Embed Size (px)
Citation preview
Manual:Interface/EoIP< Manual:Interface
Applies to RouterOS:2.9, v3, v4+
Contents [hide]
1 Summary
2 Properties
3 Notes
4 Setup examples
Summary
Sub-menu: /interface eoip
Standards: GRE RFC 1701
Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers
on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel or any other connection capable of
transporting IP.
When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if
there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol
makes multiple network schemes possible.
Network setups with EoIP interfaces:
Possibility to bridge LANs over the Internet
Possibility to bridge LANs over encrypted tunnels
Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks
The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them
to the remote side of the EoIP tunnel.
Properties
Property Description
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled)
Address Resolution Protocol mode.
disabled - the interface will not use ARP
enabled - the interface will use ARP
proxy-arp - the interface will use the ARP proxy feature
reply-only - the interface will only reply to requests originated
from matching IP address/MAC address combinations which are
entered as static entries in the "/ip arp" table. No dynamic
entries will be automatically stored in the "/ip arp" table.
Therefore for communications to be successful, a valid static
entry must already exist.
keepalive (integer; Default: not set) keep-alive timer, sets time interval (seconds) in what keep-alive messages should be received. If 3 messages are missed, interface running flag is removed. For this to work, keepalive has to be set to same value on both ends of the tunnel, since one end is expecting messages from the other one and is sending keepalive messages in that direction.
l2mtu (integer; Default: ) Layer2 Maximum transmission unit. Not configurable for EoIP. Read more>>
local-address (IP; Default: ) Source address of the tunnel packets, local on the router.
mac-address (MAC; Default: ) Media Access Control number of an interface. The address numeration authority IANA allows the use of MAC addresses in the range from 00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF freely
mtu (integer; Default: 1500) Layer3 Maximum transmission unit
name (string; Default: ) Interface name
remote-address (IP; Default: ) IP address of remote end of EoIP tunnel
tunnel-id (integer: 65536; Default: ) Unique tunnel identifier, which must match other side of the tunnel
Notes
tunnel-id is method of identifying tunnel. It must be unique for each EoIP tunnel.
mtu should be set to 1500 to eliminate packet refragmentation inside the tunnel (that allows transparent bridging of
Ethernet-like networks, so that it would be possible to transport full-sized Ethernet frame over the tunnel).
When bridging EoIP tunnels, it is highly recommended to set unique MAC addresses for each tunnel for the bridge
algorithms to work correctly. For EoIP interfaces you can use MAC addresses that are in the range
from00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF , which IANA has reserved for such cases. Alternatively, you can set the
second bit of the first byte to modify the auto-assigned address into a 'locally administered address', assigned by the
network administrator and thus use any MAC address, you just need to ensure they are unique between the hosts
connected to one bridge.
Note: EoIP tunnel adds at least 42 byte overhead (8byte GRE + 14 byte Ethernet + 20 byte IP)
Setup examples
Let us assume we want to bridge two networks: 'Office LAN' and 'Remote LAN'. By using EoIP setup can be made so that
Office and Remote LANs are in the same Layer2 broadcast domain.
Consider following setup:
As you know wireless station cannot be bridged, to overcome this limitation (not involving WDS) we will create EoIP
tunnel over the wireless link and bridge it with interfaces connected to local networks.
We will not cover wireless configuration in this example, lets assume that wireless link is already established
At first we create EoIP tunnel on our gateway ...
[admin@Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0 \
\... remote-address=10.0.0.2
[admin@Our_GW] interface eoip> enable eoip-remote
[admin@Our_GW] interface eoip> print
Flags: X - disabled, R - running
0 name=eoip-remote mtu=1500 arp=enabled remote-address=10.0.0.2 tunnel-id=0
[admin@Our_GW] interface eoip>
... and on Remote router
[admin@Remote] interface eoip> add name="eoip" tunnel-id=0 \
\... remote-address=10.0.0.1
[admin@Remote] interface eoip> enable eoip-main
[admin@Remote] interface eoip> print
Flags: X - disabled, R - running
0 name=eoip mtu=1500 arp=enabled remote-address=10.0.0.1 tunnel-id=0
[admin@Remote] interface eoip>
Next step is to bridge local interfaces with EoIP tunnel On Our GW ...
