eoip tunne

RouterOS General
1

Hi.
I have two networks that are located in two different cities.
I want to connect two networks through protocol eoip tunnel .
Users through a Ether2 connected to the Internet.(pppoe)

Info Network City1:
Mikrotik:
Ether 1 :IP Internet :94.183.100.1
Ether 2 :IP LAN :192.168.0.150/24

Network:
Rang Ip Address :192.168.0.0/24

Info Network city2:
Mikrotik:
Ether 1 :IP Internet :212.91.10.50
Ether 2 :IP LAN :192.168.110.150/24

Network:
Rang Ip Address :192.168.110.0/24

Plz Help Me For Configure eoip tunnel.

2

Could you explain why you want to use EoIP in this situation? with two different IP Ranges on either ends of your tunnel you will need to route traffic across the link and a routed tunnel may suit you better.

For example, as EoIP is providing a transparent bridged domain across both ends of the tunnel ethernet broadcast compromises both ends of the link. Possibly fine if the network is small but otherwise could be hard to deal with.

Maybe consider a GRE tunnel or other type of routed Tunnel for your needs.

However you need to create the EoIP interface on each router with the remote address as the public IP of the other end and pick a tunnel ID the same at both ends.

Then bridge the EoIP interface created with your internal network and you will have an EoIP link sharing a broadcast domain across the link.

Regards
Alexander

3

Hi Alexander.

Should be connected between two networks.
To make use of a shared resource.

For example: the web Application,FTP File

Can you help me؟
because i’m beginner.

4

Router at City 1

/interface gre
add mtu=1450 name=City-2 remote-address=212.91.10.50
/ip address
add address=192.168.255.1/30 interface=City-2

Router at City 2

/interface gre
add mtu=1450 name=City-1 remote-address=94.183.100.1
/ip address
add address=192.168.255.2/30 interface=City-1

This should create the tunnel between the sites. You can set local-address to the public address on your router if you want to be careful about routing source.

Next you need to decide how much you want to blend your network. You can route all traffic between the two ip ranges

City-1 Router

/ip route
add distance=1 dst-address=192.168.110.0/24 gateway=192.168.255.2


City-2 Router

/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=192.168.255.1

Or if you want to only allow access to a single machine then route it outbound. For example change dst address to 192.168.0.5/32

You can also apply firewall filters so you can limit access to single or range of ports.

Regards
Alexander

5

Keep in mind that this connection is not encrypted. You’d need for example an IPsec tunnel to secure communication.

6

+1. You can easily add make the tunnel go over ipsec… You can set the protocol to “any” in the below also if you want all traffic between the two sites to be encrypted, but I personally just do protocol 47 which is the protocol for GRE/EoIP. This won’t work for IPIP… you have to change the protocol…

City 1
/ip ipsec peer add address=212.91.10.50/32 auth-method=pre-shared-key secret=BLAHBLAH dpd-interval=
disable-dpd dpd-maximum-failures=1

/ip ipsec policy add dst-address=212.91.10.50/32 proposal=default protocol=47
sa-dst-address=212.91.10.50 sa-src-address=94.183.100.1 src-address=94.183.100.1/32City 2
/ip ipsec peer add address=94.183.100.1/32 auth-method=pre-shared-key secret=BLAHBLAH dpd-interval=
disable-dpd dpd-maximum-failures=1

/ip ipsec policy add dst-address=94.183.100.1/32 proposal=default protocol=47
sa-dst-address=94.183.100.1 sa-src-address=212.91.10.50 src-address=212.91.10.50/32