EoIP with public IP

ekpesinyang · September 16, 2017, 8:01pm

https://wiki.mikrotik.com/wiki/Manual:Interface/EoIP.

I read the above and need to know if it will work on public ip address and also can the config work with VPN.

amt · September 16, 2017, 10:34pm

Both of yes
its work on puplic ip, you can use for vpn

ekpesinyang · September 17, 2017, 3:59am

How does the config look like please…

amt · September 17, 2017, 11:24am

Can you share what you need ?
Also both router should be mikrotik for eoip.

ekpesinyang · September 17, 2017, 10:02pm

I have 2 locations with public IP addresses.we have 20 users at each location and a server running an accounting package. We want to share resources from each location to the other location. We also have a cctv which should be viewed by the MD and IT Admin from any other locations they are. I have 2 mikrotik RB3011-RM router on both locations. Each site has a bandwidth of 2MB/2MB running.

amt · September 18, 2017, 6:06am

Here is example with ipip tunnel that I use for vpn 2 location.. you can use eoip also instead ipip

at your Location-1

/interface ipip
add !keepalive local-address=Location-1PuplicIP name="to location-2" remote-address=Location-2PuplicIP
/ip address
add address=172.16.120.102/30 interface="to location-2" network=172.16.120.100
add address=192.168.1.1/24 comment="location1 Local network" interface=ether1 network=192.168.1.0
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway="to location-2"

at your Location-2

/interface ipip
add !keepalive local-address=Location-2PuplicIP name="to location-1" remote-address=Location-1PuplicIP
/ip address
add address=192.168.0.1/24 comment="location-2 local network"interface=ether1 network=192.168.0.0
add address=172.16.120.101/30 interface="to location-1" network=172.16.120.100
/ip route
add distance=1 dst-address=192.168.1.0/24 gateway="to location-1"

with this config you can reach 192.168.1.0/24 from location-1 and you can reach 192.168.0.0/24 from location-2

scampbell · September 18, 2017, 11:04pm

For EoIP on Public interfaces do not forget to allow GRE (47) on your input rules.

ekpesinyang · September 19, 2017, 9:11am

Why that and how please.

amt · September 19, 2017, 9:42am

I think ekpesinyang telling that rule below if you have firewall on your routers,

/ip firewall filter
add action=accept chain=input protocol=gre

mducharme · September 19, 2017, 4:57pm

For security reasons, it is best allow GRE on input only from the IP of the far end.

ekpesinyang · September 20, 2017, 5:11am

Should that be implemented on both Routers. I hope that will not also block the administrative privileges. what i mean is that if need be that I’ve to logging to the router from another public IP to make some urgent changes.

ebreyit · September 20, 2017, 9:02am

Admin ports should not be directly open via Public IP.

Either use port knocking or a VPN to manage the router from the Internet