The Management VPN

When you onboard a MikroTik router to MikroCloud, we automatically configure a management VPN tunnel to the router. The management VPN is used for the following:

  • Real-time tasks that are executed using the native RouterOS API
  • Secure log ingestion, SMTP collection and traffic flow services
  • Transport layer for our RADIUS services
  • To get Winbox or SSH access to the router (see Transient Access)

IP Address Space for Management VPN

Our management VPN makes use of the private address space specified in RFC6598 - This ensures that the address space won't conflict with RFC1918 private LAN networks or public IP addresses. The VPN tunnel is established on TCP port 8443, which is effective at punching holes in NAT environments.

Benefits of RFC 6598 Private Address Space

Using the RFC 6598 private address space provides the following benefits:

  • Avoids collisions with commonly used private LAN networks (RFC 1918)
  • Ensures compatibility with a wide range of network configurations

The VPN tunnel connects to on TCP port 8443, which resolves to either or

Was this page helpful?