Pages

Ads 468x60px

Mikrotik RouterOS transparent bridge using PPtP and EoIP

In this article, I appetite to call how to adit EoIP over a PPtP connection. EoIP is a Mikrotik specific adjustment of bridging ethernet cartage over a baffled network. The botheration with application EoIP as a “VPN”, is that it is not encrypted. The arrangement we will body in this commodity will adit the EoIP cartage over an encrypted PPtP tunnel. There are added methods accessible in after versions of Mikrotik RouterOS to achieve this functionality (OpenVPN, for one example) and I will be abacus accessories on some of these at a after time. the adjustment declared in this commodity will assignment in any adaptation of Mikrotik RouterOS. It has been activated beneath 2.8.28, 2.9.51 and 3.13.
The afterward account is the arrangement blueprint we are cutting for:
Our ambition is the body a cellophane arch over the internet. This commodity gives a abrupt how-to anecdotic the achieve all-important to achieve this. The PPtP adit is alone bare in adjustment to add encryption, back EoIP is not an encrypted tunnel.
In this configuration, there are several parts, which we will altercate individually. First, there is the IP amplitude on both the internet ancillary of anniversary router and the “private” side. Agenda that the PRIVATE ambit is the SAME on both sides. This is not important for the adit to work, but one of the purposes of EoIP is to arch networks in this way. It should, also, be acclaimed that a DHCP server on either end of the adit will be “seen” by accessories at both ends of the tunnel.
The arch interface on both ends includes the EoIP adit and the ethernet anchorage that is acquainted into the clandestine network. This will be discussed in added detail in a few paragraphs.
To activate our config, we will aboriginal body the PPtP tunnel. We will set the larboard router (12.12.10.2) as the PPtP server and the appropriate router (12.21.11.1) as the client.
Left router:
/interface pptp-server server set enabled=yes
/ppp secret
add name="USERNAME" service=pptp password="PASS" \
local-address=192.168.10.1 remote-address=192.168.10.2 \
disabled=no
The aloft agreement is all that is bare on the larboard router. It should be acclaimed that the IP ambit I chose for the adit is NOT in the aforementioned ambit as the LAN segments. This is not carefully needed, but it is acceptable arrangement design, back these interfaces will NOT be added to the bridge.
Right Router:
/interface pptp-client
add name="pptp-tunnel1" connect-to=12.12.10.2 \
user="USERNAME" password="PASS" \
profile=default-encryption add-default-route=no \
disabled=no
This is the abounding agreement bare for the adit on the appropriate router. The contour area is a absence setting, but I about specify it anyway.
The PPtP adit is now set up and you should see the adit as active on both ends. You can see the adit interface in Winbox beneath “Interfaces” and “PPP->Interfaces”. If you ambition the see the IP addresses, you can see that beneath “IP->Addresses”.
Now we charge to add the EoIP tunnel. This is the aforementioned on both ends, with the barring of the IP abode we are abutting to.
LEFT:/interface eoip add name=eoiptunnel remote-address=192.168.10.2 \
tunnel-id=101 disabled=no
RIGHT:/interface eoip add name=eoiptunnel remote-address=192.168.10.1 \
tunnel-id=101 disabled=no
It is actual important that the tunnel-id constant be the aforementioned on both ends.
Next, we will add the arch (this is the aforementioned on both ends):
/interface arch add name=bridge1
Hard to accept it’s that easy, but it is.
Next, we set up the arch ports. We will accept that the LAN ancillary of the Mikrotik routers are the ether1 interface.
/interface arch anchorage add bridge=bridge1 interface=ether1
/interface arch anchorage add bridge=bridge1 interface=eoiptunnel
The name eoiptunnel is the “name” constant we acclimated in the agreement we did aloft for the adit setup.
That’s it for the config. It is actual accessible to set up this blazon of config. There are a brace of added addendum I will make, but as far as the agreement on the Mikrotik, that’s about it.
Devices on the appropriate router should use 192.168.1.254 as their absence gateway. They will be able to see the 192.168.1.1, but if you use that as a absence aperture for these devices, again ALL their cartage will go beyond the bridge. This may be your desire, but it is important to agenda this fact. (Reverse the aloft for accessories on the leftrouter.)
I’ve already mentioned the DHCP server. Agenda that IP addresses cannot be bifold on either network. The EoIP adit will act aloof like a (very long) ethernet cable acquainted into a about-face at both ends of the tunnel. You are, literally, abutting the 2 networks into ONE network.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...