EoIP

Before posting, I did do a search, but after going through a few pages of results, didn’t find a post that explained a solution to my issue.

When I had my last company, I sent everyone to work from home as of 2019 (Pre Pandemic). I got them all a broadband connection, gave them a routerboard, a SIP phone, and then a few APs.

At my house, I had a RB2011, and each of them had a HaP Mini or HaP Lite, depending on there needs.

I created two networks on each of the RBs, ETH1 was WAN, ETH2 was going to there APs for their own personal WiFi. ETH3 went to the SIP Phone but was using an EoIP tunnel back to my place where the PBX was hosted. The HaP Mini and Lite both had built in WiFi which they WiFi connected them to my place so that they could have access to the two servers as well.

This worked very well for us, and I even scripted a little script that basically gave my 2011, which was on a static IP, the new IP address of the staff RB whenever it changed.

I am now trying to set this up to have a network between myself, and two friends. Basically, we each are running our own subnets. Mine is 192.168.26.0/23, the one guy is 192.168.88.0/24, and the last guy is 172.16.x.0/23. (Guess which two of us three have big homelabs).

I can’t get it to work, I just can’t remember how I did it, and the backups are lost in the ether of my dozens of externals. We just want to be able to access devices on each others networks, that is all.

It isn’t how you originally did it but the simple way is to set transit ips on the EOIP tunnels and a static route to each user
You haven’t said if guy 2 and guy3 were directly connected for the excercise I will assume so

So on your router
On EOIP to second guy put address 10.10.10.1/30 and on EOIP to third guy address 10.10.10.5/30

Second guy router
On EOIP to you put address 10.10.10.2/30 and on EOIP to third guy address 10.10.10.9/30

third guy router
On EOIP to you put address 10.10.10.6/30 and on EOIP to second guy address 10.10.10.10/30

On your router confirm you can ping the other 2 routers 10.10.10.2 & 10.10.10.6
Second guy should be able to ping you on 10.10.10.1 and third guy on 10.10.10.10
Third guy should be able to ping you on 10.10.10.5 and second guy on 10.10.10.9

If that all works then you have transits link working so simple static route on the networks

On your router two static routes so it can use the transits for your two mates
/ip route add dst-address=192.168.88.0/24 gateway=10.10.10.2
/ip route add dst-address=172.16.x.0/23 gateway=10.10.10.6

On second guy router same trick so he can get to you and guy 3
/ip route add dst-address=192.168.26.0/23 gateway=10.10.10.1
/ip route add dst-address=172.16.x.0/23 gateway=10.10.10.9

On third guy router rinse and repeat to you and guy 2
/ip route add dst-address=192.168.26.0/23 gateway=10.10.10.5
/ip route add dst-address=192.168.88.0/24 gateway=10.10.10.9


Each person can now access the devices in each other person in a neat triangle network

In my use case, each router is connected with a static public IP address. Want to do 1<->2, 2<->3, 3<->1.

Yes I know so just open those EOIP tunnels using the Public IP’s … the EOIP tunnels don’t give a stuff about the the private IP’s unless you want.

Start with just two sites with just a matching tunnel id (no ipsec) and the penny should drop because you are over thinking it.

Then put the private transit IP’s ON THE EOIP INTERFACE (which is there with or without the tunnel running) and see magically you can ping and IP route thru the tunnel when it’s running. YES IT REALLY IS THAT SIMPLE.

To build your triangle each router will have two tunnels.
1 to 2 & 3
2 to 1 & 3
3 to 1 & 2

When you want to turn on ipsec you need to understand the default settings on IP/IPSEC set the algorithm for phase 1 & phase 2 and peeps get confused so start without it and deal with that last.