Page 1 of 1

EoIP tunnel not comunicating

Posted: Thu Nov 30, 2023 11:04 am
by darc
Greetings,
I have a problem with an eoip connection between two mikrotik routerboards (R1 routerOS 6.47.4, R2 routerOS 6.49.8)

I want to reach from router R2 a host that is connected to R1.
From R1 I can reach R2 hosts but not the opposite.

Below are the configurations:


R1:
/interface eoip
add local-address=(public R1 IP) mac-address=02:CE:5C:21:13:4B name=\
    eoip-xxx remote-address=(public r2 ip) tunnel-id=10101

/ip address
add address=172.16.250.1/30 interface=eoip-xxx network=\
    172.16.250.0
    
/ip route
add comment="Route for R2" distance=1 dst-address=192.168.118.0/24 \
    gateway=172.16.250.2



R2:
/interface eoip
add local-address=(R2 PUBLIC IP) mac-address=02:0E:51:E0:B8:89 name=\
    eoip-xxxx remote-address=(R1 PUBLIC IP) tunnel-id=10101
    
/ip address
add address=172.16.250.2/30 interface=eoip-xxx network=\
    172.16.250.0

/ip route
add comment="Route for R1" distance=1 dst-address=192.168.114.0/24 \
    gateway=172.16.250.1    

Re: EoIP tunnel not comunicating

Posted: Thu Nov 30, 2023 5:46 pm
by LdB
Your problem is obvious ... this is wrong
/ip route
add comment="Route for R1" distance=1 dst-address=192.168.118.0/24 \
    gateway=172.16.250.1 
As you can ping from R1 to R2 we know that the 192.168.118.0/24 network and machines are on Router 2
So why the hell are you sending 192.168.118.0/24 traffic back to router 1

What needs to go back to router 1 is the source network on router 1 you are pinging from.
So lets say router 1 network is 192.168.117.0/24 that is the traffic you need to send back and it would be
/ip route
add comment="Route for R1" distance=1 dst-address=192.168.117.0/24 \
    gateway=172.16.250.1 
If you are trying to do something funky like use the same network on both routers you will need to split the network into two /25
So something like router one with 192.168.118.0/25 and router two with 192.168.118.128/25

Re: EoIP tunnel not comunicating

Posted: Fri Dec 01, 2023 10:09 am
by darc
Sorry, tunnel from r1 to r2 has 192.168.118.0/24 and tunnel from r2 to r1 has 192.168.114.0/24.
I got confused when I wrote the post.

Re: EoIP tunnel not comunicating

Posted: Fri Dec 01, 2023 12:43 pm
by darc
These are the confs:

R1
/interface eoip
add local-address=(public R1 IP) mac-address=02:CE:5C:21:13:4B name=\
    eoip-xxx remote-address=(public r2 ip) tunnel-id=10101

/ip address
add address=172.16.250.1/30 interface=eoip-xxx network=\
    172.16.250.0
    
/ip route
add comment="Route for R2" distance=1 dst-address=192.168.118.0/24 \
    gateway=172.16.250.2

R2
/interface eoip
add local-address=(R2 PUBLIC IP) mac-address=02:0E:51:E0:B8:89 name=\
    eoip-xxxx remote-address=(R1 PUBLIC IP) tunnel-id=10101
    
/ip address
add address=172.16.250.2/30 interface=eoip-xxx network=\
    172.16.250.0

/ip route
add comment="Route for R1" distance=1 dst-address=192.168.114.0/24 \
    gateway=172.16.250.1  

Re: EoIP tunnel not comunicating

Posted: Fri Dec 01, 2023 2:21 pm
by LdB
That will work unless there is a firewall on the device you are trying to ping or R2 is not the gateway of R2 network.

So confirm
1.) you can ping the R1 network device from another device on the R1 network
2.) R2 has the gateway of the 192.168.118.0/24 network (normally 192.168.118.1) and you don't actually have a 3rd router you failed to mention which is the gateway to 192.168.118.0/24 (likely 192.168.118.1 and R2 has some other IP in the network)

If you have a 3rd gateway router you need a static route on it as well and we need the gateway IP and the R2 IP in the network.

Re: EoIP tunnel not comunicating

Posted: Fri Dec 01, 2023 2:49 pm
by darc
I confirm that i can ping every R1 network device from 192.168.114.150 (ex. i got reply to 192.168.114.151)
and r2 has 192.168.118.254 as gateway. There isn't a 3rd router with same IPs

Re: EoIP tunnel not comunicating

Posted: Sat Dec 02, 2023 3:29 pm
by LdB
so on R2 what happens when you do this

ping 192.168.114.150 src-address=192.168.118.254

Re: EoIP tunnel not comunicating

Posted: Sat Dec 02, 2023 4:07 pm
by darc
Image

Re: EoIP tunnel not comunicating

Posted: Sun Dec 03, 2023 12:48 pm
by LdB
So problem is not on the routers we keep coming back to R2 network and the .254 still makes me suspicious.

Goto a machine on R2 network and print out the routes
On a windows machine on terminal screen
route print
If we don't get something like below then we slap you :-)
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.118.254     192.168.1.xxx     35
I am thinking that we are going to find a 192.168.118.1 gateway.

Re: EoIP tunnel not comunicating

Posted: Sun Dec 03, 2023 2:37 pm
by darc
That's what i got (i've done it on a linux server 'cause i haven't any windows pc in network
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.118.254 0.0.0.0         UG        0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.118.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0

Re: EoIP tunnel not comunicating

Posted: Mon Dec 04, 2023 6:38 am
by LdB
Your linux machine firewall has to be blocking ping responses from 192.168.114.0/24 because that is correct and will work. Really no other option you must have something like ufw running and forgot to allow ping responses thru.

You already proved above that anything from 192.168.118.254 is working and the first route rule definitely sends the ping traffic to that gateway AKA it should work. The problem therefore has to be on the linux box itself.