Just hearing about EoIP – I know nothing about it except what I’ve read in some threads here.
If I use EoIP to connect a bunch of MT-device-running locations that are currently connected using Wireguard:
Will “neighbors” in Winbox show all MT devices in all location?
If I run an IP scan on a subnet that spans multiple of these locations, will it show the MAC addresses of all IP devices it discovered (layer 2, I believe)?
What is the main functional/useful benefit (or 2) of running EoIP?
Not an expert here but if you add EoIP interface as a bridge on both routers then it should be possible as you are connecting routers on L2 so their mac addresses could be transmitted over that new tunnel. But if im wrong someone will correct me.
You should be able to do so, you are bridging two networks together on L2. You can do IP scan even over just VPN.
3.So for example you have wireless connection from your main office to for example remote location and you want to join two networks on L2, in that case you can use EoIP.
And how would a user’s experience be enhanced by this expanded ability to bridge LANs?
For example, with Wireguard in place, I can have my Home Assistant server communicate directly using IP with every device across networks in different physical locations; I can view every IP camera; I can easily monitor network status; and lots of other things.
What can I do with a layer-2 connection in place between separate locations each connected to each other over the Internet via Wireguard?
Apart from the earlier referenced way to use it for ROMON propagation, I used it already to bridge two Tik devices on either side of a managed switch out of my control with VLAN data which would otherwise not pass through that switch.
But in the mean time I changed that switch and made my life a bit easier
(but it can be done).
Where I first used it for:
SXT device in France with behind it cAP AC and cAP mini.
Wireguard connection to Hex at home from SXT.
EOIP across wireguard from SXT to Hex.
Wireguard connection from laptop to home (other wireguard)
Wherever I was with my laptop, I could connect to home router and via ROMON I saw all my devices. Including those in France.
Even (which sometimes happened at home, especially in the beginning when still learning quite some stuff) when complete IP setup was borked.
You can include that remote location in the same subnet as your home subnet once that EOIP connection is there (but then you need to add it to bridge).
DHCP, etc. will all work as if it was one big subnet.
Personally I would not do that (I prefer to split subnets based on location) but I can see applications where it might be useful.
Wireguard is just a carrier here.
You can also use IPSEC, MPLS, BGP, OVPN, … whatever.
So EoIP is useful for admin purposes, as well as any non-admin type applications that specifically require layer-2 (OSI Data Link Layer, not blockchain or other environments that have a layer-number system ( connectivity to function (I don’t know what those might be, but I assume they exist).
Basically yes is my impression. I did it just for fun and was tired of looking on a cheat sheet the IP address and Port assigned to natted router, and a remote MT router and throiugh EOIP & Romon I dont need to… A bit of a lazy approach but if one has many routers/devices not on the directly connected nework, it would be a godsend.
Well, you need two Mikrotik routers first, so you may be beyond a “regular home” once you have that.
But it’s always best to start with the problem and sites/map/diagram… There are many ways to connect two routers, EoIP being just one.
In most cases, ZeroTier be better option if you need a “fake” ethernet cable. But ZT isn’t always an option, and EoIP doesn’t require a controller sometime, so little different. EoIP is only point-to-point, so it’s not quite same as ZeroTier. But in both ZeroTier and EoIP, you sending entire ethernet frames inside a tunnel & this means less of the packet is used for the data, so it’s not particular efficient if your only dealing with IP traffic (which is most things). And by sending ethernet frames, you add more considerations (e.g. potentially sending BPDU/“STP”, messing up bridge MTU and/or packet fragmentation) – so EoIP is not one-size-fits-all tool…
And if you really only have IP data, you’d be better off with with WireGuard or IPSec tunnels – since your not sending what is a worthless ethernet frame if data is IP packets to internet/LAN. And making bridge configuration even more difficult with EoIP as ports, and avoided by sticking with Layer3/IP VPNs if that’s possible.
Well, for now i have about 35 routers that are waiting to be connected to office And there is no any real data going through tunnel, its for config purposes only.
One site is connected, but it will be hard to beat 68 routers that @holvoetn have…
I could go without eoip but it was opportunity to learn something new and it’s helpful because alternative is spreadsheet with all IP addresses.
CONCUR, is there enough electricity in Croatia for that many routers??
Beautiful country I am told, a relative visited recently and loved it.
The slight pain in the ass of having to half log into one router to see be able to hit the connect to romon button is well worth it when you see 68 routers show up on the list.
In terms of management of said routers, did you ever check out this service https://remotewinbox.com/
Basically free trial for 30 days for $2 for all devices, is what I see. After that looks like $2 per device per month?
Easily passed onto clients!
I read recently about EoIP being used to create a wireless backhaul between two routers. Theoretically, it seems one could create a mesh AP system that way, rather than just ‘joining’ two ethernet LANs, possibly exploiting additional virtual WiFis. I’ve not done it, and don’t ask me about performance, but it seems possible. I considered it idly when thinking about collecting sensor data in not-close locations, but I’ve liberated an ethernet for backhaul and can bridge the devices thus.
It is, you should come and visit it yourself. Also plenty of electricity in winter time, but with rise in sales of electric cars and hotter and hotter summers who knows… Also on your way you can stop by @holvoetn and get some chocolates
This remote winbox looks great, who knows, maybe give it a shot someday.
I’m not paying for having data / routers passing external parties where I have ZERO trust on what they do or don’t do despite what they may say about it.
zerotrust: Now that’s a perfect company/product name!
And a great motto.
Too bad zerotrust.com is taken – but the registrant’s name is not Zerotrust.
This is a snippet of the website that comes up when going to zerotrust.com:
“Our customers trust us to protect their most critical resources and we take that responsibility seriously. We do the things we say we’re going to, and we don’t promise what we can’t deliver. We count on each other, and we have each other’s backs.”
Good thing I’m not running that company – it would be:
“I don’t trust you and you sure as sh-t shouldn’t trust me, but let’s work together”
But, yes, you can run EoIP over a wireless link – same strategy as outlined in that article: wireless interface on each is un-bridged and assigned a new/different IP subnet for them & for EoIP interface, use the the wireless interfaces as the remote/local address. And it the EoIP interface that may bridged to get a LAN for the wireless clients.
But if you can use normal 802.11 things, that’s more efficient (e.g. skips a stop at the CPU to process EoIP). Especially on AX devices.
connectivity to function (I don’t know what those might be, but I assume they exist).
And there is no any real data going through tunnel, its for config purposes only.