I travel frequently for work and would like to access my mesh from a hotel or remote location.
I have a MikroTik hAP AC 2 connected to my home WAN and a MikroTIk hAP lite for the travel node.
I did the following:
- setup a static IP Reservation for the hAP AC2 as 192.168.1.xxx
- setup Port forwarding for that same IP address on ports 5525 thru 5534 with TCP/UDP access
- obtained the WAN IP address from my ISP 217.xxx.xxx.xxx
- created a NO-IP DNS name with the ISP IP address 217.xxx.xxx.xxx
In the AREDN hAP AC 2 server Node GUI:
- entered the NO-IP DNS name in the Tunnel Server box
- created a WireGuard Server entry
My question is: what goes in the Remote Node Name box and do I just leave the generated codes in the other boxes?
On the remote node hAP Lite, when I create the WireGuard client. What goes in those entries?
It would be very helpful if someone did a step by step video or post with the new web interface! I see a few with the old interface
Thanks in advance?
Scott WK7G
-
I have a MikroTik hAP AC 2 connected to my home WAN and a MikroTIk hAP lite for the travel node.
I did the following:
- setup a static IP Reservation for the hAP AC2 as 192.168.1.xxx
- setup Port forwarding for that same IP address on ports 5525 thru 5534 with TCP/UDP access
- obtained the WAN IP address from my ISP 217.xxx.xxx.xxx
- created a NO-IP DNS name with the ISP IP address 217.xxx.xxx.xxx
In the AREDN hAP AC 2 server Node GUI:
- entered the NO-IP DNS name in the Tunnel Server box
- created a WireGuard Server entry
My question is: what goes in the Remote Node Name box and do I just leave the generated codes in the other boxes?
On the remote node hAP Lite, when I create the WireGuard client. What goes in those entries?
It would be very helpful if someone did a step by step video or post with the new web interface! I see a few with the old interface
Thanks in advance?
Scott WK7G
-
I assume:
your "Home WAN" is 217.x.x.x from your ISP.
your 'Home LAN' is 192.168.1.x .
your 'Home router' port forwards 5525 through 5534 TCP/UDP to your hAP-ac2. (*)
your home hap-ac2's WAN has a 'DHCP reservation' from your home router of '192.168.1.x' .
you have a 'wk7g.ddns.net' (or similar) that resolves to 217.x.x.x .
you have configured a tunnel server entry on your hAP-ac2 for your hAP-ac-lite.
I assume:
your hAP-ac-lite WAN connects via Wi-Fi or ethernet to a remote internet service and obtains a dynamic IP address.
your hAP-ac-lite has a tunnel client entry for 'wk7g.ddns.net' (which routes to your home hAP-ac2).
How did I do?
(*)
You need one port for each remote AREDN node.
I highly recommend wireguard tunnels instead of legacy.
You would then port forward 5525 (or a range 5525-55xx).
(edit: Strike 6525-65xx)
Semantics:
A 'static' IP address is similar to a 'dynamically assigned DHCP' IP address.
They each appear to do the same thing, however if both are used together,
it may be somewhat errant and/or redundant.
73, Chuck
You have that all correct!
Do I need to change the port forwarding range on my home to 6525-65xx?
Wireguard Server setup:
Tunnel Server(DNS Name of this Tunnel Server) = wk7g.ddns.net
Remote Node Name ="WK7G-hAPAC2"
Wireguard key = "auto generated"
Network:Port = "217.XXX.XXX.XXX:5525" ??? do you leave this autogenerated as well?
Wgt = ???
Assuming this is all ok then on the hAP-AC-Lite the Wireguard client setup:
Tunnel Server(DNS Name of this Tunnel Server) = not required
Remote Server Name = WK7G-hAPAC2
Wireguard Key = "copy from server entry"
Network:Port = 217.XXX.XXX.XXX:5525
Hopefully I have this correct now.
Thanks for helping out a newbie?
Scott(WK7G)
Sorry, fixed.
Supernode tunnels use 6525-xxxx.
Regular node tunnels use 5525-xxxx.
Wireguard tunnels use UDP.
Legacy tunnels use TCP.
"Do I need to change the port forwarding range on my home to 6525-65xx?"
No, 5525 (or 5525-55xx). Do not adjust your set.
Wireguard Server setup:
Tunnel Server(DNS Name of this Tunnel Server) = wk7g.ddns.net
Yes, but use the real dynamic domain name.
wk7g.ddns.net did not resolve for me.
Remote Node Name ="WK7G-hAPAC2"
Fine.
Wireguard key = "auto generated"
Yes.
Network:Port = "217.XXX.XXX.XXX:5525" ??? do you leave this autogenerated as well?
Yes, autogenerated. Should look like this format: 172.31.87.180:5525
Network:Port = Wgt = ???
If left blank...defaults to integer 1.
-----
Wireguard client setup:
Tunnel Server(DNS Name of this Tunnel Server) = not required
Remote Server Name = WK7G-hAPAC2
No, this should be the real .ddns.net domain name or the IP address of your home router's ISP address.
Wireguard Key = "copy from server entry"
Network:Port = 217.XXX.XXX.XXX:5525
No, this will be formatted like: 172.31.244.96:5527 and
copied from your home tunnel server.
73, Chuck
Thanks for your patience and time!
Scott WK7G
I recommend you look the docs over if you have an issue before posting here.
73
Orv W6BI
Scott WK7G
73
Orv W6BI