ListArc » English » Computer and Internet » Www.butchevans.com M » EoIP+Tunnel+Help


EoIP+Tunnel+Help


19-07-2010 10:40 PM
1


Hi Everyone,

I'm trying to set up an EoIP tunnel between my main location and a
remote office and am having a little difficulty making it work. I was
able to get it to work in lab, but I can't seem to make it work in the
real world.

First question: do you need to have a static public IP address at both
ends of the tunnel for it to work properly? I'll try to explain my set
up with as much detail as possible.

I've got a RB1000 with 5 public IPs and 4 different subnets, all
restricted communication via firewall rules. I'm trying to bridge access
into my primary subnet which is 192.168.1.0/24. All of my PPTP
connections come in and are assigned an IP address in the 192.168.2.0/28
range - communication with the 192.168.1.0/24 subnet is allowed through
the firewall rules and I have no problems with access here.

I've set aside a PPTP username for the remote office, given it a static
IP on the 2.x subnet and the PPTP tunnel comes up fine. The part I'm
confused on is with the EoIP tunnel and the remote endpoint IP addresses
I should be using. On my RB1000 (192.168.1.254) I have the remote
endpoint as 192.168.2.11, the IP of the PPTP client for the remote
office. At the remote office (an RB750) I've got the endpoint set to
192.168.1.254, figuring once the PPTP tunnel is up it should see this IP
address just fine. No dice.

Even when I disable the EoIP tunnel and try to ping from winbox, I can
only ping something on my 1.x subnet when I specifically set the PPTP
Tunnel as the interface (instead of using "any").

The remote end is a DSL connection that uses PPPoE.

I guess at this stage I'm just looking for a few pointers as to how this
*should* be set up.

Thanks!
Rory McCann
Minn-Kota Ag Products
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
_______________________________________________
___________________________________________________

Posted on the Www.butchevans.com M mailing list. Go to http://www.butchevans.com/mailman/listinfo/mikrotik to subscribe.


19-07-2010 11:30 PM
2


You do not necessarily have to use public IP's but you do need to ping both
ends of the tunnel.

Looks like there is a routing issue if you cannot ping the remote PPTP
tunnel IP with the "any" interface

Use the PPTP tunnel IP's as the remote endpoints.
You should assign an IP address for the PPTP server in the same range as the
PPTP client...ie 192.168.2.200 and 192.168.2.11.



-----Original Message-----
[mailto:mikrotik-] On Behalf Of Rory McCann
Sent: 20 July 2010 12:41 AM
Subject: [Mikrotik] EoIP Tunnel Help

Hi Everyone,

I'm trying to set up an EoIP tunnel between my main location and a
remote office and am having a little difficulty making it work. I was
able to get it to work in lab, but I can't seem to make it work in the
real world.

First question: do you need to have a static public IP address at both
ends of the tunnel for it to work properly? I'll try to explain my set
up with as much detail as possible.

I've got a RB1000 with 5 public IPs and 4 different subnets, all
restricted communication via firewall rules. I'm trying to bridge access
into my primary subnet which is 192.168.1.0/24. All of my PPTP
connections come in and are assigned an IP address in the 192.168.2.0/28
range - communication with the 192.168.1.0/24 subnet is allowed through
the firewall rules and I have no problems with access here.

I've set aside a PPTP username for the remote office, given it a static
IP on the 2.x subnet and the PPTP tunnel comes up fine. The part I'm
confused on is with the EoIP tunnel and the remote endpoint IP addresses
I should be using. On my RB1000 (192.168.1.254) I have the remote
endpoint as 192.168.2.11, the IP of the PPTP client for the remote
office. At the remote office (an RB750) I've got the endpoint set to
192.168.1.254, figuring once the PPTP tunnel is up it should see this IP
address just fine. No dice.

Even when I disable the EoIP tunnel and try to ping from winbox, I can
only ping something on my 1.x subnet when I specifically set the PPTP
Tunnel as the interface (instead of using "any").

The remote end is a DSL connection that uses PPPoE.

