You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 23 Next »

Summary

Sub-menu: /ip cloud
Packages required: routeros
RouterOS version required: v7.11
Hardware requirements: ARM/ARM64/TILE architecture devices

Back To Home is a convenience feature, that configures your device for secure VPN access from anywhere in the world to your router and your network, even if your router does not have a public IP address, is behind NAT or Firewall.

Configuration can be done manually, or with our MikroTik VPN companion app (Android, iPhone).

If the VPN server (your home router) has a public IP address, the VPN app will create a direct VPN connection between the phone and the router. However, if the router is not directly reachable from the internet, the connection will be made through the MikroTik relay server. The connection is always end-to-end encrypted, the relay server or any other device does not have access to the encryption keys, in essence, the relay only helps your device to reach the router. The connection will appear as going out from your router, not from the relay. In case of going through relay, speed could be limited.

This feature is a convenient option to access your home network or view content available in your home country, from locations, where some content is not available. It is not meant for anonymity, it is for simple one click access to your home network. For more granular security controls, we recommend to manually configure and secure a VPN connection using the advanced RouterOS options.

Optional

You can also use a standard Wireguard application to connect to your BTH enabled devices. The configuration that is required for your laptop or phone Wireguard application is available in the IP CLOUD menu, once BTH is configured.


Using the companion app

- Connect to router's Wi-Fi;
- Open MikroTik VPN application;
- Open bottom sheet;
- Tap "Add Tunnel";
- Enter your local router IP address (most likely 192.168.88.1), username, and password, tap "Connect";
- Give tunnel a name, optionally enter DNS server address (this can also be 192.168.88.1 or a public DNS like 1.1.1.1), tap "Create tunnel";
- You can disconnect from router's Wi-Fi and connect to other network;
- Tap power button to toggle connection of selected tunnel.


Tap "Add tunnel"

Provide your router info

Connection established

If device is not supported, error is shown

Configuring manually in RouterOS

  1. Connect to router  
  2. Enable DDNS Cloud service: `/ip/cloud/set ddns-enabled=yes`
  3. Enable Back To Home: `/ip/cloud/set back-to-home-vpn=enabled`
  4. Print tunnel configuration: `/ip/cloud/print`
  5. Scan QR Code (`vpn-wireguard-client-config-qrcode`) or Copy config (`vpn-wireguard-client-config`) and enter in preferred WireGuard® client. Only one client at a time will be available to use this config. To create more clients, you will need to manually create more peers: `/interface/wireguard/peers/add interface=freevpn-wg public-key=<public_key> allowed-address=192.168.216.x/32`
  • No labels