logo elektroda
logo elektroda
X
logo elektroda
Advanced Search
logo elektroda

Mikrotik 951G - Remote Access using USB Modem, Variable IP, PPP Client & DDNS/NO-IP Solutions

Albatroz 9720 15
ADVERTISEMENT
Treść została przetłumaczona polish » english Zobacz oryginalną wersję tematu
Report a violation of the law
Reply | New topic
  • #1 16638529
    Albatroz
    Level 15  
    Posts: 235
    Help: 2
    Rate: 30
    I have a mikrotik 951G, I connect a USB modem to it, it is visible as a PPP Client. IP is variable.
    I would like to get to this router remotely, but I have no idea how to do it.
    I used NO-IP although it works the same way as the DDNS CLOUD option i.e. I can enter the router only while in LAN.
    I need to buy a VPN to have a fixed IP, can I work around it somehow?
  • ADVERTISEMENT
  • #2 16638556
    jimasek
    VIP Meritorious for electroda.pl
    Posts: 35287
    Help: 3783
    Rate: 2671
    If this is a mobile provider, your WAN address is not public or external access by the internet provider is blocked.
  • #3 16638570
    Albatroz
    Level 15  
    Posts: 235
    Help: 2
    Rate: 30
    Apparently it is. So how can I create remote access?
  • ADVERTISEMENT
  • #4 16638593
    bogiebog
    Level 43  
    Posts: 24793
    Help: 2569
    Rate: 1528
    Albatroz wrote:
    So how can I create remote access?

    via an intermediate point, e.g. vpnonline pl, i.e. the router connects to the VPN, and the remote computer gets to the router via an IP public VPN server.
  • #5 16639091
    Albatroz
    Level 15  
    Posts: 235
    Help: 2
    Rate: 30
    Of course, then on vpnonline do I have to choose a fixed IP address?
  • ADVERTISEMENT
  • Helpful post
    #6 16639161
    bogiebog
    Level 43  
    Posts: 24793
    Help: 2569
    Rate: 1528
    There is also another option, put on a LAN computer with an attached teamviewer,
    Remotely connect the desktop to teamviewer and then from this desktop to MT.
  • ADVERTISEMENT
  • #7 16639184
    Albatroz
    Level 15  
    Posts: 235
    Help: 2
    Rate: 30
    It is a pity that there is no other solution. And what about the tutorials in which the script from noip is thrown on MT to ddns and the schedule is set to check IP every 5 minit? This only works if the service provider is not just blocking external access?
  • #8 16639250
    whizzo
    Level 13  
    Posts: 182
    Help: 8
    Rate: 10
    You will easily enter Mikrotik using the address from the Cloud section. You only need to set up a VPN server on Mikrotik and set up a VPN connection on the computer you are connecting from. After establishing the VPN connection, you can use Winbox to connect to MT without any problems. At least this is how it works for me.

    EDIT. The remote connection works via WinBox (via the mentioned VPN), but only after entering the local IP address in the field (192.168.XX), or through the domain defined in the DNS section (e.g. for router's IP do e.g. http: //router.dom /, whatever you like, but it doesn't work from a remote location by MAC address (only locally)
  • #9 16639301
    Albatroz
    Level 15  
    Posts: 235
    Help: 2
    Rate: 30
    Can you show your configuration on MT? In Lana Cloud works the most, but except for lane.
  • #10 16639349
    whizzo
    Level 13  
    Posts: 182
    Help: 8
    Rate: 10
    Albatroz wrote:
    Can you show your configuration on MT? In Lana Cloud works the most, but except for lane.


    Have you started the VPN server and initiated the connection from the computer you are connecting from? This is a prerequisite for remote access via Cloud to work.
  • #11 16639454
    Albatroz
    Level 15  
    Posts: 235
    Help: 2
    Rate: 30
    Is vpn server simply a cloud with the address xxx.sn.mynetname.net?
    This is what I have started. I have created vpn on the computer but it connects as soon as I'm in lan.

