Im trying to setup a EoIP tunnel behind a second Mikrotik
The tunnel connects, but I can’t ping, and address and route is setup properly.
Is there something to “open” or anything ?
The first Mikrotik it passes, has nothing in firewall rules except for the masquerade and some open ports.
What are you trying to ping? If you are trying to ping items behind the tunnel, make sure you enable proxy-arp.
I already have working EoIP tunnels with the same setup and I can ping and access perfectly to the other side
This is the not-working EoIP with the proxy-arp as you suggested (which also doesn’t work)
what i just noticed, is that if i send a ping to the eoip subnet, the other “kind of” recieve some traffic, minimum, but I cannot ping to it
I even have “reacheable” net for the subnet im trying to access, but I cant ping to it either.
one of the RB has several WAN, but the IP im pointing is a specific one, do i need to put something special in mangle or nat for eoip to come through that one?
Could you show IPs for both EOIP ends ?
What is 10.0.1.1 network for 10.0.1.2 address ?
I did some modifications for my last picture
I now tried to set 10.10.1.1 for one end and 10.10.1.2 on the other end with the same luck
10.0.0.1 and 10.0.0.2 is another tunnel, working flawlessly with nearly no disconnections
Still cant ping to the new net, no matter what I set, it gives me timeout but shows some bps traffic on both ends.
Bad proxy ARP’ers, bad! You do not need proxy ARP for EoIP to work. If you think you do then, well you’re doing it wrong. Proxy ARP should only be used when it is absolutely required.
Alright, now to the actual topic. EoIP = stretching a broadcast domain. If you simply want to connect two LANs that are already configured as different broadcast domains, well then friends let’s use a different tool. My preferred one is GRE. Yes, EoIP uses GRE to encapsulate your precious proxy-arp’d Ethernet packets. How about we route those little guys instead? Oh ya, way better.
mikrotik1 ↔ internet ↔ mikrotik2
mikrotik1-wan: 10.1.1.2/30 (def 10.1.1.1)
mikrotik1-lan: 192.168.11.1/24
mikrotik2-wan: 10.1.1.6/30 (def 10.1.1.5)
mikrotik2-lan: 192.168.21.1/24
^^ see what i did there, you totally can lab this up with CHR’s in GNS3.
Setup a GRE tunnel between the 2 MikroTik’s.
On mikrotik1:
interface gre add local-address=10.1.1.2 remote-address=10.1.1.6 name=s2sgre-m1-to-m2
ip address add interfaces2sgre-m2-to-m1 address=172.16.1.1/30
ip route add dst-address=192.168.21.0/24 gateway=172.16.1.2
On mikrotik2:
interface gre add local-address=10.1.1.6 remote-address=10.1.1.2 name=s2sgre-m2-to-m1
ip address add interfaces2sgre-m2-to-m1 address=172.16.1.2/30
ip route add dst-address=192.168.11.0/24 gateway=172.16.1.1
Ker-blamo, you’re done. Make sure your generic masquerade rules apply to only traffic with out-interface of your WAN interfaces. You can of course layer on a routing protocol like RIP or OSPF if you dislike static routes. This would be how I would do it if I’m connecting 2 offices and I didn’t need to stretch a broadcast domain.
MikroTik’s are swiss army knives. Chose the right blade.
Side-note: commands may not be fully accurate. I’m doing them from memory without verifying the syntax on a device first. It should be close…