Jasiyo
    MikroTik & Network Setup5 min read

    Phone-home agent: how it works

    Understand how Jasiyo's phone-home agent connects your MikroTik router without exposing any inbound ports, and how commands flow between Jasiyo and your router.

    Traditional router management tools require you to open inbound firewall ports so the server can reach your router directly. This is a security risk โ€” especially when routers are behind NAT, CGNAT, or on dynamic IPs.

    Jasiyo uses a different approach: the phone-home agent. Your MikroTik router initiates all connections outbound to Jasiyo's servers on a schedule. The router "phones home", picks up any queued commands, executes them, and reports back.

    No inbound ports required. Your router never needs to be reachable from the internet. It works behind NAT, CGNAT, double-NAT, and dynamic IPs โ€” exactly how most Kenyan ISP routers are set up.

    Architecture

    MikroTik Router

    โ†“ POST /api/routers/agent (every 30s)

    Jasiyo Servers

    โ†“ Returns: pending commands (or empty)

    MikroTik Router

    โ†“ Executes commands locally

    โ†“ POST results back to Jasiyo

    Jasiyo Servers

    โ†“ Marks commands as done, updates router status

    The agent script runs on a MikroTik scheduler every 30 seconds. Each check-in updates the router's last seen timestamp in Jasiyo, which is how online/offline status is tracked.

    Command lifecycle

    When Jasiyo needs to change something on your router (add a PPPoE secret, disable a user, update a speed profile), it creates a command record in the queue with status pending.

    1. 1Queued โ€” Jasiyo creates the command (e.g. add PPPoE user 'john' with password 'abc123')
    2. 2Delivered โ€” Next time the router checks in, the command is returned in the response
    3. 3Executed โ€” The router runs the command locally using RouterOS scripting
    4. 4Confirmed โ€” The router posts the result back; Jasiyo marks the command as done

    Timing & frequency

    The agent checks in every 30 seconds by default. This means most changes (customer reactivation after payment, suspension, profile updates) take effect within 30 seconds.

    Jasiyo's dashboard shows a router as Online if it has checked in within the last 2 minutes. A pg_cron job runs every 5 minutes and marks customers as offline if their router's last_seen is stale.

    You can reduce the scheduler interval to 15 seconds if you need faster response times, at the cost of slightly more bandwidth from the router. For most ISPs, 30 seconds is the right balance.

    Security

    Each router has a unique Agent Token generated when you add it to Jasiyo. This token is included in every check-in request and is used to authenticate the router.

    • โœ“ All communication is over HTTPS
    • โœ“ Tokens are unique per router and can be regenerated if compromised
    • โœ“ No inbound connections โ€” your router is never exposed to the internet
    • โœ“ Commands are scoped to a single tenant โ€” one ISP cannot affect another's routers
    Back to Documentation