I configured my RotuerOS v6.43.4 with 3 public IP addresses on the WAN (ether1-gateway) interface. All 3 IP addresses belongs to the same /29 subnet provided by a single ISP.
[admin@gw-sik-mi] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; LAN
192.168.114.1/24 192.168.114.0 bridge1
1 172.28.0.2/24 172.28.0.0 TunnelToOffice2
2 192.168.115.1/24 192.168.115.0 ether4-guests
3 10.62.35.219/29 10.62.35.216 ether1-gateway
4 10.62.35.220/29 10.62.35.216 ether1-gateway
5 10.62.35.221/29 10.62.35.216 ether1-gateway
[admin@gw-sik-mi] /ip address>
Then I added an IP tunnel to a second RouterOS using the last public IP:
[admin@gw-sik-mi] /interface ipip> print
Flags: X - disabled, R - running, D - dynamic
# N MTU ACTUAL-MTU LOCAL-ADDRESS REMOTE-ADDRESS
0 R T 1400 1400 10.62.35.221 10.229.41.193
[admin@gw-sik-mi] /interface ipip>
All works fine until a reboot. After a reboot, it seems that the IPIP tunnel service binds to the 1st IP address of the ether1-gateway interface: all packets i can sniff on ether1-gateway, protocol ip-encap, no longer originates from the tunnel IP address (10.62.35.221) but from the lowest IP address of the interface (10.62.35.219).
The configuration reported with /interface ipip print is still reporting 10.62.35.221 as tunnel source, but sniffed ip-encap traffic comes from 10.62.35.119.
The only workaround I have found is to reconfigure the IPIP Tunnel to use the 1st IP address of the WAN interface (10.62.35.219), reboot, and it started to work.
But I would like to use 10.62.35.221 as tunnel source address.
is it possible?
What I’m doing wrong? Is it a bug?
Thank you.