[admin@Our_GW] interface bridge> add
[admin@Our_GW] interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00
protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=eoip-remote
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=office-eth
[admin@Our_GW] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST
0 eoip-remote bridge1 128 10
1 office-eth bridge1 128 10
[admin@Our_GW] interface bridge>
... and Remote router:
[admin@Remote] interface bridge> add
[admin@Remote] interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00
protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
[admin@Remote] interface bridge> port add bridge=bridge1 interface=ether
[admin@Remote] interface bridge> port add bridge=bridge1 interface=eoip-main
[admin@Remote] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST
0 ether bridge1 128 10
1 eoip-main bridge1 128 10
[admin@Remote] interface bridge>
Now both sites are in the same Layer2 broadcast domain. You can set up IP addresses from the same network on both
sites.
http://blog.butchevans.com/2008/09/mikrotik_routeros_transparent_bridge_pptp_eoip/
Mikrotik RouterOS transparent bridge using PPtP and EoIP
In this article, I want to describe how to tunnel EoIP over a PPtP connection. EoIP is a Mikrotik specific method of bridging ethernet traffic over a routed network. The problem with using EoIP as a “VPN”, is that it is not encrypted. The network we will build in this article will tunnel the EoIP traffic over an encrypted PPtP tunnel. There are other methods available in later versions of Mikrotik RouterOS to accomplish this functionality (OpenVPN, for one example) and I will be adding articles on some of these at a later time. the method described in this article will work in any version of Mikrotik RouterOS. It has been tested under 2.8.28, 2.9.51 and 3.13.
The following picture is the network layout we are shooting for:
Our goal is the build a transparent bridge over the internet. This article gives a brief how-to describing the steps necessary to accomplish this. The PPtP tunnel is only needed in order to add encryption, since EoIP is not an encrypted tunnel.
In this configuration, there are several parts, which we will discuss individually. First, there is the IP space on both the internet side of each router and the “private” side. Note that the PRIVATE range is the SAME on both sides. This is not important for the tunnel to work, but one of the purposes of EoIP is to bridge networks in this way. It should, also, be noted that a DHCP server on either end of the tunnel will be “seen” by equipment at both ends of the tunnel.
The bridge interface on both ends includes the EoIP tunnel and the ethernet port that is plugged into the private network. This will be discussed in further detail in a few paragraphs.
To begin our config, we will first build the PPtP tunnel. We will set the left router (12.12.10.2) as the PPtP server and the right router (12.21.11.1) as the client.
Left router:
/interface pptp-server server set enabled=yes
/ppp secretadd name="USERNAME" service=pptp password="PASS" \local-address=192.168.10.1 remote-address=192.168.10.2 \
disabled=no
The above configuration is all that is needed on the left router. It should be noted that the IP range I chose for the tunnel is NOT in the same range as the LAN segments. This is not strictly needed, but it is good network design, since these interfaces will NOT be added to the bridge.
Right Router:
/interface pptp-clientadd name="pptp-tunnel1" connect-to=12.12.10.2 \user="USERNAME" password="PASS" \profile=default-encryption add-default-route=no \
disabled=no
This is the full configuration needed for the tunnel on the right router. The profile section is a default setting, but I generally specify it anyway.
The PPtP tunnel is now set up and you should see the tunnel as running on both ends. You can see the tunnel interface in Winbox under “Interfaces” and “PPP->Interfaces”. If you wish the see the IP addresses, you can see that under “IP->Addresses”.
Now we need to add the EoIP tunnel. This is the same on both ends, with the exception of the IP address we are connecting to.
