On Digital Ocean, it's better to just use the DO firewall to block all inbound traffic (although if you want to set up via SSH / webfig rather than the browser console, then allow your own IP through) until your router is properly secured. There is no need to race attackers in the manner shown in the video.
With ISPApp you can totally secure your CHRs by blocking all inbound connectivity using DigitalOcean's firewall and still have complete monitoring and control of your routers from the cloud.
It gets even more simple. You can also manage your DigitalOcean VPS CHRs from the cloud using ISPApp, just like every other RouterOS device. ISPApp uniquely allows you to totally secure your public facing routers by closing all inbound IP services, and still have complete control.
A few years ago I installed it via recovery mode and everything works fine. Now I tried it according to your video. And nothing works. The IP address is not registered automatically and there is no access to the droplet. The new access console from digitalocean does not work without installation.
Hello Community. Is it possible to install an XMPP server on a MikroTik with version 7.xx? It is about chatting between a few users but also to store system messages in rooms on the XMPP server. Thank you in advance for one or two tips.
I installed a CHR on Digital Ocean; at one point the CHR hung so I had to force a reboot. Little did I know it changed the CHR system ID which dropped the licence from Paid P1 to free edition. Now there seems to be no way to reapply the P1 status to it without a complete rebuild from scratch. So this may not be the best cloud solution for many.
@@mikrotik What a quick response, thank you! I don't get an option for a trial license - only options are p1, p10 and p-unlimited. I suspect I didn't spot the license problem quickly enough (ie within 60 days of a system ID change) and now the CHR is stuck on level "Free". I can't even get the new system ID to show on my Mikrotik account; when I put in my username/password into the CHR System > License > Renew License, I just get an error. I love RouterOS, but licensing CHR does feel a bit clunky if the system ID can change without the owner knowing.
can you send us the supout.rif file from your router (or at least the license ID and some more info) to support@mikrotik.com ? We will resolve this issue for you
@@mikrotik It would be nice to have this automated somehow. It would allow easier VPS management. For example in cases of auto or manual scaling or auto or manual backup restoration. And it might even allow to run it in a container
A very common use is when you have a CGNAT address at home, and want to host services, then you can tunnel traffic home. Another use is if you have servers in the cloud that you want to reach directly from a corporate network as they were on premesis.
My home router has a VPN connection to my CHR to provide a static IP for hosting services that otherwise has no incoming connection due to my ISP's CGNAT. The CHR routes incoming connections to my hosted services through the VPN tunnel and through the layer of CGNAT.
How run container on CHR, I hosted CHR on AWS but unable to get it through. after running command, it ask to power off but on AWS no option to power off. We can just gracefully send shutdown signal to CHR on cloud.
I suggest that Mikrotik should rollout a tool preconfigure the chr image with something like individual users/passwords of firewall rules. before uploading. Since CHR is meant for installations on cloud servers sofore its essential to prevent the user from being instantly hacked while installing chr.
Boys - you haven't tough about making video surveillance cameras? Nowadays a lot of companies are buying Chinese Hikvisions, Dahuas because of price, and we know how much they can be trusted. Maybe a new niche for you?
I'd second that. We've had trouble with (customers') old Dahua boxes using horrible insecure proprietary protocols and other unknown DVR boxes being compromised and breaking LANs (they're isolated now but still). A well-priced trustable DVR box with decent SECURE remote access and cameras that don't play host to questionable firmware would be very welcome in the market. Anything that phones home, requires a monthly subscription to access via an external service is out!
Where all this attacks come from? people or automated bots scanning all public ip on the world? if the succed entering the router then what? whats the gain?
On Digital Ocean, it's better to just use the DO firewall to block all inbound traffic (although if you want to set up via SSH / webfig rather than the browser console, then allow your own IP through) until your router is properly secured. There is no need to race attackers in the manner shown in the video.
Thanks for the tip! Hopefully others will take notice :)
I also do this. Unlike regular Linux, RouterOS has IP forwarding enabled by default.
With ISPApp you can totally secure your CHRs by blocking all inbound connectivity using DigitalOcean's firewall and still have complete monitoring and control of your routers from the cloud.
I still remember handshake you on Buenos Aires Argentina 2007 . Nice and quiet guy but very knowledgeable.
