I want to establish an EoIP tunnel between NA and Europe. The issue is the Europe connections is behind a vodafone router/modem.
I am not sure if it can be put in bridge mode or not. Further it might be providing TV and telephone and thus something an MT router probably cannot replicate.
So my question is, can I attach a MT router behind the Vodafone unit and still establish an EoIP tunnel. I read that both have to be routable?

For example, on the vodafone it is capable of forwarding ports. So if the MT device is on the LAN provided by the vodafone unit, what ports would I need to forward to the MT device (47?)
I'm assuming I would keep the MT in router mode (its WANIP is identical to the LANIP given out by the vodafone etc.). Is this possible or forget about it?

+ lets say I can proceed

Do both WANIPs have to be static? Do I need ddns names if dynamic?

Is having the EoIP tunnel encrypted necessary for all situations, for example between two homes?
What if one only uses tunnel id?

I originally thought that one of the routers would provide dhcp on the eoip tunnel but it seems both sides use the point to point /30 setup or is this just two options of many???

Are there actual ethernet interfaces involved?? Or is that only when you want to attach physical devices to the tunnel (such as an NAS to share files or perhaps an AP so that you can access the tunnel wirelessly from a laptop? In other words why assign ethernet interfaces to EOIP associated bridges??

I understand that ethernet interfaces are not necessarily needed because one can create static routes across the tunnel. Such as location 2, putting in LAN1 subnet as destination address through the applicable eoip tunnel gateway and vice versa, in effect being able to access LANS across the tunnel. I guess this means firewall rules do not apply and that connectivity is established using routes if one wants to share lan access?? Otherwise all tunnel users stay on tunnel LAN and any connected etherport devices??? What kind of an IP address would a PC get connected to such an etherport??? Okay if your lans are on bridges and you want to be able to share lans, the eoip tunnel also has to be on the same bridge?

In other words more confused than enlightened.

can I attach a MT router behind the Vodafone unit and still establish an EoIP tunnel. I read that both have to be routable?

Theoretically you can, but...

what ports would I need to forward to the MT device (47?)

EoIP is technically extended GRE, which runs on IP protocol 47 (protocol! not port!). This might be trouble for many modems/routers which have some simple "port forwarding" for TCP/UDP ports but absolutely no way to forward whole protocol. In addition, most likely you will try to use IPsec (because who want to transmit data through whole world without encryption, right?) and that will bring it on whole another level of forwarding and setting...

Do both WANIPs have to be static? Do I need ddns names if dynamic?

yes and no. You can use ddns for but you can't use it for . Local will be always directly translated to IP and the IP will be saved as the parameter - and it will be NOT updated, if the IP changes (but you can update it via script so it is achievable). You need if you want to use ipsec.

Is having the EoIP tunnel encrypted necessary for all situations, for example between two homes?

It is worse than using PPTP - Without encryption, it has literary no protection - all your data will be visible to everyone who forwards them.

What if one only uses tunnel id?

tunnel-id has no security purpose. It is for identification to pair RX/TX to correct tunnel because IP addresses may be translated. It must be same on both ends of one tunnel, just like in GRE

I originally thought that one of the routers would provide dhcp on the eoip tunnel but it seems both sides use the point to point /30 setup or is this just two options of many???

Not sure what do you mean... EoIP behaves almost same as normal ethernet cable (L1 link) - does not care about netmask, does not care about IP at all...

Are there actual ethernet interfaces involved?? ... In other words why assign ethernet interfaces to EOIP associated bridges??

That depends on your decision and your setup. It is not necessary, however I don't see much use for EoIP if you don't involve some L1/L2 interface, which would use the advantage...
e.g. In my case, I use it to access remote sites same way as if I was in there, plugged to their switch. It makes easier any task, which depends on MAc/L2 communication. Not that I would do that all the time, but I have few ports dedicated on my hAP, which says Site1/Site2 ... if i need to go there, I just plug cable to different port and I don't have to move my ass.

Last paragraph - I got more confused than you, sorry...

tl;dr - EoIP is exactly what name says "Ethernet over IP". Nothing else. Implement it any way, as you would do with regular Ethernet cable. In your case, pretend it is 6000km long cable which starts in America and ends in Europe.

Much thanks vernacik........
The other end is a vodafone T7320 router but dont know which firmware version yet.
Apparently STE ...15 or later can be easily changed to bridge mode which would make an MT behind it then routable, but depends on what other services the vodafone provides.

Lets walk through the process.
A. setup one tunnel site1 (me) site2 (remote)
B. Basic config very easy, add common tunnel ID, and secret word
C. Since using secret word (I assume this is the only ipsec part of the config?), disable fastrack checkbox
DONE

Lets say site 1 has bridge called bridge-home with 5 vlans and site 2 has a plain jane single lan setup.
Can Site 2 devices on the single lan ping and access any device on those vlans?
Can Site 1 vlan devices ping and access any devices on site2

Often I see that the next step is folks build bridge for the EOIP.
The interface for this new bridge is teh EOIP Tunnel.
Then they typically attach an etherport to the bridge as well.

What additional functionality does this provide?
Does this create some layer 2 or layer 3 security?

EoIP is only required if you require L2 adjacency between endpoints. This is typically expressed as stretching a L2 network between to different L3 locations.

If you do not need to stretch L2 then do not.

If you need site to site connectivity with NAT traversal but not L2 stretching you can accomplish it in a number of ways. It could be IPSEC tunnel mode, L2TP/IPSEC or GRE wrapped in IPSEC.

Haha, I love your criteria, but its all wrong for me.
Couldnt care less about what layer I am dealing with, layers are for onions!
What stokes my goat is how easy it is to setup.
I have watched setting up of an EOIP tunnel, no offense but even I can't screw that up (mt gods are snickering namely sob, mkx and in this case the ipsec god sindy)
However looking at the complexity of most other IPSEC setups is only an incentive to forget the whole idea.

However looking at the complexity of most other IPSEC setups is only an incentive to forget the whole idea.

Wanna hear a secret? In my beginning, I once set up GRE (exactly same config as EoIP) just so I could get the advantage of automatic IPsec setup.

Yea, dead simple