Mikrotik Router OS, We are looking for your server in a foreign network. Or how not to pay big money

Mikrotik Router OS, We are looking for your server in a foreign network. Or how not to pay big money

All of us have heard more than once about the grand support of small business and private entrepreneurship in our country. While you are an individual, you have no problems. But as soon as you collected your thoughts and decided to start your own business, you instantly end up with money (horse interest in banks, taxes, contributions to the Pension Fund, extortions, fines, inflation, and other cotton wool). Providers especially distinguished themselves in this regard; if the requirements for a simple home user are minimal, then for private entrepreneurs and organizations there is a special approach. Namely: if you rented non-residential premises for work, it means that you are a cash cow and have to pay a lot of money to the provider. Yes, of course, very well, if you managed to agree with the provider and draw up an agreement for an individual, well, let's say, not far your friend lives who agrees to put the wifi in the window. But if these options do not roll, there is another way not to pay the provider a lot of money. :)

The idea is that nowadays it is not difficult to find a provider with an internal local network 10.0.0.0/255.0.0.0 or 192.168.0.0/255.255.0.0 and organize two points in it (An individual with a cheap, unlimited Internet will be a server) ( An organization with expensive Internet by Internet will be a Client) between them we are raising a VPN.

In principle, there is no problem if the provider’s gray addresses are static, but if not, then we will have to use the DDNS service on the Internet. local service may not be.
')


Full size pichka

There are a lot of DDNS services on the Internet, but most of them recede into the background, because the microtic doesn't work with them, or they are not suitable for our purposes.

We will use the DDNS service changeip.com because of its support since versions 2.X

In the process of developing a script to send a gray ip address, one significant problem arose. The changeip.com service with each DNS name update checks the ip of the address that was sent in the message to the networks with the first octets 10 and 192.168. If this accessory occurs, replaces the address from the message to the white ip, which is determined automatically by the changeip.com service, and unfortunately we can’t disable this option :(

It was decided to mask the first octet of the ip address before sending, and replace it when it was received.

Server part, parameters:

:local interfacename ("eth1"); - .
:local replacement ("222"); - ip , , . 10. - 00-99, 192. 100-254.
:local dnsname ("my.server.ddns.info"); -DNS .
:local login ("login"); - changeip.com
:local password ("password"); - changeip.com

Server part, code:

##################################################
#Server Part
##################################################

#Settings
##################################################

:local interfacename ("eth1");
:local replacement ("222");
:local dnsname ("my.server.ddns.info");
:local login ("login");
:local password ("password");

##################################################

##################################################

:local CurrentDynDNSIP ([:resolve $dnsname]);
:local TMPDynDNSIP ([/ip address get [/ip address find interface=$interfacename] address]);
:local RealDynDNSIP ([:pick $TMPDynDNSIP 0 ([:len $TMPDynDNSIP]-3)]);
:local ShortIP ([:pick $RealDynDNSIP ([:len $replacement]) ([:len $RealDynDNSIP])]);
:local FakeIP ($replacement . $ShortIP);
:if ($CurrentDynDNSIP != $FakeIP) do={/tool dns-update name=$dnsname address=$FakeIP key-name=$login key=$password};

##################################################
#(C) Inlarion icq 429-587 mikrotik.axiom-pro.ru Copyright!
##################################################

Description:

The principle of the server part is very simple, the ip address is taken from the specified interface, the subnet mask is truncated, the first octet is replaced with masking and sent to changeip.com

Client part, parameters:

:local dnsname ("my.server.ddns.info"); -DNS ip .
:local replacement ("192"); - .
:local gateoctet ("1"); - :local internettype "ethernet" 192.168..1 .

:local internetname ("LAN"); - .
:local internettype ("ethernet"); - "ethernet" .
:local internetdns ("192.168.3.1"); DNS .

:local tunnelname ("ISP1"); - .
:local tunneltype ("pptp"); - , "pptp" "l2tp".
:local tunneldns ("192.168.90.1"); - DNS PPTP L2TP .

