Dive deep into MikroTik's RouterBoards and RouterOS. We keep you informed and up-to-date, always.



Every post is penned by our certified MikroTik engineers, ensuring relevance and accuracy in every word.



Your insights drive our content. Sharing knowledge, we elevate the MikroTik community in Canada together.

Back to Home with MikroTik

Back to Home with MikroTik

There are times we find ourselves grappling with less-than-ideal configurations, like double NAT setups. These configurations often present challenges for users when it comes to remote access. Recognizing the intricacies of these challenges, MikroTik has developed the "Back to Home" (BTH) feature, a solution designed to streamline and secure remote access, connectivity and management.


The Challenge

Remote access to routers and the internal network is essential for many professionals and home users alike. Whether it's accessing files on the go, troubleshooting network issues, streaming from personal storage, or viewing NVR security camera footage, seamless connectivity is paramount. However, achieving this becomes challenging when the router lacks a public IP or is behind a firewall.
Network Address Translation (NAT) is a fundamental process that translates IP addresses, allowing multiple devices on a local network to share a single public IP address. However, complexities arise when two or more routers on the same network perform this translation, leading to a situation known as "Double NAT." One common reason for encountering a Double NAT scenario is when Internet Service Providers (ISPs) do not provide customers with a public IP address. Instead, they allocate a private address, often due to the use of CGNAT. In such cases, the ISP's equipment performs NAT, and then the customer's router performs NAT again, resulting in the Double NAT.

The Solution

BTH employs a VPN relay mechanism. In instances where the router is behind NAT or within a private network, the connection is facilitated through MikroTik's relay servers. These servers act as a bridge, ensuring a connection is established. It's crucial to note that while the relay servers aid in connection establishment, they do not have access to the data being transmitted. The connection remains end-to-end encrypted, ensuring data integrity and security. End-to-End Encryption: BTH ensures that the connection, whether direct or via a relay, is encrypted from the source to the destination. This means that even if the connection is facilitated through a relay server, the data packets remain encrypted and inaccessible to any intermediaries.

In Brief:
A public server identifies the public IP address and ports of both sides assigned by the NAT.
The client configures its WireGuard connection using the discovered addresses and ports.
The client establishes a direct WireGuard connection with the server or peer, even if they're behind their own NATs.

Compatibility and Hardware Requirements 

Hardware Requirements:

MikroTik has optimized the BTH feature for routers built on the ARM, ARM64, and TILE architectures.
It's important to note that legacy RouterBoards, which utilize the MIPSBE, MMIPS, SMIPS, and PPC chipsets, are not officially supported for the BTH feature as of now.


The Shift to ARM:
The emphasis on ARM architecture is a clear indication of the trajectory MikroTik envisions for its future devices. ARM's modern load-store multiple architecture, which permits certain instructions to load or store multiple registers at once, stands out in comparison to the load-store architecture of MIPS. This distinction not only boosts performance but also ensures efficient power consumption and adaptability.

Software Prerequisites:
The BTH feature is only available for RouterBoards running RouterOS version 7.12 or later.

Basic Implementation of BTH on RouterOS

"Setting up the "Back to Home" (BTH) feature on RouterOS is a direct and user-friendly experience. However, to guarantee a smooth and error-free implementation, it's crucial to grasp the intricacies of each step. By delving into the details and understanding the underlying mechanics, users can optimize the feature's potential and ensure robust remote connectivity."

BTH Companion Apps

Android App: MikroTik's VPN application for Android, available on the Google Play Store, is designed for ease of use. Users can swiftly set up their BTH configurations, add tunnels, and provide router details, all within a user-friendly interface.

Apple iPhone App: iOS enthusiasts aren't left behind. MikroTik's app on the Apple App Store ensures iPhone users have a streamlined experience setting up and managing their VPN configurations.

WireGuard Integration: For users who opt for a different route, MikroTik's BTH feature is compatible with the official WireGuard application, available for both Android and iOS. This offers an alternative for those who are already accustomed to the WireGuard interface or prefer its functionalities.


Final Thoughts

MikroTik's BTH feature highlights the company's steadfast commitment to home users and small businesses. Addressing the double NAT challenge with a secure, encrypted solution, BTH guarantees that both professionals and casual users can achieve remote access to their networks without sacrificing security. As with all advanced features, a thorough grasp of its workings and potential impacts is essential before implementation. For a deeper dive into the "Back to Home" feature, refer to the detailed article on MikroTik's official wiki.

MikroTik News