Binary Lane sounds good. I have a few CHR's on the lowest tier VM (USD$5/m) with Vultr working well for years doing various tasks including relaying between 4G points. If I had to do it again I'd probably go with Zerotier - I haven't tried it yet but it lets you link networks and devices that are all behind NAT of need be and it can even figure out fastest paths as links change and it'll hole punch for NATed systems. It's free for low counts of devices too. Regards, Jason Hecker <https://www.upandrunningtech.com.au> <https://www.upandrunningtech.com.au> On Wed, 11 Oct 2023, at 10:34, Andrew Oakeley wrote:
Hi,
Another great option is to use a $4/month VM in Binary Lane as a peering point, if you don’t have a site with a Public IP. Load the Mikrotik CHR RAW Disk Image.
Andy
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Russell Hurren Sent: Tuesday, October 10, 2023 8:34 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik and Starlink
Zerotier is a great option if both ends could be behind NAT, or the IP might change for whatever reason.
-----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Andrew Gilbett Sent: Tuesday, October 10, 2023 8:31 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik and Starlink
I will second wireguard.
You also have public IPv6 so the possibilities there are fascinating. I did manage to do an EoIPv6 tunnel over starlink to solve a short term problem...
On Tue, Oct 10, 2023 at 7:01 PM Jason Hecker <jason@upandrunningtech.com.au> wrote:
Wireguard can work behind NAT but one end has to be reachable at all times.
I got caught out the other week with 2 Mikrotik routers that had a Wireguard connection not work as one ended up behind 4G CGNAT and the other switched to AussieBB CGNAT. Once the 4G end was restored to a normal publicly reachable IP it worked again.
From what I understand one end can change IP's say from a reachable to non-reachable address like you would switching from Wifi to 4G and the VPN remains uninterrupted. As mentioned above the far end has to be on a reachable IP. So this setup works well for a Wireguard router that is on a rigidly static IP and the other end is a roaming VPN user. It reminds me a bit of the "persistent" mode of OpenVPN.
Each end is also equal as such, so there is no server/peer relationship at the interface level like other VPNs.
https://www.wireguard.com/ explains it simply enough.
Regards, Jason Hecker <https://www.upandrunningtech.com.au>
On Tue, 10 Oct 2023, at 18:32, Karl Auer wrote:
On Tue, 2023-10-10 at 18:17 +1100, Roger Plant wrote:
Wireguard, Built into latest Mikrotik versions, it's very good, easy to setup and quite brisk.
Client Peer(s) can be behind CGNat. Server Peer needs a udp port (either port forwarded or directly on wan)
Interesting, thanks! Is it bidirectional once established, i.e., can connections be initiated over the VPN from either end?
Will look into it.
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.co m.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au