To access remotely from anywhere our mikrotik must have a public IP. If you already have a public IP configured on the router and that public IP is static, we can write the public IP in the winbox with the username and password. In the case of having a dynamic public IP we can use the IP Cloud option, when it is enabled a domain will be generated, we can use this domain to access. At the time of entry where the IP is entered, there we place the domain.
Other solutions
Yes, you can configure MikroTik devices to allow remote access in several ways, which is useful for managing and monitoring your network from external locations. However, it is crucial to implement proper security measures to protect your network from unauthorized access and threats. Here I describe some methods to configure secure remote access to a MikroTik device:
1. WinBox via Public IP
WinBox is a management tool for MikroTik devices that can be used to access the router via its public IP. For security, be sure to change the default port (8291) to something else, use a firewall to restrict access to only known and safe IPs, and enable encryption.
General Steps:
- Change the WinBox port to a non-standard one from the “IP” > “Services” menu.
- Configure the firewall to allow access only from specific IP addresses.
- Activate encryption in WinBox.
2. VPN
Establishing a VPN is a secure way to access your MikroTik network remotely. You can set up different types of VPNs in RouterOS, such as OpenVPN, L2TP/IPsec, or SSTP, and then connect to your network securely from anywhere.
General Steps:
- Set up a VPN server on your MikroTik device.
- Create users and passwords for the VPN.
- Configure your client device to connect to the VPN.
3. WebFig via Public IP
WebFig is the RouterOS management web interface. As with WinBox, you can access it through the router's public IP, but be sure to change the default port, use HTTPS to encrypt the connection, and restrict access through the firewall.
General Steps:
- Change the default port from “IP” > “Services”.
- Make sure your router has a valid HTTPS certificate.
- Configure your firewall to limit access.
4. SSH
SSH provides a command line method to manage your MikroTik remotely. It is essential to change the default port and restrict access by IP.
General Steps:
- Change the SSH port from “IP” > “Services”.
- Use SSH keys instead of passwords for greater security.
- Configure the firewall to allow SSH access only from specific IP addresses.
Additional Security Measures
- Firewall: Make sure your firewall is properly configured to block unauthorized access attempts.
- Software updates: Keep your RouterOS updated to protect against known vulnerabilities.
- Strong Passwords: Use strong, unique passwords for all access.
- Two-Factor Authentication (2FA): If possible, use 2FA to add an extra layer of security.
Setting up remote access to your MikroTik increases flexibility and efficiency in managing your network, but should always be done with a cautious and secure approach to minimize security risks.
There are no tags for this post.