I have tried IPIP and EoIP tunnels but can’t get them to work. I have to be doing something wrong. 
The 2.9 docs show how to do them and the wiki has one. But I can’t get them working.
I have two test RB500s w/ 2.9.23 on them that were recently cleared with a /system reset. Here are their current settings:
- The first one (MTR1) is attached to my internal network with the correct gateway and DNS info to get out.
- The second one (MTR2) is attached to MTR1 thru ether9 on both ends.
- All ether ports on both RB500s are active and addressed.
- MTR1 has ether2 to ether9 addressed as 10.10.12.1/24 thru 10.10.19.1/24.
- MTR2 has ether2 to ether9 addressed as 10.10.22.1/24 thru 10.10.29.1/24.
- Both routers have a seperate DHCP pool and server for each ether port except ether9 (their link to each other).
- Both routers have NAT masq active.
If I setup ether9 on MTR1 as gateway for MTR2 ether9 then it works as another client on MTR1. The problem here is I can’t see any of the addresses inside MTR2 from MTR1. It’s also a royal pain to setup static IPs that come from outside to go thru MTR1 into MTR2.
I have tried following the examples in the docs for IPIP and EoIP but they just sit there not responding. If anyone has any ideas of what I should be looking for or what I’m missing because the examples assume a certain config, please speak up.
I’m at work right now so I don’t have access to those routers.
thanks
Have you turned on Proxy ARP on the LAN interfaces on each router?
Regards
Andrew
No…but I’ll give it a try.
Problem with that is I had to turn off proxy-arp on the production routers because they kept holding onto the MAC addresses of CPEs when we tried to adjust their addresses from the default factory IP to our command net. And our field systems couldn’t change IPs for the same reason.
But that isn’t an all-or-nothing setting. I guess I can set proxy-arp on only the tunnel interfaces…
Thanks for the quick resonse!
This seems like another pain network… Let’s see what we have…
MTR1:
ether2 - 10.10.12.1/24
ether3 - 10.10.13.1/24
ether4 - 10.10.14.1/24
ether5 - 10.10.15.1/24
ether6 - 10.10.16.1/24
ether7 - 10.10.17.1/24
ether8 - 10.10.18.1/24
ether9 - 10.10.19.1/24
MTR2:
ether2 - 10.10.22.1/24
ether3 - 10.10.23.1/24
ether4 - 10.10.24.1/24
ether5 - 10.10.25.1/24
ether6 - 10.10.26.1/24
ether7 - 10.10.27.1/24
ether8 - 10.10.28.1/24
ether9 - 10.10.29.1/24
Now, you state that ether9 on both MTR1 and MTR2 are connected to each other… Thus, you have 10.10.19.1/24 and 10.10.29.1/24 on seperate routers. They won’t talk to each other as they are not in the same subnet (group). Give MTR2 a alias on ether9 that is in the same subnet of the addresses on MTR1, or vice versa.
From what I can see, you have no need to NAT / MASQ any traffic either.
Once your basic network is right and the two routers can actually talk to each other, try the tunnels again - they should work fine. If you can’t talk to the endpoints without using tunnels, chances are very slim that you’ll be able to talk to them by using a tunnel…
Networking 101… c’mon 
–
C
Sorry…misprint/incomplete on my part 
ether9 on MTR1 is 10.10.19.1/24
ether9 on MTR2 is 10.10.19.11/24
Based on the examples, I was trying to use 10.111.111.1 and 10.111.111.2 as IPs for the tunnel ends.
As for the “another pain network” and “networking 101” cracks, that’s why I’m asking for help. 
I know I’m not on par with most of the users in here. I have been put into the role of netadmin but I’m really just a hardware jockey / linux nut with a basic understanding of networking.
From my reading of the MT docs I thought it would be best/easiest to setup seperate networks (10.10.xx.1\24) on each ether port and serve seperate dhcp scopes to each.
If this is incorrect or inefficient please straighten me out. Point me to something that will help get something working. Maybe if I explain what I’m after…
My need is to have both routers be able to see each other as if they were one big router. At some point we will have to start using radius (and yes I’m digging thru that can of worms). I also need to run static (outside) IPs to some clients, this would be easier to configure once.
Thanks for your suggestions. I will play with the NAT settings also. I mean if I don’t need it…
Ok,
- As I said, don’t NAT - you don’t need it
- You will need a couple of static routes so that MTR1 knows all the networks on MTR2 and vice versa. RIP/OSPF will be good for this
- See if you can talk directly to the endpoints, prior to trying a tunnel
If your routing is right, and you want to setup a tunnel between 10.10.12.1 to 10.10.28.1, then
- 10.10.12.1 must be able to ping 10.10.28.1
- 10.10.28.1 must be able to ping 10.10.12.1
Once comms are working, create the tunnel, and then see where that gets you…
–
C