Mikrotik CHR as a secure router to connect remote sites and to get around Mobile B/band Telco CGNAT
I have been running a Mikrotik CHR for 6 weeks as a theory of concept so that I can locate and access a remote site (farm) for monitoring of security cameras and remote Amateur Radio site. The AWS VPC and the CHR instance works exactly as they intend to.
In Australia the telcos providing mobile phone services primarily use CGNAT (Carrier Grade Network Address Translation). This is good for normal users as it helps to keep them safe from port scanning etc. However the downside is that there is no way of finding the end node as it doesn't have a real external IP Address. Unfortunately DDNS isn't a solution either.
The only way in Australia to obtain a 'real' IP Address is to be a registered company and that also comes at an additional cost to have one applied to your 3g/4g SIM. For me this wasn't an option.
My solution works exceptionally well and that the end nodes will always automatically established a L2TP secure tunnel to the CHR and then routing (in this case RIP) does the rest. So in effect the remote site/s make an automatic connection to the Mikrotik CHR and you establish a connection from your own location. Then you have full remote access functionality.
Can't recommend it enough.
There are no comments to display