Hi, my goal is to manage remotely the Mikrotik router, which is connected by a 4G USB modem. Now we now it will got a private address, so I guess the solutions may be the following.

1) VPN to public IP, where I can open ports, and so access Winbox. The problema here is all traffic will be redirected, while I just want the remote and some ports of local devices
2) A reverse SSL, if I understood right, may be established from the Microtik to a server (may be another Mikrotik), ask for create a stable always opened SSL channel, so I can communicate.

SInce i would like to access to also other devices of LAN, for some low bandith serivces, I think the VPN will be the best choice, in this way I think I need.

- Configure a listening VPN host server to a Mikrotik with a public IP, listening for connection (I've to figure out how to)
- Open on that host server the ports I need and dest nat them to that VPN network
- Configure the VPN client on the target router, and destnat too what is incoming (exactly) to the (exactly) target.
For example:

supposing a packed coming from internet with 1.1.1.1(as the public address @router1):50001, and the 192.168.1.1 as VPN IP of this router
I destnat exactly the 1.1.1.1:50001 to 192.168.1.2:50001 (as the VPN IP of the second router),
On the second router I can as well destnat exactly the 192.168.1.2:50001 to 192.168.88.10:50001

For winbox, I can nat something like this:
destnat 1.1.1.1:50002 to 192.168.1.2:8291
if the VPN bridge is trusted, then it should work

Now I'm searching around how to create a VPN,
I'm conscious abot risks wo expose Winbox to interent, so kindly don't mention about it, thanks,

I've created the server and the l2tp-out interface on the client router, but if I torch it I see no packets coming out, why? Why it doesn't try to connect to server? Ip is specified, I've to add some rules on firewall?