Re: How do routers like Mikrotik build VPNs ?

carl_townshend · ‎04-03-2025

Hi Guys

An external company has put some Mikrotik cloud services routers on our site, they do not have a public IP on the WAN interface but can still build a VPN to other Mikrotik routers, is this because they register to the cloud to a registry like Meraki ?

How does it then build this tunnel when hiding behind another IP and not having a public IP?

Cheers

Joseph W. Doherty · ‎04-03-2025

I believe they would either need to know the other side's public IP (fronting for an interior IP - that alone, though, likely leaves the issue of passing through the other side's public/private transit device), or they would need, something like a cloud/public RP.

carl_townshend · ‎04-03-2025

Hi Joseph, what do you mean by cloud/public RP?

Joseph W. Doherty · ‎04-03-2025

Sorry, RP for rendezvous point (of some kind). I.e. somewhere the devices behind another device's public IP can identify themselves and make that information available to other such devices. Or, something like DMVPN use of the hub and NHRP allowing spokes to use dynamically acquired IPs find out about the public IPs being used by other spokes, or something like "because they register to the cloud to a registry like Meraki", etc.

Marcelo Morais · ‎04-03-2025

Hi @carl_townshend ,

does the Mikrotik not have a Public IP on the WAN Interface or is it using the built-in Cellular Modem that supports 4G (LTE) connectivity ?

As an example, please take a look at: Mikrotik wAP 4G Kit.

Regards.

carl_townshend · ‎04-03-2025

Hi, no it doesnt have a public IP, it hides behind an internal IP address.