    Mikrotik 951G - Remote Access using USB Modem, Variable IP, PPP Client & DDNS/NO-IP Solutions
    Mikrotik 951G - Remote Access using USB Modem, Variable IP, PPP Client & DDNS/NO-IP Solutions
  • #12 16639508
    whizzo
    Level 13  
    Posts: 182
    Help: 8
    Rate: 10
    Run yourself quickly in "Quick set" VPN Access, because I suppose you don't have it set. Set up PPTP VPN on your computer quickly and there is no whip. You must connect.
  • #13 16639523
    Albatroz
    Level 15  
    Posts: 235
    Help: 2
    Rate: 30
    It is by all means. Unless I have something else to configure on MT ...

    Mikrotik 951G - Remote Access using USB Modem, Variable IP, PPP Client & DDNS/NO-IP Solutions
  • #14 16639528
    whizzo
    Level 13  
    Posts: 182
    Help: 8
    Rate: 10
    Albatroz wrote:
    It is by all means. Unless I have something else to configure on MT ...

    Mikrotik 951G - Remote Access using USB Modem, Variable IP, PPP Client & DDNS/NO-IP Solutions


    And what do you have in the Winbox address field when you are out of lane?
  • #15 16639546
    bogiebog
    Level 43  
    Posts: 24793
    Help: 2569
    Rate: 1528
    Hmmmm ....
    https://wiki.mikrotik.com/wiki/Manual:IP/Cloud
    from what I write here, cloud is a DDNS service, unless I have not understood something

    ddns it will not help to get to MT from outside, for this you need a public IP (permanent or dynamic) or vpn tunnel with public IP at the end of the tunnel.
  • #16 16639577
    Albatroz
    Level 15  
    Posts: 235
    Help: 2
    Rate: 30
    @whizzo, and what I didn't write there ... ;)

    Mikrotik 951G - Remote Access using USB Modem, Variable IP, PPP Client & DDNS/NO-IP Solutions

    @bogiebog
    I'm afraid you're right and no other combinations will help.
Reply | New topic
Report a violation of the law

Topic summary

✨ The discussion revolves around enabling remote access to a MikroTik 951G router connected to a USB modem, which is recognized as a PPP Client with a variable IP. Users highlight challenges due to the mobile provider's restrictions on public IP access. Suggested solutions include using a VPN service to establish a secure connection, with recommendations for setting up a VPN server on the MikroTik and connecting through a public VPN server. Alternatives such as using TeamViewer on a LAN-connected computer are also mentioned. The importance of configuring the router correctly and understanding the limitations of DDNS services in the context of dynamic IPs is emphasized.
Generated by the language model.

FAQ

TL;DR: For MikroTik 951G over a USB modem, you need 1 public IP or a VPN endpoint; “cloud is a DDNS service.” Set up a VPN (provider or Quick Set PPTP) and connect by IP/DNS, not MAC. [Elektroda, bogiebog, post #16639546] Why it matters: This FAQ helps MikroTik users stuck behind mobile CGNAT reach their router securely without buying a fixed SIM.

Quick Facts

Why doesn’t DDNS/NO-IP let me reach my MikroTik over a mobile USB modem?

Your mobile ISP gives a non‑public WAN (CGNAT or blocked inbound). DDNS only maps a name to that unreachable address. Without a public IP or a VPN endpoint, external hosts cannot initiate connections to your router. Use a VPN or obtain public IP service. [Elektroda, jimasek, post #16638556]

Do I really need a static IP, or will dynamic public IP work?

You need a public IP, static or dynamic. Static simplifies bookmarks, but DDNS can track a dynamic public IP. If your carrier uses CGNAT, neither static nor dynamic on your device exists externally, so you must terminate a VPN on a public endpoint. “Cloud is a DDNS service.” [Elektroda, bogiebog, post #16639546]

What’s the simplest way to get remote access if my WAN is behind CGNAT?

