I have a user that will use a residential StarLink on location, and that thing is behind a CGNAT.
How to punch through to make a WireGuard work for remote access / admin?
Why? It is WireGuard, with specific client in. Should be quite safe. Or? What am I missing?But don't do it in prod.
It's only for HO.
Exactly my point. If a client is not willing to shelve out for a business connection with an fixed IP, then I don't really see them willing to finance a CHR instance configuration and maintenance.A bit over the top, but it should not be used as a business entity as on occasion, not very frequently the Mikrotik servers have gone offline. A couple of times a year is probably a safe bet.
As on the price of the cloud server - the issue is not a few bucks needed to make it work, but time to do so. All these costs need to be passed onto the client, and it adds up. It is simply more cost effective to have a business class internet access.Nothing for you to worry about unless your a hospital, a bank or any business requiring 24/7 VPN up time.
If that is concern then rent a server in the cloud, for like $7 a month and put a CHR on it and use that as the wireguard server.
This is a mikrotik forum, and I have no clue how to use linux LOL.Why is CHR necessary just for Wireguard peer? It can be setup on Linux running on cloud server and save some money for CHR licence. Once setup on Linux is created, image can be made of it for reuse.
Initially some time will be spent to create setup, but later it should be more faster and charge more know-how than spent time and profit from such clients.
Interesting proposition. But I think that local providers still use IPv4 here. Not sure about StarLink?why don't you use IPv6? router should be reachable.
We have end-user starlink terminal, the configuration options are more or less devoid of any options. Currently I have enabled BTH option and that one works flawlessly. However, I haven't yer configured firewall properly, so there is that... Configured BTH on site 2 days ago. I was surprised how easy it was... Probably the easiest setup for anything Mikrotik ever.Starlink indeed gives you a/56 global subnet, but only in "bypass" mode (or how do they call the bridge mode of their router), or if you connect your own router directly to the dishy, bypassing their router that way. So along with a Hurricane Electric tunnel that allows you to get a global subnet using your IPv4-only uplink, this is the budget way to get there.
It works also for the consumer grade service.As for StarLink, I presume bypass works only for business models, or?
3rd party solutions are available that allow to exclude the indoor router from the scheme completely and provide the non-standard power supply via the non-standard connector to the dish and the data lines on a standard RJ-45 socket. But the "bypass mode" is actually a setting of the "router" which then becomes a bridge (for some models, you need a separate Ethernet adaptor, for others the router has the Ethernet port directly).As for the antenna, it draws a lot of power. From what I understand the ethernet cable they provide is out of standard, as is power delivery, as it needs to supply up to 100W+ to the antenna itself? Meaning I can't really bypass the SL router itself.
Unless you consider availability of IPv6 a real world benefit (it makes you independent on wthe BTH ifrastructure), and unless you suffer from the double-NAT-phobia, it wouldn't.would it actually make any real world benefit for using bypass mode
They do - Starlink does have over-the-air access to the antenna even if the indoor router is not part of the setup.How and do the firmware updates work for antenna router after bypass?