Hi.

I have a problem using VPN network from my HQ. so here's my network configuration for my HQ office :


i don't have any IP Public Static for this network. so i use IP >> Cloud features.

my current configuration is :

IP >> Address:

• Ether 2 : 192.168.2.3 (to Router Modem)

• Ether 4 : 192.168.1.1 (for Local Network)

IP >> DNS:

• Servers : 8.8.8.8 , 8.8.4.4, 192.168.2.1

• Allow Remote Request = Yes

IP >> Firewall:

• NAT : Action = Masqurade , chain = srcnat

IP >> Cloud:

• Enabled = yes

i try to access my mikrotik from winbox (With another network) using my DNS Name (xxxxxxxxxxxx.sn.mynetname.net) but it's cannot.

can someone help me for this problem ?

Cloud features are used when you have a dynamic public address, not a private one . If you do not have a public address, you can not access your router.

Hi!
Either you've got a too many of things wrong or did not specify them in the description, I kindly suggest to read basic installation manual.
For starters:
1) what are NAT rules for HQ router modem?
2) Did you add anything else to SRC NAT in HQ mikrotik?
3) What kind of VPN is being used?

P.s. I also strongly suggest to abandon configuration of double NAT (when you have ISP router\modem NATting) for anything that is related to VPNs. Get a static IP address and ask ISP to configure modem as bridge.

P.p.s. DynDNS will give you private IP, which is useless, but not relevant, since you would be using private IPs anyhow when VPN is set up correctly.

Cloud features are used when you have a dynamic public address, not a private one . If you do not have a public address, you can not access your router.

so, am i have a wrong configuration ?

You need at least one public address in the whole system towards which the other devices can establish connections. If the router/modem in the HQ has a public address and you have administrative access to it, you can configure port forwarding on it so that it would deliver the incoming requests to the Mikrotik.

If none of the HQ or the BOs has a public addresses, you'll have to run a virtual Mkrotik or some other device supporting the VPN protocol you've chosen somewhere in a server hosting where you can get a public IP address, and make all your 'Tiks including the one at the HQ site VPN clients of that virtual router (sure you may place a physical 'Tik there if your hosting provider's service offer allows that).

The Mikrotik's cloud service always registers the public address nearest to your Mikrotik in the DNS system, but if the address is not assigned to one of those devices in the chain to which you have administrative access, you cannot set port forwarding on that device.