Hey.
I'm setting up a small network for my parents' new house. The hardware is all Mikrotik - a switch, a router, and several access points. I've configured VLAN switching on a single bridge on the router so I can split my network into multiple VLANs. One of those VLANs (99) is used for management and all the Mikrotik devices get an IP on this VLAN.
What I want to do, as I'm sure problems will arise when I'm not around, is to configure VPN access into this management VLAN to be able to Winbox into the Mikrotiks and sort stuff out.
One other important thing to note is that the ISP at my parents' does not provide a public IP - everything is behind a CGNAT.
Now, for the questions:
1. I understand that the best way to achieve what I need would be to have a VPS configured as the VPN server and connecting to it from the Mikrotik Router and my laptop when I'm away. This way, the CGNAT wouldn't be a problem. Is this a good idea?
2. I'd like to use OpenVPN, mainly because of the possibility of using TCP 443 for my device. A mixed setup with Wireguard between my VPS and the Mikrotik Router and then OpenVPN between my laptop and the VPS would be ideal, I think, but it would probably add complexity to an already complicated situation. What would be the best choice here?
3. Are there any tutorials on the web describing a situation similar to mine? I'm currently in the process of searching and reading, but haven't found any good resources as of yet.
4. What I think I'd like would be for my laptop connecting to the VPN to automatically get an IP address from the DHCP server taking care of the Management VLAN. Is this possible and is it even a good idea?
I'm setting up a small network for my parents' new house. The hardware is all Mikrotik - a switch, a router, and several access points. I've configured VLAN switching on a single bridge on the router so I can split my network into multiple VLANs. One of those VLANs (99) is used for management and all the Mikrotik devices get an IP on this VLAN.
What I want to do, as I'm sure problems will arise when I'm not around, is to configure VPN access into this management VLAN to be able to Winbox into the Mikrotiks and sort stuff out.
One other important thing to note is that the ISP at my parents' does not provide a public IP - everything is behind a CGNAT.
Now, for the questions:
1. I understand that the best way to achieve what I need would be to have a VPS configured as the VPN server and connecting to it from the Mikrotik Router and my laptop when I'm away. This way, the CGNAT wouldn't be a problem. Is this a good idea?
2. I'd like to use OpenVPN, mainly because of the possibility of using TCP 443 for my device. A mixed setup with Wireguard between my VPS and the Mikrotik Router and then OpenVPN between my laptop and the VPS would be ideal, I think, but it would probably add complexity to an already complicated situation. What would be the best choice here?
3. Are there any tutorials on the web describing a situation similar to mine? I'm currently in the process of searching and reading, but haven't found any good resources as of yet.
4. What I think I'd like would be for my laptop connecting to the VPN to automatically get an IP address from the DHCP server taking care of the Management VLAN. Is this possible and is it even a good idea?
Statistics: Posted by IgorAugustynski — Sat Mar 29, 2025 9:49 pm