LEFT:/interface eoip add name=eoiptunnel remote-address=192.168.10.2 \tunnel-id=101 disabled=no
RIGHT:/interface eoip add name=eoiptunnel remote-address=192.168.10.1 \tunnel-id=101 disabled=no
It is very important that the tunnel-id parameter be the same on both ends.
Next, we will add the bridge (this is the same on both ends):
/interface bridge add name=bridge1
Hard to believe it’s that easy, but it is.
Next, we set up the bridge ports. We will assume that the LAN side of the Mikrotik routers are the ether1 interface.
/interface bridge port add bridge=bridge1 interface=ether1/interface bridge port add bridge=bridge1 interface=eoiptunnel
The name eoiptunnel is the “name” parameter we used in the configuration we did above for the tunnel setup.
That’s it for the config. It is very easy to set up this type of config. There are a couple of other notes I will make, but as far as the configuration on the Mikrotik, that’s about it.
Devices on the right router should use 192.168.1.254 as their default gateway. They will be able to see the 192.168.1.1, but if you use that as a default gateway for these devices, then ALL their traffic will go across the bridge. This may be your desire, but it is important to note this fact. (Reverse the above for devices on the left router.)
I’ve already mentioned the DHCP server. Note that IP addresses cannot be duplicated on either network. The EoIP tunnel will act just like a (very long) ethernet cable plugged into a switch at both ends of the tunnel. You are, literally, joining the 2 networks into ONE network.
I hope I haven’t missed anything. If so, I am sure someone will point this out. :-)Â I hope you find this article useful.
hello,
can’t ping the remote computers with the one’s on the other side
i am new in setting up mikrotik routerboard, and i need some help. I have made all setting according to what you have
wrote,I have tryed to bridge two networks, but i don’t know where did i go wrong, i have 2 rb750, and i can’t ping the
computers from one side to another. the config i have made on each router, in the winbox it shows that there are
conected to each other but still i can’t ping each them, i want from two computers on one side i could ping the other
computers on the other side. if i am conected through telnet on the server router i can ping the ISP public adresses
(95.77.9.206/24 and 89.39.197.248/23)the adresses i have received from my ISP’s, and can ping the tunnel private
adresses 192.168.10.1 and 192.168.10.2, but i can not ping the private adresses 192.168.1.2 attached to the
computers i work with on one side with the 192.168.1.3 from the other.
I haven’t modified anything in firewall or other rules, just setting up the internet connection and the settings above.
on one server router i have :
this router has the ip adress 95.77.9.206/24 on eth1
ip adress 192.168.1.1/24 on eth2
/interface pptp-server server set enabled=yes
/ppp secret
add name=”USERNAME” service=pptp password=”PASS” local-address=192.168.10.1 remote-address=192.168.10.2
disabled=no
/interface eoip add name=eoiptunnel remote-address=192.168.10.2 tunnel-id=101 disabled=no
/interface bridge add name=bridge1
/interface bridge port add bridge=bridge1 interface=ether1
/interface bridge port add bridge=bridge1 interface=eoiptunnel
on routes it has
AS 0.0.0.0/0 95.77.9.1 reachable bridge1 distance 1
DS 0.0.0.0/0 89.137.205.193 reachable bridge1 distance 1
DAC 95.77.9.0/24 bridge1 reachable distance 0 pref source 95.77.9.206
DAC 182.168.1.0/24 ether2 reachable distance 0 pref source 192.168.1.1
and on the other remote router:
this router it has 89.39.197.248/23 on eth1
it has 192.168.1.254/24 on eth2
/interface pptp-client add name=”pptp-tunnel1″ connect-to=95.77.9.206 user=”USERNAME” password=”PASS”
profile=default-encryption add-default-route=no disabled=no
interface eoip add name=eoiptunnel remote-address=192.168.10.1 \ tunnel-id=101 disabled=no
interface bridge add name=bridge1
interface bridge port add bridge=bridge1 interface=ether1
/interface bridge port add bridge=bridge1 interface=eoiptunnel
on routes it has
AS 0.0.0.0/0 89.39.196.1 reachable bridge1 distance 1
DAC 89.39.196.0/23 bridge1 reachable distance 0 pref source 89.39.197.248
DAC 182.168.1.0/24 ether2 reachable distance 0 pref source 192.168.1.254
please help me ,
good day and happy holydays,
1. Jagugo Says: March 24th, 2011 at 10:08 pm
I need help with a configuration of two RB750G.
