EoIP tunnel through NAT?

RouterOS General
1

I’m trying to establish an EoIP tunnel between an RB411 and an RB433.


Here is my network setup:

x.x.x.x Public IP
||
[Firewall x.x.x.x =/= 10.0.10.1]
||
10.0.10.0/24 network
||
[Windows Small Business Server 10.0.10.115 =/= 192.168.16.2]
||
192.168.16.0/24 network


The RB411 is on the 10.0.10.x network with the IP 10.0.10.200
The RB433 is on the 192.168.16.x network with the IP 192.168.16.88


I can ping the RB411 from the RB433.

I have a tunnel configured on each RB using the following command on each:

on the RB411:
interface eoip add remote-address=10.0.10.115 tunnel-id=1 mac-address=00-00-5E-80-00-01 disabled=no
ip address add address=10.5.5.1/24 interface=eoip-tunnel1
(note, 10.0.10.115 is the IP of the small business server, which the RB433 is NAT’ed bedhind)



on the RB433:
interface eoip add remote-address=10.0.10.200 tunnel-id=1 mac-address=00-00-5E-80-00-02 disabled=no
ip address add address=10.5.5.5/24 interface=eoip-tunnel1




Is there a way to make sure the tunnel is being established? I can’t ping or access either RB from the other using the 10.5.5.x addresses. Do I need to do anything with the small business server’s firewall/NAT rules? What ports do the EoIP tunnels use so I can pass those through from 10.0.10.115->192.168.16.88

What setup is needed to route traffic from selected devices behind a Google Wifi NAT through a VPN tunnel?
2

Due to NAT Your router with ip 192.168.x.x can get access to 10.x.x.x one, but not the other way around. Only way to DST-NAT packet with GRE protocol, with your nat would be Mikrotik that can be done with:

/ip firewall nat
add action=dst-nat chain=dstnat comment="" disabled=no in-interface=wan \
    protocol=gre to-addresses=local-ip-address

EoIP is working on GRE protocol, read about forwarding GRE on Windows SBS

Best Regards
cieplik

3

Which mikrotik do I run that on? Or is that what I would do if the Mikrotik was doing the NAT instead of the SBS?