EOIP Tunnel

rizwan602 · July 18, 2013, 6:11pm

Hello,

Is there a way to set up EOIP tunneling so that I can have 1 MikroTik RB750GL acting as a “server”? Meaning as a SERVER it is LISTENING to connections from ANY ip address?

I tried setting up EOIP tunnel and its asking me for a REMOTE IP address.

I have used www.dcbnet.com 's product ET-3302 and its using a RouterBoard 450 and it can act as a SERVER. Other ET-3302’s can point to the server’s IP address to establish an EOIP tunnel. The SERVER is listening to connections from ANY IP address. I can’t seem to do this on the RouterOS/WebFig.

Thank you!

Rizwan

efaden · July 18, 2013, 11:40pm

I’m interested in this as well. Although I don’t think it is possible. Right now I use an EoIP tunnel + IPSec for a site to site VPN between two sites with dynamic IPs. I used a script I pieced together to update the Dynamic IPs in the IPSec and EoIP config.

Cha0s · July 21, 2013, 1:14pm

efaden:

rizwan602:

Hello,

Is there a way to set up EOIP tunneling so that I can have 1 MikroTik RB750GL acting as a “server”? Meaning as a SERVER it is LISTENING to connections from ANY ip address?

I tried setting up EOIP tunnel and its asking me for a REMOTE IP address.

I have used http://www.dcbnet.com 's product ET-3302 and its using a RouterBoard 450 and it can act as a SERVER. Other ET-3302’s can point to the server’s IP address to establish an EOIP tunnel. The SERVER is listening to connections from ANY IP address. I can’t seem to do this on the RouterOS/WebFig.

Thank you!

Rizwan

I’m interested in this as well. Although I don’t think it is possible. Right now I use an EoIP tunnel + IPSec for a site to site VPN between two sites with dynamic IPs. I used a script I pieced together to update the Dynamic IPs in the IPSec and EoIP config.

Hello,
Can you provide the script?

I am trying to implement IPsec using dynamic IP and even though the script tries to update the IP on the IPsec policy and peer, for some reason the value on the policy is being added as: x.x.x.x**/0**
My variable containing the IP definitely does not have a /0 in the end.
I use the same variable to update the EoIP interface address with no problem.

Only in the IPsec policy for some reason adds a ‘/0’ after the IP.

efaden · July 21, 2013, 1:38pm

This is the script I am using…

I am using the comments to find the correct tunnel/policy/peer.

:global LocalSite 
:global RemoteSite 

:if ([ :typeof $LocalSite ] = nil ) do={:set LocalSite 0.0.0.0/32}
:if ([ :typeof $RemoteSite ] = nil ) do={:set RemoteSite 0.0.0.0/32}

:local PolicyNumber [/ip ipsec policy find comment=Site2]
:local PeerNumber [/ip ipsec peer find comment=Site2]
:local TunnelNumber [/interface eoip find name=eoip-tunnel1]

:local DisablePeer true
:local FlushSAs true
:local KillConnections true

:local CurrentLocalSite [:resolve Host1]
:local CurrentRemoteSite [:resolve Host2]

:if ($LocalSite != $CurrentLocalSite || $RemoteSite != $CurrentRemoteSite) do={ 
  /ip ipsec policy set $PolicyNumber dst-address=$CurrentRemoteSite src-address=$CurrentLocalSite sa-dst-address=$CurrentRemoteSite sa-src-address=$CurrentLocalSite
  /ip ipsec peer set $PeerNumber address="$CurrentRemoteSite/32"
  /interface eoip set $TunnelNumber remote-address=$CurrentRemoteSite

  :if ($DisablePeer) do={
    /ip ipsec peer disable $PeerNumber
    /ip ipsec peer enable $PeerNumber  
  }

  :if ($FlushSAs) do={
    /ip ipsec installed-sa flush
  }

  :if ($KillConnections) do={
    /ip ipsec remote-peers kill-connections 
  }

  :set LocalSite $CurrentLocalSite
  :set RemoteSite $CurrentRemoteSite
}

Cha0s · July 21, 2013, 1:41pm

Thanks!!

efaden · July 21, 2013, 1:53pm

No problem. Let me know if it doesn’t work. I have that scheduled to run every 10 minutes.

Cha0s · July 21, 2013, 2:34pm

It needed some minor modifications to work on my setup, but it worked like a charm!

My mistake was that missing ‘/32’ suffix so mikrotik was adding a /0 on its own.

Thanks again mate

efaden · July 21, 2013, 2:40pm

No problem. Glad it’s working.

Sent from my SCH-I545 using Tapatalk 2