I try to make a connection like this post about EoIP-PPtP, but failed to establish the PPTP tunnel. There is no way
to connect the tunnel. If you configure each router as a client to connect to another VPN (not MikroTik/RouterOS)
the conecction can be done, but if configure one or the other router as the PPTP server can not connect clients
with either a RB750G or Windows client.
Both RB750G are connected to the LAN ports of a router D-Link Dir 300, which provides internet service, only for
setup and testing, then go with fixed IP on the Internet.
Left side (PPTP Server):
Router 1:
IP WAN (ether1): 192.168.0.51
Gateway: 192.168.0.1
LAN IP (ether2): 192.168.88.1
Tunnel IP EoIP (Local side): 192.168.10.1
PC 1:
IP: 192.138.88.10
Mask: 255.255.255.0
Gateway: 192.168.88.1
DNS: 192.168.88.1
Right side (PPTP client):
Router 2:
IP WAN (ether1): 192.168.0.52
Gateway: 192.168.0.1
LAN IP (ether2): 192.168.88.2
EoIP IP tunnel (Remote side): 192.168.10.2
PC 2:
IP: 192.168.88.12
Mask: 255.255.255.0
Gateway: 192.168.88.2
DNS: 192.168.88.2
Any PPP server that enable (PPTP (PPTP, L2TP, OVPN, or whatever) does not work. No client is able to connect.
I want to know what I’m doing wrong, because I follow the example of this blog and the MikroTik Wiki, but
nothing works. I tried with RouterOS 4.17 and now 5.0rc11, but no way. The scripts are simmilar to this post.
I would appreciate any help on this case.
2. Jagugo Says: March 27th, 2011 at 9:33 pm
I had found a solution, you must open ports 1723 in TCP and UDP in the Firewall Filter Rules, uffff….!!!
3. Jagugo Says: March 28th, 2011 at 5:40 pm
Hi Alexandru MARIN. The correct line in the scrip is:
/interface bridge port add bridge=bridge1 interface=ether2
Look, ether2, not ether1. You are bridging the LAN interface (ether2) not the WAN interface (ether1). I had the
same problem and when changed the script to ether2 it worked.
You must add two Firewall Filter Rules, in the PPtP server, the ports 1723 in TCP and UDP in the default
configuration in the ether1-gateway, Chain: input, Protocol: 6 (tcp) and 17 (udp), Dst Port: 1723, Action: accept.
4. Jagugo Says: July 3rd, 2011 at 2:37 pm
Butch, I have a question: Why I can´t setup DHCP server in neither Mikrotik when I use transparent bridge using
PPtP and EoIP?
This is the IP addresses list in the Mikrotik-2 that connect to the Mikrotik-1 pptp server:
Address Network Interfase
190.254.xxx.xx3/29 190.254.xxx.200 ether1-gateway
190.168.10.2 192.168.10.1 pptp-tunnel1
192.168.15.253/24 192.168.15.0 ether2-local-master
I can´t setup DHCP server in the Mikrotik-2 (or Mikrotik-1), when use WinBox interfase and I give the ether2-
local-master and the IP 192.168.15.253, the DHCP server turn red and don´t work. Or when I configure it in
terminal mode I receive those messages:
_____________________________________
[admin@MikroTik-2] > ip dhcp-server
[admin@MikroTik-2] /ip dhcp-server> setup
Select interface to run DHCP server on
dhcp server interface: ether2-local-master
Select network for DHCP addresses
dhcp address space: 192.168.15.0/24
Select gateway for given network
gateway for dhcp network: 192.168.15.253
If this is remote network, enter address of DHCP relay
There is no such IP network on selected interface
interrupted 192.168.15.253
[admin@MikroTik-2] /ip dhcp-server>
_____________________________________
Why?
