Technology
Stefan Damian, Leave a Comment on Transparent bridge using PPtP and EoIP using Mikrotik routers
,

Transparent bridge using PPtP and EoIP using Mikrotik routers

My goal is to build a transparent bridge over the Internet. The PPtP tunnel is only needed in order to add encryption, since EoIP is not an encrypted tunnel. In this configuration, there are several parts, which we will discuss individually. First, there is the IP space on both the internet side of each router and the “private” side. Note that the PRIVATE range is the SAME on both sides. This is not important for the tunnel to work, but one of the purposes of EoIP is to bridge networks in this way. It should, also, be noted that a DHCP server on either end of the tunnel will be “seen” by equipment at both ends of the tunnel so it is recommended to use different IP pools

The bridge interface on both sides includes the EoIP tunnel and the ethernet port that is plugged into the private network. To implement this connection between both networks I have performed the following five steps:

1) Activate PPTP server on the LEFT router

interface pptp-server server set enabled=yes

2) Create a specific user for PPTP tunnel on the LEFT router

ppp secret add name="USERNAME" service=pptp password="PASS" local-address=192.168.10.1 \
remote-address=192.168.10.2 disabled=no

Note: In particular, I have created a dedicated IP Pool for PPTP VPN (192.168.10.1-192.168.10.99, first two IPs will be used for this tunnel)

3) Create PPTP client interface on the RIGHT router

interface pptp-client add name="pptp-tunnel1" connect-to=12.12.10.2 user="USERNAME" password="PASS" \
profile=default-encryption add-default-route=no disabled=no

4) Next step is to create the EoIP tunnel. This is the same on both sides, with the exception of the IP address I am connecting to.

4.1) On the LEFT router I have created EOIP interface

interface eoip add name=eoiptunnel remote-address=192.168.10.2 tunnel-id=101 disabled=no

4.2) On the RIGHT router I have created the same EOIP interface

interface eoip add name=eoiptunnel remote-address=192.168.10.1 tunnel-id=101 disabled=no

Note: It is very important that the tunnel-id parameter be the same on both ends.

5) Next and the final step is to add EOIP interface in the bridge (you can create a new one or you can add them in the existing bridge – I prefer the second option):

That’s it for the configuration!

Devices on the right router should use 192.168.1.254 as their default gateway. They will be able to see the 192.168.1.1, but if you use that as a default gateway for these devices, then ALL their traffic will go across the bridge. This may be your desire, but it is important to note this fact. (Reverse the above for devices on the left router.)

 

Reference: Butch Evans Blog

Leave a Reply