Config help to allow remote access from Mikrotik mobile app to a RB750Gr3

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Config help to allow remote access from Mikrotik mobile app to a RB750Gr3

mrgsm021

1540 posts

Uber Geek
+1 received by user: 310

ID Verified

Trusted

#306547 2-Aug-2023 16:19

Hi guys,

As per the title, looking for a bit of help with this.

Finally got around to swapping my ER-X to the RB750Gr3 the other day and downloaded the Mikrotik mobile app

No problems accessing the router via the app when on home WiFi but can't access it when out and about.

Did a bit of Googling, I understand the firewall rules need to be tweaked to allow this?

I just have the default firewall rules on it following michaelmurphy's guide.

Any help would be appreciated please.

TIA

toejam316

1516 posts

Uber Geek
+1 received by user: 888

Trusted

Lifetime subscriber

#3111110 2-Aug-2023 16:24

My advice - don't.

Setup a Wireguard VPN using the Roadwarrior config from https://help.mikrotik.com/docs/display/ROS/WireGuard#WireGuard-RoadWarriorWireGuardtunnel

Join Quic Broadband with my referral - no sign up fee and gives me account credit

Anything I say is the ramblings of an ill informed, opinionated so-and-so, and not representative of any of my past, present or future employers, and is also probably best disregarded.

RunningMan

9210 posts

Uber Geek
+1 received by user: 4854

#3111112 2-Aug-2023 16:35

What you're looking for is called MikroTik back to home.

https://help.mikrotik.com/docs/display/ROS/Back+To+Home

It's a beta feature only released a few days ago, essentially creates a Wireguard VPN back to your router, and in the case of CG-NAT uses a MikroTik server as a relay. The MT DDNS (Cloud) will direct the connection to your router if it has a public IPv4 or relay it via MikroTIk with a private WAN address.

Think it's only ARM based devices at the moment, so counts out the RB750 at this stage. You could configure a Wireguard VPN manually as @toejam316 suggested, but will need ROS 7 for that.

ANglEAUT

altered-ego
2438 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#3111119 2-Aug-2023 17:07

toejam316:

My advice - don't.

Agreed

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

mrgsm021

1540 posts

Uber Geek
+1 received by user: 310

ID Verified

Trusted

#3111120 2-Aug-2023 17:08

Thanks for the responses guys, will take a look and see how I get on.

MadEngineer

4597 posts

Uber Geek
+1 received by user: 2577

Trusted

#3111199 2-Aug-2023 19:33

Or search for Mikrotik IPsec l2tp vpn

If you have an iPhone or android, tack that on the end too so you can use the built in vpn client. Find a guide that includes windows or mac connections too.

You're not on Atlantis anymore, Duncan Idaho.

michaelmurfy

meow
13586 posts

Uber Geek
+1 received by user: 10931

Moderator

ID Verified

Trusted

Lifetime subscriber

#3111201 2-Aug-2023 19:41

I personally wouldn’t expose any of your Mikrotik services at all.

You’ve got Zerotier that can run on the router or you can run Tailscale on another network device or even on the Mikrotik under a container provided you’ve got a newer one: https://github.com/Fluent-networks/tailscale-mikrotik

Opening up your router at all to the internet is asking to trouble. Never do it. Same with port forwarding - if you can work without it (and use a VPN) then don’t.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.