5. hitham_adel2004 Says: October 20th, 2012 at 8:22 pm
hello
if i want to enter to local network mikrotik from normal pc in other internet network by vpn
In this case, what are the settings in mikrotik v3.30
thanks
Leave a Reply
You must be logged in to post a comment.
http://basic-mikrotik.blogspot.com/2011/01/manualinterfaceeoip.html
Manual:Interface/EoIP
www.basic-mikrotik.blogspot.com on 09.04. VPN -
Summary
Sub-menu: /interface eoip
Standards: GRE RFC 1701
Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunne or any other connection capable of transporting IP.
When the bridging function of the router is enabled, all Ethernet traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.
Network setups with EoIP interfaces:
Possibility to bridge LANs over the Internet
Possibility to bridge LANs over encrypted tunnels
Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks
The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
Properties
Property Description
arp (disabled | enabled | proxy-arp | reply-only; Default: enabled)
Address Resolution Protocol mode
l2mtu (integer; Default: ) Layer2 Maximum transmission unit. Not configurable for EoIP. Read more>>
mac-address (MAC; Default: ) Media Access Control number of an interface. The address numeration authority allows to use MAC addresses in the range
from00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF freely
mtu (integer; Default: 1500) Layer3 Maximum transmission unit
name (string; Default: ) Interface name
remote-address (IP; Default: ) IP address of remote end of EoIP tunnel
tunnel-id (integer: 65536; Default: ) Unique tunnel identifier, which must match other side of the tunnel
Notes
tunnel-id is method of identifying tunnel. It must be unique for each EoIP tunnel.
mtu should be set to 1500 to eliminate packet refragmentation inside the tunnel (that allows transparent bridging of Ethernet-like networks, so that it would be possible to transport full-sized Ethernet frame over the tunnel).
When bridging EoIP tunnels, it is highly recommended to set unique MAC addresses for each tunnel for the bridge algorithms to work correctly. For EoIP interfaces you can use MAC addresses that are in the range from00:00:5E:80:00:00 - 00:00:5E:FF:FF:FF , which IANA has reserved for such cases. Alternatively, you can set the second bit of the first byte to mark the address as locally administered address, assigned by
network administrator, and use any MAC address, you just need to ensure they are unique between the hosts connected to one bridge.
Setup examples
Let us assume we want to bridge two networks: 'Office LAN' and 'Remote LAN'. By using EoIP setup can be made so that Office and Remote LANs are in the same Layer2 broadcast domain.
Consider following setup:
As you know wireless station cannot be bridged, to overcome this limitation (not involving WDS) we will create EoIP tunnel over the wireless link and bridge it with interfaces connected to local networks.
We will not cower wireless configuration in this example, lets assume that wireless link is already established
At first we create EoIP tunnel on our gateway ...
[admin@Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0 \
\... remote-address=10.0.0.2
[admin@Our_GW] interface eoip> enable eoip-remote
[admin@Our_GW] interface eoip> print
Flags: X - disabled, R - running
0 name=eoip-remote mtu=1500 arp=enabled remote-address=10.0.0.2 tunnel-id=0
[admin@Our_GW] interface eoip>
... and on Remote router
[admin@Remote] interface eoip> add name="eoip" tunnel-id=0 \
\... remote-address=10.0.0.1
[admin@Remote] interface eoip> enable eoip-main
[admin@Remote] interface eoip> print
Flags: X - disabled, R - running
0 name=eoip mtu=1500 arp=enabled remote-address=10.0.0.1 tunnel-id=0
[admin@Remote] interface eoip>
Next step is to bridge local interfaces with EoIP tunnel On Our GW ...
