Dive deep into MikroTik's RouterBoards and RouterOS. We keep you informed and up-to-date, always.
Author
Every post is penned by our certified MikroTik engineers, ensuring relevance and accuracy in every word.
Feedback
Your insights drive our content. Sharing knowledge, we elevate the MikroTik community in Canada together.
Back to Home with MikroTik
08.09.2023
Wireless Netware Technology Ltd.
Back to Home with MikroTik
There are times we find ourselves grappling with less-than-ideal configurations, like double NAT setups. These configurations often present challenges for users when it comes to remote access. Recognizing the intricacies of these challenges, MikroTik has developed the "Back to Home" (BTH) feature, a solution designed to streamline and secure remote access, connectivity and management.
The Challenge
Remote access to routers and the internal network is essential for many professionals and home users alike. Whether it's accessing files on the go, troubleshooting network issues, streaming from personal storage, or viewing NVR security camera footage, seamless connectivity is paramount. However, achieving this becomes challenging when the router lacks a public IP or is behind a firewall. Network Address Translation (NAT) is a fundamental process that translates IP addresses, allowing multiple devices on a local network to share a single public IP address. However, complexities arise when two or more routers on the same network perform this translation, leading to a situation known as "Double NAT." One common reason for encountering a Double NAT scenario is when Internet Service Providers (ISPs) do not provide customers with a public IP address. Instead, they allocate a private address, often due to the use of CGNAT. In such cases, the ISP's equipment performs NAT, and then the customer's router performs NAT again, resulting in the Double NAT.
The Solution
BTHemploys a VPN relay mechanism. In instances where the router is behind NAT or within a private network, the connection is facilitated through MikroTik's relay servers. These servers act as a bridge, ensuring a connection is established. It's crucial to note that while the relay servers aid in connection establishment, they do not have access to the data being transmitted. The connection remains end-to-end encrypted, ensuring data integrity and security. End-to-End Encryption: BTHensures that the connection, whether direct or via a relay, is encrypted from the source to the destination. This means that even if the connection is facilitated through a relay server, the data packets remain encrypted and inaccessible to any intermediaries.
In Brief: A public server identifies the public IP address and ports of both sides assigned by the NAT. The client configures its WireGuard connection using the discovered addresses and ports. The client establishes a direct WireGuard connection with the server or peer, even if they're behind their own NATs.
Compatibility and Hardware Requirements
Hardware Requirements:
MikroTik has optimized the BTH feature for routers built on the ARM, ARM64, and TILE architectures. It's important to note that legacy RouterBoards, which utilize the MIPSBE, MMIPS, SMIPS, and PPC chipsets, are not officially supported for the BTH feature as of now.
The Shift to ARM: The emphasis on ARM architecture is a clear indication of the trajectory MikroTik envisions for its future devices. ARM's modern load-store multiple architecture, which permits certain instructions to load or store multiple registers at once, stands out in comparison to the load-store architecture of MIPS. This distinction not only boosts performance but also ensures efficient power consumption and adaptability.
Software Prerequisites: The BTH feature is only available for RouterBoards running RouterOS version 7.12 or later.
Basic Implementation of BTH on RouterOS
"Setting up the "Back to Home" (BTH) feature on RouterOS is a direct and user-friendly experience. However, to guarantee a smooth and error-free implementation, it's crucial to grasp the intricacies of each step. By delving into the details and understanding the underlying mechanics, users can optimize the feature's potential and ensure robust remote connectivity."
Android App: MikroTik's VPN application for Android, available on the Google Play Store, is designed for ease of use. Users can swiftly set up their BTH configurations, add tunnels, and provide router details, all within a user-friendly interface.
Apple iPhone App: iOS enthusiasts aren't left behind. MikroTik's app on the Apple App Store ensures iPhone users have a streamlined experience setting up and managing their VPN configurations.
WireGuard Integration: For users who opt for a different route, MikroTik's BTH feature is compatible with the official WireGuard application, available for both Android and iOS. This offers an alternative for those who are already accustomed to the WireGuard interface or prefer its functionalities.
Final Thoughts
MikroTik's BTH feature highlights the company's steadfast commitment to home users and small businesses. Addressing the double NAT challenge with a secure, encrypted solution, BTH guarantees that both professionals and casual users can achieve remote access to their networks without sacrificing security. As with all advanced features, a thorough grasp of its workings and potential impacts is essential before implementation. For a deeper dive into the "Back to Home" feature, refer to the detailed articleon MikroTik's official wiki.
Explore the transformative power of MikroTik's L3 hardware offloading and how it's reshaping the networking landscape. Discover the benefits, challenges, and upgrade opportunities for your network. Join us in the future of networking!
Explore MikroTik's latest 'Back to Home' feature, designed to simplify remote network access, especially in double NAT scenarios. Dive into its technical aspects, benefits, and implementation, and discover how MikroTik continues to prioritize home users and small businesses with innovative solutions.
In today's fast-paced digital world, the demand for higher bandwidth and faster transmission speeds is ever-increasing. As enterprises and data centers shift towards 100G Ethernet data transmission, MikroTik stands at the forefront with its latest offering: the CRS504-4XQ-IN Switch.
The CRS504-4XQ-IN is not just another switch in the market. It's your compact, energy-efficient gateway to the world of 100 Gigabit networking. Designed as the next logical step for those looking to upgrade from 10 or 40 Gigabit networks, this switch boasts multiple powering options and dual hot-swap power supplies.
In the rapidly evolving world of networking, the demand for faster data transfer rates is relentless. As more PCs and client devices ship daily with 2.5G ports, the market for multi-gigabit speeds is expanding at an unprecedented rate.
Until recently, the leap from 1G to 10G was a costly endeavor for many. However, the landscape is shifting, and MikroTik's CRS310-8G+2S+IN is at the forefront of this change.
