How the APP and Cloud Network communications flows works?


#1

Hi I am trying to understand network flows on the APP. My interpretation based on on what I have seeing so far is the following:

  • The APP is used to register the account and put the credentials of the Mikrotik Router.
  • The APP pushes the scripts into the Mikrotik router using the Router access credentials (That means both router and the APP has to be on the same network).
  • The Mikrotik Router adds a VPN automatically using a SSTP Client so the scripts can push the data to your Cloud server(s) (Health Check Script(s))
  • The APP pulls the data from your cloud server with the statistics.

Is my understanding correct?


#2

@ksteink you got most of it correct. I would add that if you have ssh access to the router, you can do the initial setup even from the WAN side.


#3

Understood and thanks. For me opening any port on the WAN interface is a non-go specially SSH as there are tons of bots trying to do brute force attack on these well known management ports.

Thanks for the clarification!


#4

To clarify further:

SSH is used only temporarily when making a new router smart via the app.
Once the setup starts, and throughout the normal operation of the app, all communication between the server and router are done over a secured tunnel to the router’s API port (not ssh).
And the app no longer talks directly to the router.

The initial credentials supplied to start the setup are not used further and not stored anywhere.
They can be disabled on the router.