I guess at this stage I'm just looking for a few pointers as to how this
*should* be set up.

Thanks!
Rory McCann
Minn-Kota Ag Products
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
attachment.html>
_______________________________________________
___________________________________________________

Posted on the Www.butchevans.com M mailing list. Go to http://www.butchevans.com/mailman/listinfo/mikrotik to subscribe.



20-07-2010 03:05 PM
3


I guess I figured as long as we're dealing with static internal IPs that
can be reached when the PPTP tunnel is established I could work around a
dynamic WAN IP address. I made the bridge with the EoIP tunnels and the
specified interfaces with a matching remote ID, etc.

The only other thing I can think of that I haven't tried is changing the
MTU. Right now the EoIP tunnel and PPTP tunnel are set to 1500, but I
think the PPPoE client into Qwest is set to 1480 - I don't know if it
will break things to change this to 1500, but I've seen mismatched MTU
settings cause strange issues before.


On 7/19/2010 5:44 PM, Josh Luthman wrote:
>> First question: do you need to have a static public IP address at both ends
>>
> of the tunnel for it to work properly? I'll try to explain my set up with as
> much detail as possible.
>
> Kind of. The config points to an IP. If the IP changes you'll need to
> update the config. You can write a script to combat this (kind of a
> hassle...)
>
> Config is pretty much just make a new bridge, include said eoip tunnel and
> the interface to bridge and then make the eoip tunnel config match (that is
> tunnel ID and destined IP).
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
> On Mon, Jul 19, 2010 at 6:40 PM, Rory McCann<> wrote:
>
>
>> Hi Everyone,
>>
>> I'm trying to set up an EoIP tunnel between my main location and a remote
>> office and am having a little difficulty making it work. I was able to get
>> it to work in lab, but I can't seem to make it work in the real world.
>>
>> First question: do you need to have a static public IP address at both ends
>> of the tunnel for it to work properly? I'll try to explain my set up with as
>> much detail as possible.
>>
>> I've got a RB1000 with 5 public IPs and 4 different subnets, all restricted
>> communication via firewall rules. I'm trying to bridge access into my
>> primary subnet which is 192.168.1.0/24. All of my PPTP connections come in
>> and are assigned an IP address in the 192.168.2.0/28 range - communication
>> with the 192.168.1.0/24 subnet is allowed through the firewall rules and I
>> have no problems with access here.
>>
>> I've set aside a PPTP username for the remote office, given it a static IP
>> on the 2.x subnet and the PPTP tunnel comes up fine. The part I'm confused
>> on is with the EoIP tunnel and the remote endpoint IP addresses I should be
>> using. On my RB1000 (192.168.1.254) I have the remote endpoint as
>> 192.168.2.11, the IP of the PPTP client for the remote office. At the remote
>> office (an RB750) I've got the endpoint set to 192.168.1.254, figuring once
>> the PPTP tunnel is up it should see this IP address just fine. No dice.
>>
>> Even when I disable the EoIP tunnel and try to ping from winbox, I can only
>> ping something on my 1.x subnet when I specifically set the PPTP Tunnel as
>> the interface (instead of using "any").
>>
>> The remote end is a DSL connection that uses PPPoE.
>>
>> I guess at this stage I'm just looking for a few pointers as to how this
>> *should* be set up.
>>
>> Thanks!
>> Rory McCann
>> Minn-Kota Ag Products
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:<
>> http://www.butchevans.com/pipermail/mikrotik/attachments/20100719/48a692dd/attachment.html
>>
>>>
>> _______________________________________________
___________________________________________________

Posted on the Www.butchevans.com M mailing list. Go to http://www.butchevans.com/mailman/listinfo/mikrotik to subscribe.


21-07-2010 08:18 PM
4


The issue was infact a missing route. I made a few small changes and was
able to get the tunnels to come up and pass traffic, however all of the
data being transmitted is very, very slow.

