Access an OLT through MikroTik
Reach the web interface of an OLT sitting behind your MikroTik router — from anywhere — by pairing a remote with one NAT rule. No public IP and no CGNAT headaches.
Your OLT has no direct path from the internet. MikRouter solves this with a VPN tunnel: your MikroTik dials out to a MikRouter server, and the server forwards a public address + port down that tunnel. You add one NAT rule on the MikroTik that hands the traffic to the OLT on your LAN. The result: opening ph1.mikrouter.com:44541in your browser lands you on the OLT's login page.
Before you start, make sure you have
- A MikRouter account with enough credits or a payment method.
- Winbox open and connected to the MikroTik that the OLT sits behind.
- The OLT's LAN IP address and web port — e.g.
192.168.1.10on port80. Check this under IP›DHCP Server›Leases in the MikroTik, or from the OLT itself.
Create a remote for the OLT
Remote Accounts
Manage your remote access accounts. Drag to rearrange.
Office Router
OnlinePick a server close to you, set a Duration, and choose a VPN Service (L2TP is easiest). The key field for an OLT is Service Port:
| Field | Value | Note |
|---|---|---|
| VPN Service | OVPN | See the OVPN guide |
| Service Port | Other | Not Winbox/HTTPS — those point at the router |
| Port | 8080 | Any free port on the tunnel |
| Protocol | TCP | OLT web UI is TCP |
| Remote Name | OLT — Site name | Anything you like |
Why “Other” for the Service Port?
8080— you'll aim it at the OLT in step 5. 1. Remote Server
PH 1
🇵🇭 PHL2TP, SSTP, OVPN
SG 1
L2TP, SSTP
US 1
OVPN
2. Service Configuration
3. Details
Purchase Summary
- Server
- PH 1 (PH)
- Duration
- 1 Week(s)
- VPN Service
- OVPN
- Service Port
- 8080 (TCP)
- Total
- PHP 10
Pay and confirm
Copy your connection details
OLT — Barangay Site
OnlineVPN Credentials
Username
mr-8x3k9p
Password
a1b2c3d4e5
Connect To
ph1.mikrouter.com
Assigned Port
44541
Remote URL
ph1.mikrouter.com:44541
Use this address to connect via Winbox, SSH, HTTP, or API.
Quick Setup
/interface l2tp-client add name=mikrouter-l2tp-mr-8x3k9p connect-to=ph1.mikrouter.com user=mr-8x3k9p password=a1b2c3d4e5 disabled=no
| Field | Value | Note |
|---|---|---|
| Connect To | ph1.mikrouter.com | VPN server address |
| Username | mr-8x3k9p | PPP username |
| Password | a1b2c3d4e5 | PPP password |
| Remote URL | ph1.mikrouter.com:44541 | Server : your assigned port |
| Service Port | 8080 | The port you chose in step 1 |
Build the VPN tunnel on the MikroTik
/interface l2tp-client add name=mikrouter-l2tp-mr-8x3k9p connect-to=ph1.mikrouter.com user=mr-8x3k9p password=a1b2c3d4e5 disabled=no
Prefer clicking? Add it by hand instead: go to PPP, click + › L2TP Client, and on the Dial Out tab fill in:
| Field | Value | Note |
|---|---|---|
| Connect To | ph1.mikrouter.com | Your Connect To value |
| User | mr-8x3k9p | PPP username |
| Password | a1b2c3d4e5 | PPP password |
| Profile | default-encryption | Select this profile |
| Allow | mschap2, mschap1, chap, pap | Check all four |
Using SSTP, OVPN or PPTP? Follow the matching VPN Client Setup guide. Either way, confirm the client shows an R (running) flag and the remote's badge turns Online.
Point the port at the OLT
/ip firewall nat add chain=dstnat protocol=tcp \
in-interface=mikrouter-l2tp-mr-8x3k9p dst-port=8080 \
action=dst-nat to-addresses=192.168.1.10 to-ports=80 \
comment="mikrouter OLT"| Field | Value | Note |
|---|---|---|
| in-interface | mikrouter-l2tp-… | The VPN client from step 4 |
| dst-port | 8080 | The Service Port you chose |
| to-addresses | 192.168.1.10 | Your OLT's LAN IP |
| to-ports | 80 | OLT web port (443 for HTTPS) |
Prefer the menus? Go to IP›Firewall›NAT and add the same values on the General and Action tabs.
If the page still won't load
/ip firewall nat add chain=srcnat dst-address=192.168.1.10 action=masquerade comment="mikrouter OLT return"
Open the OLT from anywhere
| Field | Value | Note |
|---|---|---|
| Address | http://ph1.mikrouter.com:44541 | Use https:// if the OLT port is 443 |
OLT Management
EPON / GPON Controller
You'll see the OLT's own login page. Sign in with the OLT's username and password — not your MikroTik or MikRouter login. Need a second device too? Buy another remote, pick a different Service Port (say 8081), and add another NAT rule pointing at it.
Troubleshooting
Remote shows “Offline” in the dashboard
- The VPN client isn't connected — recheck step 4 (username, password, server address).
- Make sure your ISP isn't blocking the protocol; try SSTP (port 443) if L2TP won't connect.
- Confirm the subscription hasn't expired.
Online, but the browser page times out
- Check the NAT rule from step 5 —
dst-portmust equal your Service Port (8080), andto-addresses/to-portsmust match the OLT. - From New Terminal run
/ping 192.168.1.10to confirm the MikroTik can reach the OLT. - If ping works but the page doesn't load, add the
srcnat masqueraderule from step 5.
Page loads but looks broken / won't log in
- Some OLTs only serve HTTPS — try
https://and set the NATto-ports=443. - Use the OLT's own admin credentials, not your router or MikRouter login.
Quick recap
- Buy a remote — set Service Port = Other (8080, TCP).
- Copy the credentials & Remote URL from the detail page.
- Create the VPN client on the MikroTik (paste the Quick Setup command).
- Add one NAT rule forwarding port 8080 → the OLT's IP:80.
- Browse to
ph1.mikrouter.com:44541— you're on the OLT.