Mikrotikga statik IP bo'lmaganda masofadan ulanish

Ko‘pgina provayderlar foydalanuvchilarga statik IP manzil bermaydi, natijada MikroTik routeriga masofadan ulanish qiyinlashadi. Bu muammoni hal qilish uchun Dynamic DNS (DDNS) yoki VPN ishlatish mumkin.

1. MikroTik’da DDNS orqali Ulanish

MikroTik routerida DDNS xizmati mavjud bo‘lib, bu orqali IP o‘zgarishiga qaramasdan routerga doimiy nom bilan ulanish mumkin.

1.1. MikroTik DDNS’ni yoqish

MikroTik’ga kirish uchun Winbox yoki SSH orqali ulaning.
IP → Cloud bo‘limiga kiring.
“DDNS Enabled” opsiyasini yoqing.
“Update Time” opsiyasini ham yoqing.
“DNS Name” maydonida MikroTik tomonidan berilgan domen nomini yozib oling. Masalan: 123456.sn.mynetname.net
“Apply” va “OK” tugmalarini bosing.

Eslatma: MikroTik Cloud xizmatining ishlashi uchun internet ulanishi bo‘lishi shart.

1.2. MikroTik DDNS orqali ulanish

DDNS yoqilgandan so‘ng, MikroTik’ga masofadan SSH, Winbox yoki WebFig orqali quyidagi manzil bilan ulanishingiz mumkin:

winbox://123456.sn.mynetname.net

yoki

ssh admin@123456.sn.mynetname.net

2. No-IP orqali DDNS ro‘yxatdan o‘tish va ulash

Agar MikroTik Cloud DDNS xizmati yetarli bo‘lmasa yoki alternativ variant istasangiz, No-IP xizmatidan foydalanishingiz mumkin.

2.1. No-IP’da hisob yaratish

No-IP saytiga kiring.
“Sign Up” tugmasini bosing.
Email, username va password kiriting.
“Create My Free Account” tugmasini bosing.
Elektron pochtangizga kelgan tasdiqlash xatini ochib, hisobingizni faollashtiring.
No-IP boshqaruv paneliga kiring va “Dynamic DNS” bo‘limida yangi Hostname yarating (masalan, mikrotik.ddns.net).

2.2. MikroTik’ga No-IP sozlash

MikroTik’da System → Scheduler bo‘limiga kiring.
“Add New” tugmasini bosing va quyidagi skriptni qo‘shing:

/system script
add name=noip_ddns_update policy=read,write source=
"/tool fetch url=\"http://dynupdate.no-ip.com/nic/update?hostname=mikrotik.ddns.net&myip=\$[/ip cloud get public-address]\" \ 
  user=\"YOUR_NOIP_USERNAME\" password=\"YOUR_NOIP_PASSWORD\" mode=http"

“Apply” va “OK” tugmalarini bosing.
System → Scheduler bo‘limiga qayting va 5 daqiqalik oraliqda avtomatik ishga tushadigan jadval yarating.

Eslatma: YOUR_NOIP_USERNAME va YOUR_NOIP_PASSWORD ni o‘z ma’lumotlaringiz bilan almashtiring.

2.3. No-IP orqali ulanish

Endi MikroTik’ga quyidagi manzil orqali ulanishingiz mumkin:

winbox://mikrotik.ddns.net

3. MikroTik VPN Server O‘rnatish

VPN orqali bog‘lanish DDNS’dan ko‘ra xavfsizroq hisoblanadi.

3.1. L2TP/IPsec VPN sozlash

PPP bo‘limiga kiring.
“Profiles” bo‘limiga o‘ting va “Add New” tugmasini bosing:
- Name: VPN_Profile
- Local Address: 192.168.100.1 (bu MikroTik’ning VPN uchun ajratilgan IP-si)
- Remote Address: 192.168.100.100-192.168.100.200 (VPN mijozlar uchun IP diapazoni)
- “Apply” va “OK” tugmalarini bosing.
“Secrets” bo‘limiga o‘ting va “Add New” tugmasini bosing:
- Name: vpn_user
- Password: strongpassword
- Service: l2tp
- Profile: VPN_Profile
- “Apply” va “OK” tugmalarini bosing.
L2TP Server’ni yoqish:
- “PPP” bo‘limida “L2TP Server” tugmasini bosing.
- “Enable” tugmasini bosing.
- “Use IPsec” opsiyasini yoqing va “IPsec Secret” maydoniga vpn_secret parolini kiriting.
- “Apply” va “OK” tugmalarini bosing.
Firewall qoidalarini qo‘shish:
- IP → Firewall → “Filter Rules” bo‘limiga o‘ting va “Add New” tugmasini bosing:
  - Chain: input
  - Protocol: udp
  - Dst. Port: 500, 1701, 4500
  - Action: accept
- “Apply” va “OK” tugmalarini bosing.

3.2. VPN mijozni sozlash (Windows)

Tarmoq sozlamalariga kiring va “Add a VPN connection” tugmasini bosing.
“VPN Provider” sifatida “Windows (built-in)” ni tanlang.
“Connection Name” ga MikroTik VPN deb nom bering.
“Server Name or Address” maydoniga MikroTik’ning DDNS domenini yozing (masalan, mikrotik.ddns.net).
“VPN Type” sifatida L2TP/IPsec ni tanlang.
“Pre-shared key” maydoniga vpn_secret ni kiriting.
“Username” maydoniga vpn_user va “Password” ga strongpassword ni kiriting.
“Save” tugmasini bosib, “Connect” qiling.

4. Xulosa

Agar statik IP bo‘lmasa, MikroTik’ga masofadan ulanish uchun DDNS yoki VPN ishlatish mumkin. DDNS tez sozlanadi, lekin VPN xavfsizroq..