IPIP vs GRE

Mike33 · April 19, 2021, 3:55pm

Please give your assessment of what is better to choose for a tunnel between two routers to combine two subnets.
IPIP vs GRE - what’s the difference?

anav · April 19, 2021, 9:58pm

From wiki: “GRE is the same as IPIP and EoIP which were originally developed as stateless tunnels. Which means that if the remote end of the tunnel goes down, all traffic that was routed over the tunnels will gets blackholed. To solve this problem, RouterOS have added ‘keepalive’ feature for GRE tunnels.”

https://help.mikrotik.com/docs/display/ROS/IPIP
https://help.mikrotik.com/docs/display/ROS/GRE
https://help.mikrotik.com/docs/display/ROS/EoIP

Without much knowledge I would say IPIP and GRE are for connecting routers at different sites and EOIP is more for connecting LANS from different sites.

Mike33 · April 20, 2021, 2:09pm

In what cases do I need to specify addresses for both ends of the IPIP-tunnel, and in what cases it is not necessary?
I tried a IPIP-tunnel without addresses - everything works fine.

mhaluska · April 20, 2021, 3:59pm

Not required for single ISP or single WAN IP. If you have multi-ISP uplink or more IPs on WAN and you want to use specific one (not default), then you need to specify

local-address

. You can achieve same using static routes with multi-ISP/WAN-IP, then you can omit

local-address

.

CZFan · April 20, 2021, 5:11pm

When you enable IPsec encryption you will need to specify a local address

mkx · April 20, 2021, 5:50pm

I just tried … and IPsec works just fine without setting local address. Seems it automatically takes local IP address of interface used when routing towards peer. For most users that’ll be interface used by default route.

CZFan · April 21, 2021, 5:50pm

Hmmm, Yup, just tested and seems you are correct.
I guarantee this was not the case a couple of versions ago…

mkx · April 21, 2021, 7:28pm

I’ll take your word on it