ASK About Tunnel EoIP

RouterOS Beginner Basics
1

First, sorry for my grammar and bad english :frowning:

I have problem setting EoIP Tunnel with RB951Ui-2HnD
It working fine if I am check with traceroute, but if I set routing-mark in mangle, connection from WLAN / Bridge / Ether didn’t going to my EoIP Tunnel.

I am doing same configuration with hAP lite and it WORKING LIKE A CHARM!

Here my configuration :

/interface eoip
add !keepalive mac-address=02:D7:59:FA:E6:5D name=eoip-tunnel1 remote-address=43.245.x.x tunnel-id=99




/ip firewall nat
add action=masquerade chain=srcnat comment="NAT" out-interface=eoip-tunnel1




/ip address
add address=192.168.99.2/30 interface=eoip-tunnel1 network=192.168.99.0




/ip route
add distance=1 gateway=192.168.99.1 routing-mark=tunnel




/ip firewall mangle
add action=mark-routing chain=prerouting disabled=yes new-routing-mark=tunnel passthrough=no

Traceroute test

# ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS                                                                                          
 1 192.168.99.1                       0%    3   6.2ms     6.5     3.7     9.6     2.4                                                                                                 
 2 43.245.xxx.xx                      0%    3  11.7ms     6.9     4.1    11.7     3.4                                                                                                 
 3 103.31.xxx.xx                      0%    3  13.6ms     7.8     4.8    13.6     4.1                                                                                                 
 4 203.207.xx.xx                      0%    3   8.6ms     6.7     4.9     8.6     1.5                                                                                                 
 5 203.xxx.xx.13                      0%    3  37.7ms    30.1    21.1    37.7     6.9                                                                                                 
 6 62.115.xx.xxx                      0%    3  24.6ms    22.1    20.8    24.6     1.8                                                                                                 
 7 62.115.134.43                      0%    3 186.2ms   184.4   183.3   186.2     1.3                                                                                                 
 8 80.239.130.14                      0%    3 234.2ms   211.6     200   234.2      16                                                                                                 
 9 203.208.149.237                    0%    3 221.6ms   223.8   221.2   228.6     3.4                                                                                                 
10 203.208.171.198                    0%    3 222.4ms     222   221.6   222.4     0.4                                                                                                 
11 23.49.28.191                       0%    2 234.7ms     230   225.3   234.7     4.7

Anyone please help to solve my problem
Thanks in advance :slight_smile:

2

Any reason why you are marking route when there is only one single line on your router as per your configuration. Also the NAT rule states everything is going out via eoip tunnel ?

3

prerouting chain does not apply to traffic being generated by the Mikrotik itself - the output chain is required for that.

It seems to me that you’re trying to use a VPN to tunnel everything for some purpose (security, getting past a firewall policy, etc) - if this is the case, you really don’t even need to use route marking.

Just make a /32 route for the remote tunnel server’s public IP:
/ip route add dst=43.245.x.x/32 gateway=x.x.x.x (your real default GW)

Then set the default GW routes as follows:
/ip route add dst=0.0.0.0/0 gateway=192.168.99.1
/ip route add dst=0.0.0.0/0 distance=2 gateway=x.x.x.x (your real default GW)

This way, if the tunnel goes down, the traffic will go out the un-tunneled internet as a backup. (be sure that keepalive=yes is set on the tunnel)

No route marks are needed.