We currently have RB1000 and wish to leverage the IPSec offload processor. Since we have particular need we would like to use EoIP as our VPN tunnel architechture.
So we started thinking about building a EoIP tunnel and use IPSec in transport mode over this tunnel. Problem is that remote sites are mainly dynamic. I wish not use another layer such as PPTP or L2TP just to make this thing work. Unless you can confirm that L2TP will also benefits from the specialized hardware offload in the RB1000.
Does anyone created successfully a tunnel using EoIP with a script when remote site are using dynamicaly assign IPs.?
Martin
Re: remote Dynamic IP tunnel using EoIP
You can also use l2tp without encryption, it will be almost just like EoIP.
-
-
superrouter
newbie
- Posts: 44
- Joined:
- Location: ZA
Re: remote Dynamic IP tunnel using EoIP
hi rocky, did you ever get that eoip from dynamic client right ?
-
-
superrouter
newbie
- Posts: 44
- Joined:
- Location: ZA
Re: remote Dynamic IP tunnel using EoIP
here is a script to update a eoip tunnel if your destination is using a ddns service.
:global "eoipint1" "youreoipinterfacename"
:global "eoipconnectclient1" "yourDDNSdomain"
:global "eoip1hostip" [:resolve $"eoipconnectclient1"]
:global "eoipconnectto" [/interface eoip get $eoipint1 remote-address]
:if ($eoip1hostip != $eoipconnectto) do={
:log info "****** Updating EOIP Tunnel for $eoipint1"
/interface eoip set $"eoipint1" remote-address=$"eoip1hostip"}
:if ($eoip1hostip = $eoipconnectto) do={
:log info "**** No Update necessary for EOIP Tunnel $eoipint1"}
What I have done is just set netwatch to ping an ip at thhe other side of the eoip tunnel and if it gets no response to run this script to update the ddns ip.
:global "eoipint1" "youreoipinterfacename"
:global "eoipconnectclient1" "yourDDNSdomain"
:global "eoip1hostip" [:resolve $"eoipconnectclient1"]
:global "eoipconnectto" [/interface eoip get $eoipint1 remote-address]
:if ($eoip1hostip != $eoipconnectto) do={
:log info "****** Updating EOIP Tunnel for $eoipint1"
/interface eoip set $"eoipint1" remote-address=$"eoip1hostip"}
:if ($eoip1hostip = $eoipconnectto) do={
:log info "**** No Update necessary for EOIP Tunnel $eoipint1"}
What I have done is just set netwatch to ping an ip at thhe other side of the eoip tunnel and if it gets no response to run this script to update the ddns ip.
Re: remote Dynamic IP tunnel using EoIP
This one works great in ROS 4.17 !here is a script to update a eoip tunnel if your destination is using a ddns service.
:global "eoipint1" "youreoipinterfacename"
:global "eoipconnectclient1" "yourDDNSdomain"
:global "eoip1hostip" [:resolve $"eoipconnectclient1"]
:global "eoipconnectto" [/interface eoip get $eoipint1 remote-address]
:if ($eoip1hostip != $eoipconnectto) do={
:log info "****** Updating EOIP Tunnel for $eoipint1"
/interface eoip set $"eoipint1" remote-address=$"eoip1hostip"}
:if ($eoip1hostip = $eoipconnectto) do={
:log info "**** No Update necessary for EOIP Tunnel $eoipint1"}
What I have done is just set netwatch to ping an ip at thhe other side of the eoip tunnel and if it gets no response to run this script to update the ddns ip.