The remote end will actually be accessing the internet through the
tunnel since they will be assigned an IP from the DHCP server at our
main office. Traffic is barely breaking 150Kbps (as in 3x faster than
dialup). I should be seeing almost 1.5Mbps from this connection. Any
ideas why this might be happening?

The only thing I can think of is MTU/MRU funkiness. The Qwest PPPoE
client is now set at 1492 and the eoip and pptp tunnels are at 1500.

Rory McCann
Minn-Kota Ag Products
//

On 7/19/2010 6:30 PM, james wrote:
> Looks like there is a routing issue if you cannot ping the remote PPTP
> tunnel IP with the "any" interface
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
_______________________________________________
___________________________________________________

Posted on the Www.butchevans.com M mailing list. Go to http://www.butchevans.com/mailman/listinfo/mikrotik to subscribe.


27-07-2010 05:50 AM
5


On Wed, 2010-07-21 at 15:18 -0500, Rory McCann wrote:
> The only thing I can think of is MTU/MRU funkiness. The Qwest PPPoE
> client is now set at 1492 and the eoip and pptp tunnels are at 1500.

I didn't read all posts in this thread. Are you bridging 2 networks by
using a pptp tunnel with eoip inside this tunnel? If so, that will
cause all sorts of funky mtu issues. Try this first:
http://blog.butchevans.com/2009/12/how-to-bridge-distant-networks-using-routeros-and-pptp/

That tutorial will show how to create the same thing, but eliminates the
MTU issues (or part of them).

Couple of things you can try here:

If the pppoe interface is running 1492 for it's MTU, then you need to
set the pptp tunnel with MTU lower than that. The mss value for that
pppoe tunnel is 1452, which is the value I use for the MTU of the pptp
tunnel. Then, you can set the MRRU on both ends of the pptp tunnel to
1528 (1500 + 28 bytes for ethernet/vlan/etc header) and still transport
a full ethernet packet.

I know this is a rather terse answer, but it should give you a starting
point.

--
********************************************************************
* Butch Evans * Professional Network Consultation*
* http://www.butchevans.com/ * Network Engineering *
* http://store.wispgear.net/ * Wired or Wireless Networks *
* http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! *
********************************************************************

_______________________________________________
___________________________________________________

Posted on the Www.butchevans.com M mailing list. Go to http://www.butchevans.com/mailman/listinfo/mikrotik to subscribe.


28-07-2010 01:54 PM
6


I made the adjustments as suggested - it improved performance slightly
(about 3x), but still well below what I was expecting.

I'll give your tutorial a go in the near future and see how that works
minus the EoIP tunnel.

Thanks!

Rory McCann
Minn-Kota Ag Products
//

On 7/27/2010 12:50 AM, Butch Evans wrote:
> On Wed, 2010-07-21 at 15:18 -0500, Rory McCann wrote:
>
>> The only thing I can think of is MTU/MRU funkiness. The Qwest PPPoE
>> client is now set at 1492 and the eoip and pptp tunnels are at 1500.
>>
> I didn't read all posts in this thread. Are you bridging 2 networks by
> using a pptp tunnel with eoip inside this tunnel? If so, that will
> cause all sorts of funky mtu issues. Try this first:
> http://blog.butchevans.com/2009/12/how-to-bridge-distant-networks-using-routeros-and-pptp/
>
> That tutorial will show how to create the same thing, but eliminates the
> MTU issues (or part of them).
>
> Couple of things you can try here:
>
> If the pppoe interface is running 1492 for it's MTU, then you need to
> set the pptp tunnel with MTU lower than that. The mss value for that
> pppoe tunnel is 1452, which is the value I use for the MTU of the pptp
> tunnel. Then, you can set the MRRU on both ends of the pptp tunnel to
> 1528 (1500 + 28 bytes for ethernet/vlan/etc header) and still transport
> a full ethernet packet.
>
> I know this is a rather terse answer, but it should give you a starting
> point.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
_______________________________________________
___________________________________________________

Posted on the Www.butchevans.com M mailing list. Go to http://www.butchevans.com/mailman/listinfo/mikrotik to subscribe.