Community discussions

 
garyjduk
just joined
Topic Author
Posts: 3
Joined: Wed Jan 23, 2019 4:23 pm

EOIP over PPTP VPN

Wed Nov 06, 2019 10:43 pm

I have a requirement to be able to place Mikrotik routers behind 3rd party routers (that I have no control over) and be able to access these routers and any devices behind them. So I effectively have a remote double NAT situation going on.

After a bit of research and trial and error I do have a working solution that works but just wondering if there are any tweaks I can make to make the routing etc more elegant or better. I have the remote Mikrotik routers connect home (PPTP client) then have an EOIP tunnel connect over that PPTP VPN. When I open Winbox at home I can then see all the remote routers and can then connect to the router or of any devices behind those remote routers.

Everything is working fine but I do get the odd DHCP allocation coming across the EOIP tunnel but I statically assign the devices I need to control. I was going to use different subnets for each router but ended up using the same subnet across all routers.

I have a total of 5 remote Mikrotik routers. These routers are not in any single place permanently and can move around and could be placed behind 3rd party routers with dynamically assigned public IP addresses. I want to be able to connect them behind these routers and they just connect home (which they currently do at the moment)

Is there anything else I can do or do I have best solution already in configured? (Below is a rough diagram of my current solution)

Thanks in advance for any suggestions or advice.

Untitled Diagram.jpg
You do not have the required permissions to view the files attached to this post.
 
Zacharias
Forum Veteran
Forum Veteran
Posts: 760
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: EOIP over PPTP VPN

Wed Nov 06, 2019 11:57 pm

Well there are many ways you can implement this...
Personally i wouldnt use PPTP and probably not EoIP too...
Either i would setup an SSTP server to my home router and configure the remote routers to connect to my SSTP server or in case Layer2 connectivity is important i would implement SSTP with BCP ( Bridge control Protocol ) instead of EOIP..

More information about BCP : https://wiki.mikrotik.com/wiki/Manual:B ... _bridging)
 
garyjduk
just joined
Topic Author
Posts: 3
Joined: Wed Jan 23, 2019 4:23 pm

Re: EOIP over PPTP VPN

Thu Nov 07, 2019 12:47 am

Hmm interesting thanks - I'll set this up on a test router.

What would be the IP/Subnet on both sides with this configuration? Would they need to be different or same?
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1120
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: EOIP over PPTP VPN

Thu Nov 07, 2019 3:47 am

As the previous poster said, you should use a single tunnel and BCP instead of using 2 tunnels.

I would however recommend against SSTP since it is a TCP-based tunnel.
You will run into TCP windowing issues when running TCP sessions inside of a TCP tunnel.

I personally would recommend L2TP over IPSec, with BCP on the L2TP session.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
Zacharias
Forum Veteran
Forum Veteran
Posts: 760
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: EOIP over PPTP VPN

Thu Nov 07, 2019 4:21 pm

What kind of TCP window issues ? Can you give an example ?
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1120
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: EOIP over PPTP VPN

Thu Nov 07, 2019 4:47 pm

This paper gives you a full image on what is going on:
http://citeseerx.ist.psu.edu/viewdoc/do ... 1&type=pdf

4. CONCLUSIONS AND FUTURE WORKS
... First, this paper has clearly shown that using a TCP tunnel usually degrades the goodput of the end-to-end TCP flow ... We have also shown that when the socket buffer size of the end-to-end TCP or the tunnel TCP is not large, the goodput of the end-to-end TCP flow degrades.

Btw, this is the first Google result when searching for "tcp in tcp tunnel" ;)
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!

Who is online

Users browsing this forum: No registered users and 94 guests