The Management VPN
When you onboard a MikroTik router to MikroCloud, we automatically configure a management VPN tunnel to the router. The management VPN is used for the following:
- Real-time tasks that are executed using the native RouterOS API
- Secure log ingestion, SMTP collection and traffic flow services
- Transport layer for our RADIUS services
- To get Winbox or SSH access to the router (see Transient Access)
Your router needs access to 75.2.118.244
and 99.83.188.232
on TCP
port
8443
in order to establish the management VPN tunnel.
IP Address Space for Management VPN
Our management VPN makes use of the private address space specified in RFC6598 - 100.64.0.0/10
. This ensures that the address space won't conflict with RFC1918 private LAN networks or public IP addresses.
The VPN tunnel is established on TCP port 8443, which is effective at punching holes in NAT environments.
Benefits of RFC 6598 Private Address Space
Using the RFC 6598 private address space provides the following benefits:
- Avoids collisions with commonly used private LAN networks (RFC 1918)
- Ensures compatibility with a wide range of network configurations
The VPN tunnel connects to api.mikrocloud.com
on TCP
port 8443
, which resolves to either 75.2.118.244
or 99.83.188.232
.