[admin@Our_GW] interface bridge> add
[admin@Our_GW] interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00
protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=eoip-remote
[admin@Our_GW] interface bridge> port add bridge=bridge1 interface=office-eth
[admin@Our_GW] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST
0 eoip-remote bridge1 128 10
1 office-eth bridge1 128 10
[admin@Our_GW] interface bridge>
... and Remote router:
[admin@Remote] interface bridge> add
[admin@Remote] interface bridge> print
Flags: X - disabled, R - running
0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00
protocol-mode=none priority=0x8000 auto-mac=yes
admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s
transmit-hold-count=6 ageing-time=5m
[admin@Remote] interface bridge> port add bridge=bridge1 interface=ether
[admin@Remote] interface bridge> port add bridge=bridge1 interface=eoip-main
[admin@Remote] interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST
0 ether bridge1 128 10
1 eoip-main bridge1 128 10
[admin@Remote] interface bridge>
Now both sites are in the same Layer2 broadcast domain. You can set up IP addresses from the same network on both sites.
Ethernet over IP (EoIP) Tunnel Interface Document revision 1.2 (30-May-2003)
This document applies to the MikroTik RouterOS V2.7
Network setups with EoIP interfaces: • Possibility to bridge LANs over the Internet • Possibility to bridge LANs over encrypted tunnels • Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks
SpecificationsPackages required : NoneLicense required : Basic (DEMO license is limited to 4 tunnels)Home menu level : /interface eoipStandards and Technologies : GRE (RFC1701)Hardware usage: not significantRelated DocumentsSoftware Package Installation and UpgradingIP Addresses and Address Resolution Protocol (ARP)Bridge InterfacesPPTP (Point to Point Tunnel Protocol) Interface
DescriptionAn EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP. Specific Properties: • Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same 'Tunnel ID'. • The EoIP interface appears as an Ethernet interface under the interface list. • This interface supports all features of and Ethernet interface. IP addresses and other tunnels may be run over the interface. • The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel. • Maximal count of EoIP tunnels is 65536. EoIP SetupSubmenu leve : /interface eoip Property Descriptionname (name; default: eoip-tunnelN)- interface name for referencemtu (integer; default: 1500) - Maximum Transmission Unit. The default value provides maximal compatibilityarp (disabled | enabled | proxy-arp | reply-only; default: enabled) - Address Resolution Protocoltunnel-id (integer; default: 0) - a unique tunnel identifierremote-address - the IP address of the other side of the EoIP tunnel – must be a MikroTik routerNotestunnel-id is method of identifying tunnel. There should not be tunnels with the same tunnel-id on the same router. tunnel-id on both participient routers must be equal. mtu should be set to 1500 to eliminate packet refragmentation inside the tunnel (that allows transparent bridging of ethernet-like networks, so that it would be possible to transport full-sized ethernet frame over the tunnrl).
