modified on 28 March 2008 at 12:30 ••• 38,651 views

Layer2 VPN Server

From MikroTik Wiki

Jump to: navigation, search

Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. A VLAN is a logical grouping that allows end users to communicate as if they were physically connected to a single isolated LAN, independent of the physical configuration of the network.

It's required that you have switch that support 802.1Q VLAN and shows how to setup Layer 2 VPN Server. Configuration of switches not added coz it depends on how network you have.

With this example we group devices on one or more LANs that are configured ,so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments. Using EoIP you can reach routers that are connected by wireless and with vlans we then segment network. Because VLANs are based on logical instead of physical connections, they are extremely flexible. So, in my network i added a few location that goes througt fiber optic and about 40 wireless locations.

Server Side:

   First, install latest  Mikrotik OS on computer with 2 ethernet intefaces.

Now lets configure them.

   /interface  set 0 name=ether1-internet  
     set 1 name=ether2-trunk     
  
   /ip address  add address=195.101.10.5/29 interface=ether1-internet comment="" disabled=no
     

  Create Eoip interface for remote router1:

  /interface eoip
   add name=eoip-router1 tunnel-id=310 remote-address=196.200.50.5 comment="" disabled=no
   
  Create vlan for remote router1:
  
   /interface vlan 
   add name=vlan-router1 interface=ether2-trunk vlan-id=310 comment="" disabled=no
  Now bridge eoip and vlan:
  
   /interface bridge 
   add name=bridge-to-router1
   
  /interface bridge port
   add interface=eoip-router1 bridge=bridge-to-router1
   add interface=vlan-router1 bridge=bridge-to-router1
   

Now we add configuration for remote router2

  Create Eoip interface for remote router2:

  /interface eoip
   add name="eoip-router2" tunnel-id=312 remote-address=196.200.50.6 comment="" disabled=no
   
  Create vlan for remote router2:
  
   /interface vlan 
   add name=vlan-router2 interface=ether2-trunk vlan-id=312 comment="" disabled=no
  Now bridge eoip and vlan:
  
   /interface bridge 
   add name=bridge-to-router2 
   
  /interface bridge port
   add interface=eoip-router2 bridge=bridge-to-router2 comment="" disabled=no
   add interface=vlan-router2 bridge=bridge-to-router2 comment="" disabled=no 


Remote Router1 side:

  /interface eoip 
   add name=eoip-client remote-address=195.101.10.5 tunnel-id=310 comment="" disabled=no
  
  /interface bridge 
   add name=bridge-to-router1 
     
  /interface bridge port
   add interface=eoip-client bridge=bridge-to-router1 comment="" disabled=no
   add interface=ether1 bridge=bridge-to-router1 comment="" disabled=no

Remote Router2 side:

   /interface eoip 
   add name=eoip-client remote-address=195.101.10.5 tunnel-id=312 comment="" disabled=no
  
  /interface bridge 
   add name=bridge-to-router2 
     
  /interface bridge port
   add interface=eoip-client bridge=bridge-to-router2 comment="" disabled=no
   add interface=ether1 bridge=bridge-to-router2 comment="" disabled=no



Depends on the network you have , some modifications are required , and dont forget to add and configure conresponding VLANS on Allied Telesyn, Cisco , etc. switches.

TIP: You can always add some address to bridge, just to check if there is connectivity to remote router with ping command.

Server side: /ip address

 add adress=192.168.100.1/30 interface=bridge-to-router1 comment="" disabled=no

Remote router side: /ip address

 add address=192.168.100.2/30 interface=bridge-to-router1 comment="" disabled=no