I recently purchased a L009 router that I'm very happy with. I'm doing some new wiring in the building and I would like to set up an encrypted link to cross a public space, to reach another router. I would like the two local networks to be in the same L2 domain, and as it turns out this is quite the textbook scenario: https://help.mikrotik.com/docs/display/ ... IP-Example
This is the physical setup I have in mind:
Code: Select all
WAN <----> eth01 [Router L009] eth02 <----> eth01 [Router RB2011] eth02 ----> LAN
|
eth03 ----> LAN
Between the the two routers I'd have an EoIP tunnel with IPSec. Now I'm asking myself how can I tell the router that:
- eth02 should not send LAN traffic on the link
- eth02 should be used exclusively for the EoIP tunnel, and require an EoIP peer to run
- the tunnel running on eth02 must connect back to the LAN bridge, where the rest of the local traffic happens
The first point is quite easy as I'd just remove eth02 from the bridge, but I can't figure out how I can ensure that no traffic but the tunnel runs on that same interface.
Would this be as simple as assigning the local tunnel IP to eth02, and add the tunnel interface to the existing LAN bridge?
I'm sure I'm making this more complicated than it needs to be, and I apologize if this is something trivial. I would like to understand what I'm doing before applying any change.
Thanks!