MikroTik

Hi and sorry for bad english,
I usually setup and check status of ubiquiti APs with cloud controller (changing inform path with "set-inform http://MYDDNS:8080/inform" command) and they work perfectly from all over the world.
The problem is when they are behind a mikrotik router with an hotspot configured, in this case in my ubiqui controller all tha APs are OFFLINE.
I've try to binding (bypassed) the MACs of APs and to add MYDDNS to the walled garden but no way!!!
Is there a way to solve this problem?
thanks
regards
RK

Think you need both port forward and hairpin nat.

For outbound UniFi APs -> controller connections you only need to add hotspot IP bindings, MAC and IP addresses.

thanks for answer but how to do that excactly?

We have always used

/ip hotspot ip-binding
add mac-address=XX:XX:XX:XX:XX:XX address=NNN.NNN.NNN.NNN to-address=NNN.NNN.NNN.NNN type=bypassed

with the device address either set statically or getting it from a static DHCP lease. Never tried it without the addresses, the wiki isn't clear what would happen in that case.

mac-address=XX:XX:XX:XX:XX:XX
this is mac of AP?

address=NNN.NNN.NNN.NNN
and this the fixed IP of AP?

to-address=NNN.NNN.NNN.NNN
and this the destination? in thi case it's not an IP but a DDNS like xxxxxxx.synology.me

i'll try and i'll let you know
thanks

Yes, AP MAC address.

Both IP addresses are the same fixed IP of the AP. The to-address is part of the internal hotspot translation system, it has nothing to do with the destination of traffic from the AP.

We have always used

/ip hotspot ip-binding
add mac-address=XX:XX:XX:XX:XX:XX address=NNN.NNN.NNN.NNN to-address=NNN.NNN.NNN.NNN type=bypassed

with the device address either set statically or getting it from a static DHCP lease. Never tried it without the addresses, the wiki isn't clear what would happen in that case.

does'nt work : (

Works on our hotspots. Can the AP resolve the inform URL address, the AP DNS server address would typically be set to the same as the gateway address, and does the Mikrotik apply srcnat to the outbound WAN traffic?

Works on our hotspots. Can the AP resolve the inform URL address, the AP DNS server address would typically be set to the same as the gateway address, and does the Mikrotik apply srcnat to the outbound WAN traffic?

It's really strange becouse if I login in ssh to the AP from the mikrotik internal terminal and try to ping my inform address it's resolved without problem

That suggests it is something else if pings are successfully bypassing the hotspot, maybe additional firewall rules. You can use the packet sniffer, filter on the IP address of the AP.

I disbaled all firewall rule but same problem

What is the Unifi controller hosting (Cloud key or Local server)?
Is the MYDDNS name resolved to your public IP address?

If both true, please check my previous response.

What is the Unifi controller hosting (Cloud key or Local server)?
Is the MYDDNS name resolved to your public IP address?

If both true, please check my previous response.

there's no controller, I modified the informer of ubiquiti via ssh (and outside of mikrotik it works perfectly!!)
How I told if I ping from ubiquiti (via ssh) mi informer ddns address I can resolve it without problem.
tried also Hairpin and port forwording, No Way!