Community discussions

MikroTik App
 
ivanperino
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Sat Jan 20, 2007 4:34 am

EoIP security?

Thu Nov 05, 2009 8:52 pm

Hello there.
I am using EoIP over internet directly between two routers, I am not sure if this is a good practice. I set up an EoIP in each router at each end. The first one has the public remote address of the other router and vice versa.
The thing is, there is not any security setting in order to deny access from third routers trying to access one of my routers.

I have filtered 43(gre) protocol comming from unknown IPs, but with this rule I have blocked PPTP remote connection as well! because they also use 43(gre) protocol.

May be I have not understood the correct use of an EoIP interface.
Please I need your help.-

Thank you very much
 
changeip
Forum Guru
Forum Guru
Posts: 3820
Joined: Fri May 28, 2004 5:22 pm

Re: EoIP security?

Thu Nov 05, 2009 10:21 pm

run eoip over a pptp or l2tp tunnel.
Colo and Wholesale Bandwidth Available! Sales at SanDiegoBroadband dot com
 
XTLMeth
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Sep 07, 2009 7:10 am

Re: EoIP security?

Thu Nov 05, 2009 11:45 pm

BTW gre is protocol number 47 not number 43.
 
ivanperino
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 70
Joined: Sat Jan 20, 2007 4:34 am

Re: EoIP security?

Fri Nov 06, 2009 4:04 am

Sorry, 47; you are right. Any other Idea?
I think EoIP over L2TP is nonsense giver L2TP offers almost the same characteristics than EoIP why should I implement EoIP over L2TP?? what about the payoad? In that way, I will only exploit less than 20% of bandwith! Useful load over EoIP over L2tp over IP... I hope not to be wring
 
changeip
Forum Guru
Forum Guru
Posts: 3820
Joined: Fri May 28, 2004 5:22 pm

Re: EoIP security?

Fri Nov 06, 2009 5:04 am

l2tp uses authentication and eoip does not.

l2tp also can provide encryption, eoip does not.

you are already fragmenting packets using eoip, so adding l2tp isnt going to fragment it any more that it is already.

with 3.x you can bridge l2tp tunnels directly to ethernet by setting > 1500 MRRU. This might be more efficient than eoip, but i havent tested performance.

depends on your goals, there are 5 ways to do anything in RouterOS : )
Colo and Wholesale Bandwidth Available! Sales at SanDiegoBroadband dot com

Who is online

Users browsing this forum: Google [Bot] and 68 guests