So I have a script that builds the configuration for new remote locations, which I’ve used for quite a while without issues. I have a new site that is using DSL and PPPoE to get it’s static IP rather than me defining it the MikroTik’s configuration.
After installing the RB3011 at the remote site the EoIP, OSPF, IPSEc and MPLS all seem to be happy. However the VPLS will not come up, I’ve checked the configurations and everything seems correct. Any ideas on how I could trouble shoot why the VPLS isn’t connecting/running or why from the remote site I can ping 192.168.250.1 & .2, but from Site A & B I can’t ping 192.168.250.16?
Below are the commands I am using to configure the three routers:
# REMOTE SITE
# ============
/interface bridge add name="Bridge Loopback"
/ip address add interface="Bridge Loopback" address=192.168.250.16
/interface eoip add name="eoip to SITE_A" mtu=1500 tunnel-id=10016 remote-address=24.x.x.x
/ip address add interface="eoip to SITE_A" address=192.168.240.62/30
/interface eoip add name="eoip to SITE_B" mtu=1500 tunnel-id=20016 remote-address=74.x.x.x
/ip address add interface="eoip to SITE_B" address=192.168.242.62/30
/routing ospf instance set [find default=yes] router-id=192.168.250.16
/routing ospf network add network=192.168.240.60/30 area=backbone
/routing ospf interface add interface="eoip to SITE_A" cost=100
/routing ospf network add network=192.168.242.60/30 area=backbone
/routing ospf interface add interface="eoip to SITE_B"
/routing ospf network add network=192.168.250.0/30 area=backbone
/ip ipsec proposal set [find default=yes] auth-algorithms=sha1 enc-algorithms=aes-256-cbc
/ip ipsec peer add address=24.x.x.x secret=<PASS> enc-algorithm=aes-256 nat-traversal=no
/ip ipsec policy add src-address=173.x.x.x dst-address=24.x.x.x sa-src-address=173.x.x.x sa-dst-address=24.x.x.x
/ip ipsec peer add address=74.x.x.x secret=<PASS> enc-algorithm=aes-256 nat-traversal=no
/ip ipsec policy add src-address=173.x.x.x dst-address=74.x.x.x sa-src-address=173.x.x.x sa-dst-address=74.x.x.x
/mpls ldp set lsr-id=192.168.250.16 transport-address=192.168.250.16 enabled=yes
/mpls ldp interface add interface="eoip to SITE_A"
/mpls ldp interface add interface="eoip to SITE_B"
/interface vpls add name="vpls to SITE_A vlan 53" remote-peer="192.168.250.1" vpls-id="53:16" disabled=no
/interface vpls add name="vpls to SITE_B vlan 53" remote-peer="192.168.250.2" vpls-id="53:16" disabled=no
/interface bridge add name="Bridge VLAN 53"
/interface bridge port add bridge="Bridge VLAN 53" interface="vpls to SITE_A vlan 53"
/interface bridge port add bridge="Bridge VLAN 53" interface="vpls to SITE_B vlan 53"
/interface vpls add name="vpls to SITE_A vlan 100" remote-peer="192.168.250.1" vpls-id="100:16" disabled=no
/interface vpls add name="vpls to SITE_B vlan 100" remote-peer="192.168.250.2" vpls-id="100:16" disabled=no
/interface bridge add name="Bridge VLAN 100"
/interface bridge port add bridge="Bridge VLAN 100" interface="vpls to SITE_A vlan 100"
/interface bridge port add bridge="Bridge VLAN 100" interface="vpls to SITE_B vlan 100"
/ip pool add name="DHCP Pool" ranges=192.168.108.200-192.168.108.254
/ip dhcp-server network add address=192.168.108.0/24 gateway=192.168.108.1 netmask=24 dns-server=8.8.8.8,8.8.4.4
/ip dhcp-server add name="DHCP Server" interface="Bridge LAN" address-pool="DHCP Pool" disabled=no
# SITE_A
# ======
/interface eoip add name="eoip to REMOTE_SITE" mtu=1500 tunnel-id=10016 remote-address=173.x.x.x
/ip address add interface="eoip to REMOTE_SITE" address=192.168.240.61/30
/routing ospf network add network=192.168.240.60/30 area=backbone comment="REMOTE_SITE"
/ip ipsec peer add address=173.x.x.x secret=<PASS> enc-algorithm=aes-256 nat-traversal=no comment="REMOTE_SITE"
/ip ipsec policy add src-address=192.168.10.10 dst-address=173.x.x.x sa-src-address=192.168.10.10 sa-dst-address=173.x.x.x comment="REMOTE_SITE"
/mpls ldp interface add interface="eoip to REMOTE_SITE"
/interface vpls add name="vpls to REMOTE_SITE vlan 53" remote-peer="192.168.250.16" vpls-id="53:16" disabled=no
/interface bridge port add bridge="Bridge VLAN 53" interface="vpls to REMOTE_SITE vlan 53"
/interface vpls add name="vpls to REMOTE_SITE vlan 100" remote-peer="192.168.250.16" vpls-id="100:16" disabled=no
/interface bridge port add bridge="Bridge VLAN 100" interface="vpls to REMOTE_SITE vlan 100"
# SITE_B
# ======
/interface eoip add name="eoip to REMOTE_SITE" mtu=1500 tunnel-id=20016 remote-address=173.x.x.x
/ip address add interface="eoip to REMOTE_SITE" address=192.168.242.61/30
/routing ospf network add network=192.168.242.60/30 area=backbone comment="REMOTE_SITE"
/ip ipsec peer add address=173.x.x.x secret=<PASS> enc-algorithm=aes-256 nat-traversal=no comment="REMOTE_SITE"
/ip ipsec policy add src-address=192.168.20.10 dst-address=173.x.x.x sa-src-address=192.168.20.10 sa-dst-address=173.x.x.x comment="REMOTE_SITE"
/mpls ldp interface add interface="eoip to REMOTE_SITE"
/interface vpls add name="vpls to REMOTE_SITE vlan 53" remote-peer="192.168.250.16" vpls-id="53:16" disabled=no
/interface bridge port add bridge="Bridge VLAN 53" interface="vpls to REMOTE_SITE vlan 53"
/interface vpls add name="vpls to REMOTE_SITE vlan 100" remote-peer="192.168.250.16" vpls-id="100:16" disabled=no
/interface bridge port add bridge="Bridge VLAN 100" interface="vpls to REMOTE_SITE vlan 100"