Client part, code:

####################################################
#Client part
####################################################

#Settings
####################################################

:local dnsname ("my.server.ddns.info");
:local replacement ("192");
:local gateoctet ("1");

:local internetname ("LAN");
:local internettype ("ethernet");
:local internetdns ("192.168.3.1");

:local tunnelname ("ISP1");
:local tunneltype ("pptp");
:local tunneldns ("192.168.90.1");

####################################################

:global internetgate (" ");

####################################################
:if ( $internettype != "ethernet" ) do={
:set internetgate ([/ip address get [/ip address find interface=$internetname] network]);
} else={
:set internetgate ([/ip address get [/ip address find interface=$internetname] network]);
:local ShortIP ([:pick $internetgate 0 ([:len $internetgate]-1)] );
:set internetgate ($ShortIP . $gateoctet);
};
####################################################

:if ($tunneltype = "pptp") do={
/interface pptp-client monitor [/interface pptp-client find name=$tunnelname] once do={
:if ($status != "connected") do={
:if ($internetdns != [/ip dns get servers]) do={ /ip dns set servers=$internetdns; };
} else={
:if ($tunneldns != [/ip dns get servers]) do={ /ip dns set servers=$tunneldns; };
};
};
};

:if ($tunneltype = "l2tp") do={
/interface l2tp-client monitor [/interface l2tp-client find name=$tunnelname] once do={
:if ($status != "connected") do={
:if ($internetdns != [/ip dns get servers]) do={ /ip dns set servers=$internetdns; };
} else={
:if ($tunneldns != [/ip dns get servers]) do={ /ip dns set servers=$tunneldns; };
};
};
};

####################################################
:local WWW ([:resolve changeip.com]);
:local NIC ([:resolve nic.changeip.com]);
:if ( [/ip route find comment="WWW_changeip.com"] = "" ) do={ /ip route add dst-address=$WWW gateway=$internetgate comment="WWW_changeip.com" };
:if ( [/ip route find comment="NIC_changeip.com"] = "") do={ /ip route add dst-address=$NIC gateway=$internetgate comment="NIC_changeip.com" };
:if ( [/ip route find comment="INTERNET_DNS"] = "") do={ /ip route add dst-address=$internetdns gateway=$internetgate comment="INTERNET_DNS" };
:if ( [/ip route get [/ip route find comment="WWW_changeip.com"] dst-address] != $WWW) do={ /ip route set [/ip route find comment="WWW_changeip.com"] dst-address=$WWW gateway=$internetgate };
:if ( [/ip route get [/ip route find comment="NIC_changeip.com"] dst-address] != $NIC) do={ /ip route set [/ip route find comment="NIC_changeip.com"] dst-address=$NIC gateway=$internetgate };
:if ( [/ip route get [/ip route find comment="INTERNET_DNS"] dst-address] != $internetdns) do={ /ip route set [/ip route find comment="INTERNET_DNS"] dst-address=$internetdns gateway=$internetgate };
####################################################

:if ($tunneltype = "pptp") do={
:local CurrentVHNIP ([:resolve $dnsname]);
:local TMPVHNIP ([/interface pptp-client get [/interface pptp-client find name=$tunnelname] connect-to]);
:local ShortIP ([:pick $CurrentVHNIP ([:len $replacement]) ([:len $CurrentVHNIP])]);
:local RealDNSIP ($replacement . $ShortIP);
:if ($RealDNSIP != $TMPVHNIP) do={/interface pptp-client set [/interface pptp-client find name=$tunnelname] connect-to=$RealDNSIP; };
};

:if ($tunneltype = "l2tp") do={
:local CurrentVHNIP ([:resolve $dnsname]);
:local TMPVHNIP ([/interface l2tp-client get [/interface l2tp-client find name=$tunnelname] connect-to]);
:local ShortIP ([:pick $CurrentVHNIP ([:len $replacement]) ([:len $CurrentVHNIP])]);
:local RealDNSIP ($replacement . $ShortIP);
:if ($RealDNSIP != $TMPVHNIP) do={/interface l2tp-client set [/interface l2tp-client find name=$tunnelname] connect-to=$RealDNSIP; };
};

####################################################
#(C) Inlarion icq 429-587 mikrotik.axiom-pro.ru Copyright!
####################################################

Description:

The principle of the client part a little more complicated. The first is the definition of a gateway to the Internet through an expensive provider. The second step is to check the connection to the VPN server, if there is no connection, the DNS provider is installed, if there is a connection, the DNS server is installed. The third step is installing / updating routes through the main provider for DNS and changeip.com servers. The last step is to check the server's ip address in the connection properties with the address that was received from changeip.com with an edited octet.

In conclusion, I would like to note that this method is not a violation of the terms of the contract, if the contract with the provider is made on you, and you personally use it.
This method has obvious drawbacks; about the strong distance of the client from the server, the traffic will pass through the provider's subnets, and in each subnet, in addition to routers, there are smart switches with QoS support, which during prime time will negate the entire transmission.

To avoid packet loss and not to get much QoS, it is advisable to locate the server and the client on the same subnet, or to pay attention to the “Paid Inter-subscriber Traffic” service where information is transmitted between two white addresses of subscribers of one provider. This service costs from 2-15kop. / MB. and has the same priority as internet traffic.