Hi!
We have a very fast but unsecured wifi-connection between two buildings. So we put two mikrotik cloud core router in each building to built up an IPsec-secured EoIP-tunnel. The tunnel works fine. But: How do we have to config the Firewall?
We don’t want any traffic outside the EoIP-Tunnel between the two routers. What do we have to do?
Router 1
Ethernet 1 (WAN): 10.200.255.1
Ethernet 2 (LAN)/Bridge: 10.77.75.201 (VLAN 75)
Router 2
Ethernet 1 (WAN): 10.200.255.2
Ethernet 2 (LAN)/Bridge: 10.77.75.202 (VLAN 75)
Config Router 1:
/interface bridge
add mtu=1504 name=BRIDGE_Traffic protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] advertise=\
100M-half,100M-full,1000M-half,1000M-full comment=WAN mtu=1540 speed=1Gbps
set [ find default-name=ether2 ] comment=LAN mtu=1504
/interface eoip
add allow-fast-path=no clamp-tcp-mss=no ipsec-secret=\
"something" !keepalive local-address=\
10.200.255.1 mac-address=00:00:5E:FF:FF:F1 mtu=1504 name=eoip-tunnel1 \
remote-address=10.200.255.2 tunnel-id=1000
/ip neighbor discovery
set ether1 comment=WAN
set ether2 comment=LAN
/interface vlan
add interface=BRIDGE_Traffic name=VLAN_BRIDGE.75 vlan-id=75
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/interface bridge port
add bridge=BRIDGE_Traffic interface=ether2
add bridge=BRIDGE_Traffic interface=eoip-tunnel1
add bridge=BRIDGE_Traffic interface=ether8
/ip address
add address=10.200.255.1/30 interface=ether1 network=10.200.255.0
add address=10.77.75.202/24 interface=VLAN_BRIDGE.75 network=10.77.75.0
/ip route
add distance=1 gateway=10.77.75.1