ExampleTo add and enable an EoIP tunnel named to_mt2 to the 10.5.8.1 router, specifying tunnel-id of 1: [admin@MikroTik] interface eoip> add name=to_mt2 remote-address=10.5.8.1 \\... tunnel-id 1[admin@MikroTik] interface eoip> printFlags: X - disabled, R - running0 X name="to_mt2" mtu=1500 arp=enabled remote-address=10.5.8.1 tunnel-id=1
[admin@MikroTik] interface eoip> enable 0[admin@MikroTik] interface eoip> printFlags: X - disabled, R - running0 R name="to_mt2" mtu=1500 arp=enabled remote-address=10.5.8.1 tunnel-id=1
[admin@MikroTik] interface eoip>EoIP Application ExampleLet us assume we want to bridge two networks: 'Office LAN' and 'Remote LAN'. The networks are connected to an IP network through the routers [Our_GW] and [Remote]. The IP network can be a private intranet or the Internet. Both routers can communicate with each other through the IP network. Our goal is to create a secure channel between the routers and bridge both networks through it. The network setup diagram is as follows:
To make a secure Ethernet bridge between two routers you should: 1. Create a PPTP tunnel between them. Our_GW will be the pptp server: 2. [admin@Our_GW] interface pptp-server> /ppp secret add name=joe service=pptp \3. \... password=top_s3 local-address=10.0.0.1 remote-address=10.0.0.24. [admin@Our_GW] interface pptp-server> add name=from_remote user=joe5. [admin@Our_GW] interface pptp-server> server set enable=yes
6. [admin@Our_GW] interface pptp-server> print7. Flags: X - disabled, D - dynamic, R - running8. # NAME USER MTU CLIENT-ADDRESS UPTIME ENC...9. 0 from_remote joe10. [admin@Our_GW] interface pptp-server>The Remote router will be the pptp client: [admin@Remote] interface pptp-client> add name=pptp user=joe \\... connect-to=192.168.1.1 password=top_s3 mtu=1500 mru=1500[admin@Remote] interface pptp-client> enable pptp[admin@Remote] interface pptp-client> printFlags: X - disabled, R - running0 R name="pptp" mtu=1500 mru=1500 connect-to=192.168.1.1 user="joe"password="top_s2" profile=default add-default-route=no
[admin@Remote] interface pptp-client> monitor pptpstatus: "connected"uptime: 39m46sencoding: "none"
[admin@Remote] interface pptp-client>See the PPTP Interface Manual for more details on setting up encrypted channels. 11. Configure the EoIP tunnel by adding the eoip tunnel interfaces at both routers. Use the ip addresses of the pptp tunnel interfaces when specifying the argument values for the EoIP tunnel: 12. [admin@Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0 \13. \... remote-address=10.0.0.214. [admin@Our_GW] interface eoip> enable eoip-remote15. [admin@Our_GW] interface eoip> print
16. Flags: X - disabled, R - running17. 0 name=eoip-remote mtu=1500 arp=enabled remote-address=10.0.0.2 tunnel-id=018. [admin@Our_GW] interface eoip>19. 20. [admin@Remote] interface eoip> add name="eoip" tunnel-id=0 \21. \... remote-address=10.0.0.122. [admin@Remote] interface eoip> enable eoip-main23. [admin@Remote] interface eoip> print24. Flags: X - disabled, R - running25. 0 name=eoip mtu=1500 arp=enabled remote-address=10.0.0.1 tunnel-id=026. 27. [Remote] interface eoip>28. Enable bridging between the EoIP and Ethernet interfaces on both routers. On the Our_GW: [admin@Our_GW] interface bridge> add forward-protocols=ip,arp,other \\... disabled=no[admin@Our_GW] interface bridge> printFlags: X - disabled, R - running0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00forward-protocols=ip,arp,other priority=1
[admin@Our_GW] interface bridge> port printFlags: X - disabled# INTERFACE BRIDGE0 eoip-remote none1 office-eth none2 isp none
[admin@Our_GW] interface bridge> port set "0,1" bridge=bridge1And the same for the Remote: [admin@Remote] interface bridge> add forward-protocols=ip,arp,other \\... disabled=no[admin@Remote] interface bridge> printFlags: X - disabled, R - running0 R name="bridge1" mtu=1500 arp=enabled mac-address=00:00:00:00:00:00forward-protocols=ip,arp,other priority=1
[admin@Remote] interface bridge> port printFlags: X - disabled# INTERFACE BRIDGE0 ether none1 adsl none2 eoip-main none
[admin@Remote] interface bridge> port set "0,2" bridge=bridge129. Addresses from the same network can be used both in the Office LAN and in the Remote LAN ________________________________________© Copyright 1999-2003, MikroTik
