Hi,

My first post and first mikrotik router. So far so good

I was wondering what are considered best setup to remote manage (config etc) the router in a SOHO type environment.

Setup:

Router has single public IP, NAT to private network.
Assume manage from internet, already know public ip for router.

Thinking:
SSH to CLI (ie, open port 22)
or
VPN
or
SSH Tunnel to webfig/winbox ports
or
...

My considerations, to config, view logs, run WOL commands, from a windows machine mostly.


What do the wise people do? What questions should I be asking?


Thanks for your advise.
-bandit

Some comments:

Avoid Telnet - use SSH instead and use *strong* usernames/passwords prefereably with port change. Remove the default account.
If using Winbox remotely change the port from the default and use the secure version.
If using web access remotely use the secure version - and change the port.
If possible, restrict the IP range that remote access will work from.

VPN access is good but avoid the less secure VPN options.

Check your remote access config with scans from both permitted and denied addresses after configuration changes.

@celticcomms, thanks for the advice.


What do you think of this idea:

(1) Forward some new external port to SSH port 22 inside (just use dst-nat)
(2) use PKI ( with good passphrase) to connect SSH, use CLI
(3) make ssh tunnels in this connection if needed for webfig or winbox (enable on Mikrotik)

is this reasonable idea? this would give me good access to the router without bad security.


-bandit