IP numbers to which these fqdns resolve.

Then, use a mangle rule to assign a routing-mark to all packets the router itself sends towards these destinations:
/ip firewall mangle
add chain=output dst-address-list=mikrotik-cloud action=mark-routing new-routing-mark=via-wan-x


The next thing is to add a route to actually use the routing-mark assigned:
/ip route
add routing-mark=via-wan-x gateway=ip.of.wan-x.gw


The above seems to be all, but nope, two more points come into play that are not obvious:
  • if wan-x goes down, no active route with routing-mark=via-wan-x will remain, and the routing will fall back to the main routing table in such case. You can prevent this by adding
    • either a type=blackhole default route with routing-mark=via-wan-x and distance=10
    • or a routing rule:
      /ip route rule
      add routing-mark=via-wan-x action=lookup-only-in-table table=via-wan-x
  • the routing in chain output (packets originated by the router itself) is done before the packets pass through the mangle table, so the source address is chosen according to the default route currently active. If a routing-mark is assigned in the output chain of mangle, the routing is repeated but the source address of the packet doesn't change. So you have to add a src-nat or masquerade rule to change this:
    /ip firewall nat
    add chain=srcnat action=masquerade routing-mark=via-wan-x src-address-type=local
This worked for me, thanks.
Have been looking for a way to access my router from WAN and was stuck with my script sending me emails with updated public IP which was only provided by one out of three of my ISPs.
The trouble is finally over, with google disabling support for the insecure SMTP.
:D
 
sindy
Forum Guru
Forum Guru
Posts: 9065
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikrotik cloud, choose IP interface to update

Tue Apr 26, 2022 11:12 pm

The trouble is finally over, with google disabling support for the insecure SMTP.
Google has introduced a per-device generated password that can be used for this. Mikrotik can send e-mails using TLS.

You can also have a look at sending notifications via Telegram - there are several related topics here.
Don't write novels, post /export hide-sensitive file=x. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], densukke, Google [Bot], Scoobyn8, Semrush [Bot], sindy, t430 and 36 guests