It gets even more simple. You can also manage your DigitalOcean VPS CHRs from the cloud using ISPApp, just like every other RouterOS device. ISPApp uniquely allows you to totally secure your public facing routers by closing all inbound IP services, and still have complete control.
Yeah.. So how about that ZeroTeir package for x86 CHR's... Kinda needing that...
@mikrotik what are the use-cases for Mikrotik on Public clouds?
A few years ago I installed it via recovery mode and everything works fine. Now I tried it according to your video. And nothing works. The IP address is not registered automatically and there is no access to the droplet. The new access console from digitalocean does not work without installation.
Please pay attention to how to make a VPN server on this VPS with ipv6 support for clients
What do people do with RouterOS on a small VPS other than as a tunnel endpoint?
Hello Community. Is it possible to install an XMPP server on a MikroTik with version 7.xx? It is about chatting between a few users but also to store system messages in rooms on the XMPP server. Thank you in advance for one or two tips.
@Mikrotik What is the benefits to CHR on Digital Ocean ?? Or How can we use it for Local Connectivity ?
para controlar mikrotik bajo Starlink
more about container ideas plz.
tnx
I installed a CHR on Digital Ocean; at one point the CHR hung so I had to force a reboot. Little did I know it changed the CHR system ID which dropped the licence from Paid P1 to free edition. Now there seems to be no way to reapply the P1 status to it without a complete rebuild from scratch. So this may not be the best cloud solution for many.
You can request a trial from the CHR and then just give the unused P1 to this trial from your account. Should be quick and easy
@@mikrotik What a quick response, thank you! I don't get an option for a trial license - only options are p1, p10 and p-unlimited. I suspect I didn't spot the license problem quickly enough (ie within 60 days of a system ID change) and now the CHR is stuck on level "Free". I can't even get the new system ID to show on my Mikrotik account; when I put in my username/password into the CHR System > License > Renew License, I just get an error. I love RouterOS, but licensing CHR does feel a bit clunky if the system ID can change without the owner knowing.
can you send us the supout.rif file from your router (or at least the license ID and some more info) to support@mikrotik.com ? We will resolve this issue for you
@@mikrotik It would be nice to have this automated somehow. It would allow easier VPS management. For example in cases of auto or manual scaling or auto or manual backup restoration. And it might even allow to run it in a container
excelente video muy didactico ! gracias
hi how install lightsail vps v7
Oh, interesting, but what will solve mikrotik on VPS? Firewall? Provide please more use cases.
A very common use is when you have a CGNAT address at home, and want to host services, then you can tunnel traffic home. Another use is if you have servers in the cloud that you want to reach directly from a corporate network as they were on premesis.
My home router has a VPN connection to my CHR to provide a static IP for hosting services that otherwise has no incoming connection due to my ISP's CGNAT. The CHR routes incoming connections to my hosted services through the VPN tunnel and through the layer of CGNAT.
How run container on CHR, I hosted CHR on AWS but unable to get it through. after running command, it ask to power off but on AWS no option to power off. We can just gracefully send shutdown signal to CHR on cloud.
Try DO like the video explains. It works fine with power off
can you please give us some guide how to install CHR on ubuntu VPS? in a direct UBUNTU not the digital ocean. thanks
We have many videos about that, check the playlist th-cam.com/video/tBswpi22q_0/w-d-xo.html
I suggest that Mikrotik should rollout a tool preconfigure the chr image with something like individual users/passwords of firewall rules. before uploading. Since CHR is meant for installations on cloud servers sofore its essential to prevent the user from being instantly hacked while installing chr.
Thank you very much!!!!
yeey, that's really good vid
Boys - you haven't tough about making video surveillance cameras? Nowadays a lot of companies are buying Chinese Hikvisions, Dahuas because of price, and we know how much they can be trusted. Maybe a new niche for you?
I'd second that. We've had trouble with (customers') old Dahua boxes using horrible insecure proprietary protocols and other unknown DVR boxes being compromised and breaking LANs (they're isolated now but still). A well-priced trustable DVR box with decent SECURE remote access and cameras that don't play host to questionable firmware would be very welcome in the market. Anything that phones home, requires a monthly subscription to access via an external service is out!
Where all this attacks come from? people or automated bots scanning all public ip on the world? if the succed entering the router then what? whats the gain?