This week there was an unfortunate outage on the mynetname.net Dynamic Domain Name Service (DDNS) that MikroTik hosts for free to their customers. Many MikroTik users all over the world rely on this service for remote access to their MikroTik infrastructure. Official documentation is here: https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#DDNS

I thought it would be useful to share what I learned about how RemoteWinBox solves this problem for its customers, so that you too can can roll your own remote access to your MikroTiks!

FreeBSD: Setup SoftEther and configure Offshore 100% Logless VPN server (Windows 10 as clients)

Let’s go through the entire Tailscale system from bottom to top, the same way we built it (but skipping some zigzags we took along the way). With this information, you should be able to build your own Tailscale replacement… except you don’t have to, since our node software is open source and we have a flexible free plan.

how easy it is to set up an IP tunnel between two locations. This will allow you to access files on a server and share printers between two locations, no matter how far apart. In addition, it enhances data security by encrypting packets as they travel through the tunnel. To accomplish this task, you will need two Mikrotik routers, one at each location, and two public IP addresses.

The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself. //

We use DHCP option 121 to set a route on the VPN user’s routing table. The route we set is arbitrary and we can also set multiple routes if needed. By pushing routes that are more specific than a /0 CIDR range that most VPNs use, we can make routing rules that have a higher priority than the routes for the virtual interface the VPN creates. We can set multiple /1 routes to recreate the 0.0.0.0/0 all traffic rule set by most VPNs. //

Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn't implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. //

The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn’t in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device.

1. First, open PuTTy.
2. For “Host Name” enter the domain name or IP address of the server that will act as the proxy.
3. From the “Category” section on the left, scroll to “Connection” > “SSH” > “Tunnels”.
4. Enter the local port you want to use for the proxy connection in the “Source port” field. A common choice is “8080”.
5. Assuming you picked 8080 for the port, then enter “localhost:8080” (without quotes) as the destination. This tells PuTTY to listen to data sent to it on port 8080 from the same computer putty is running on, and forward it to the remote server.
6. Where it says “Forwarded ports”, select “Dynamic”. This enables the SOCKS protocol.
7. Now click “add”.
8. Go back to the “Session” option in the left panel. Type in a name for this connection under the “Saved Sessions” text box.
9. Now click the “Save” so you’ll be able to open the connection later without repeating these steps again.
10. Almost done! Just click the “Open” button.