How to Set Up an EoIP Tunnel with MikroTik Version 7

How to Set Up an EoIP Tunnel with MikroTik Version 7

Ethernet over IP (EoIP) is a protocol developed by MikroTik that allows the creation of a Layer 2 VPN tunnel between two MikroTik devices over an IP network. This is useful for extending local networks across remote locations. In this guide, I will demonstrate how to configure an EoIP tunnel using MikroTik version 7.

Prerequisites

Before you start, make sure you have the following:

  1. Two MikroTik devices running RouterOS version 7 or later.
  2. Public IP addresses or reachable private IPs for both devices.
  3. Basic knowledge of MikroTik RouterOS and WinBox or terminal.

Network Diagram

Here is a simple network diagram for reference:

  • Router A: Public IP: 203.0.113.1
  • Router B: Public IP: 198.51.100.1

We will set up an EoIP tunnel between these two routers.


Step 1: Configure EoIP on Router A

  1. Log in to Router A using WinBox or SSH.
  2. Open the terminal and execute the following commands:
/interface eoip add \
    name=eoip-tunnel1 \
    remote-address=198.51.100.1 \
    tunnel-id=100

/ip address add \
    address=192.168.1.1/24 \
    interface=eoip-tunnel1
  • remote-address: This is the public IP of Router B.
  • tunnel-id: Must be the same on both routers to establish the connection.
  • address: Assign an IP address to the EoIP tunnel interface.
  1. Verify the configuration:
/interface eoip print
/ip address print

Step 2: Configure EoIP on Router B

  1. Log in to Router B using WinBox or SSH.
  2. Open the terminal and execute the following commands:
/interface eoip add \
    name=eoip-tunnel1 \
    remote-address=203.0.113.1 \
    tunnel-id=100

/ip address add \
    address=192.168.1.2/24 \
    interface=eoip-tunnel1
  • remote-address: This is the public IP of Router A.
  • tunnel-id: Same as the one configured on Router A.
  • address: Assign a different IP within the same subnet.
  1. Verify the configuration:
/interface eoip print
/ip address print

Step 3: Test the EoIP Tunnel

To ensure the tunnel is working:

  1. Ping the EoIP interface IP of Router B from Router A:
ping 192.168.1.2
  1. Ping the EoIP interface IP of Router A from Router B:
ping 192.168.1.1

If both pings are successful, the EoIP tunnel is correctly configured.


Step 4: Bridge the EoIP Tunnel (Optional)

To extend Layer 2 traffic (e.g., VLANs, DHCP, etc.), you can bridge the EoIP interface with a physical interface.

  1. On both routers, create a bridge and add the EoIP interface:
/interface bridge add name=bridge1
/interface bridge port add bridge=bridge1 interface=eoip-tunnel1
  1. Add any physical interfaces to the bridge as needed:
/interface bridge port add bridge=bridge1 interface=ether2

Troubleshooting Tips

  1. Firewall rules: Ensure that both routers allow EoIP (Protocol 47) traffic.
  2. NAT bypass: Add an IP firewall rule to bypass NAT for EoIP traffic.
/ip firewall nat add chain=srcnat \
    src-address=192.168.1.0/24 \
    action=accept
  1. MTU issues: Adjust the MTU if you encounter packet fragmentation.

By following these steps, you should have a functional EoIP tunnel between two MikroTik routers. Feel free to adapt the setup as per your specific network requirements.

j2networks family of sites
https://j2sw.com
https://startawisp.info
https://indycolo.net
#packetsdownrange #routethelight

Leave a Reply