Use an intermediate VPN. Make the router connect out to a VPN provider or server that has a public IP. Then connect to that VPN endpoint from your remote PC and reach the router’s LAN IP through the tunnel. This avoids carrier inbound blocks. [Elektroda, bogiebog, post #16638593]

Do VPN services require a fixed IP to work here?

Not strictly. You need a reachable public IP on the VPN endpoint you target. Many services provide a stable hostname even if the endpoint IP changes. The key is that your router dials out to that public VPN server, creating a path back in. [Elektroda, bogiebog, post #16638593]

Can MikroTik Cloud (mynetname.net) replace a VPN?

No. Cloud gives a hostname for your current IP. It does not open ports or bypass CGNAT. You still need either a public IP on the WAN or a VPN tunnel that terminates on a public endpoint to allow remote administration. [Elektroda, bogiebog, post #16639546]

How do I quickly enable VPN access on a MikroTik 951G?

Use Quick Set. Enable VPN Access to start a PPTP server on the router. On your computer, create a PPTP client profile and connect to the router’s Cloud name or public IP. Then manage the router by its LAN IP through the tunnel. [Elektroda, whizzo, post #16639508]

Three-step how-to: connect with Winbox after VPN comes up?

  1. Establish the VPN from your PC to the MikroTik (or via the provider’s VPN).
  2. Open Winbox and enter the router’s LAN IP (e.g., 192.168.x.x) or your local DNS name.
  3. Log in and manage as if you were on-site; avoid MAC mode remotely. [Elektroda, whizzo, post #16639250]

Why doesn’t Winbox MAC address mode work from the Internet?

MAC Winbox uses Layer‑2 discovery, which does not traverse routed links or the Internet. After you establish the VPN, switch to IP or DNS to reach the router. “MAC works only locally.” This is expected and not a bug. [Elektroda, whizzo, post #16639250]

What is a PPP Client with a variable IP, and why does it matter?

Your USB modem shows as a PPP client that receives an address from the carrier. It changes over time and is usually private behind CGNAT. The changing address and NAT block inbound connections, so DDNS alone cannot help. Use a VPN or public IP. [Elektroda, Albatroz, post #16638529]

Will a NO-IP script that checks every 5 minutes solve remote access?

No, not behind CGNAT. The script updates DNS but points to an address you cannot reach from outside. It only helps when the ISP gives an actual public IP. Five‑minute checks are fine, but they do not bypass NAT barriers. [Elektroda, Albatroz, post #16639184]

I enabled Cloud and set a VPN on my PC, but it only connects on LAN. What am I missing?

Start the VPN server on the MikroTik first. Then initiate the VPN from your PC to the MikroTik’s Cloud hostname. Once the tunnel forms, connect using the router’s LAN IP in Winbox, not MAC. Verify credentials and service are enabled. [Elektroda, whizzo, post #16639349]

Is PPTP the only option for quick remote access on the 951G?

No, but Quick Set’s fastest path enables PPTP. It is easy and widely supported by clients. After enabling, test with a PC PPTP profile, then harden credentials and firewall rules. You can adopt other VPNs later if desired. [Elektroda, whizzo, post #16639508]

Can I avoid VPNs entirely with a desktop relay like TeamViewer?

Yes. Place a PC inside the LAN with TeamViewer installed. Remote into that PC, then open Winbox to the router’s LAN IP. This sidesteps CGNAT but depends on the PC staying powered and online. [Elektroda, bogiebog, post #16639161]

Edge case: why does everything still fail even with DDNS and port forwards?

If your ISP blocks inbound or uses CGNAT, forwards never reach your router. DDNS only renames an unreachable target. The fix is a public IP or a VPN that originates from your network to a public endpoint. [Elektroda, jimasek, post #16638556]
Generated by the language model.
ADVERTISEMENT