Lets suppose that we want to connect two seperate offices to one single LAN. where both offices have a
internet connection
to achive this we will be doing a EoIP tunnel inside PPTP connecton
EoIP is a Mikrotik specific method of bridging ethernet traffic over a routed network
The problem with using EoIP as a “VPN”, is that it is not encrypted. so we will be using a encrypted
pptp tunnel to get over this.
Note that the private ip range will be same
on both sides. This is not important for the tunnel to work, but one of
the purposes of EoIP is to bridge networks in this way. It should,
also,
be noted that a DHCP server on either end of the tunnel will be “seen” by equipment at both
ends of the tunnel.
First we will first build the PPtP tunnel. We will set the left router (10.1.1.1) as the PPtP server and the right
router (10.2.2.2) as the client.
Left router:
/interface pptp-server server set enabled=yes
/ppp secret
add name=”USERNAME” service=pptp password=”PASS” \
local-address=192.168.10.1 remote-address=192.168.10.2 \
disabled=no
The above configuration is all that is needed on the left router.
It should be noted that the IP range I chose for the tunnel is NOT
in the same range as the LAN segments. This is not strictly needed,
but it is good network design, since these interfaces will NOT be added to the bridge.
Right Router:
/interface pptp-client
add name=”pptp-tunnel1″ connect-to=10.1.1.1 \
user=”USERNAME” password=”PASS” \
profile=default-encryption add-default-route=no \
disabled=no
This is the full configuration needed for the tunnel on the right router. The profile section is a default setting,
but I generally specify it anyway.
The PPtP tunnel is now set up and you should see the tunnel as running
on both ends. You can see the tunnel interface in Winbox under “Interfaces” and “PPP->Interfaces”.
If you wish the see the IP addresses, you can see that under “IP->Addresses”.
Now we need to add the EoIP tunnel. This is the same on both ends,
with the exception of the IP address we are connecting to
LEFT:
/interface eoip add name=eoiptunnel remote-address=192.168.10.2 \
tunnel-id=101 disabled=no
RIGHT:
/interface eoip add name=eoiptunnel remote-address=192.168.10.1 \
tunnel-id=101 disabled=no
It is very important that the tunnel-id parameter be the same on both ends.
Next, we will add the bridge (this is the same on both ends):
/interface bridge add name=bridge1
Hard to believe it’s that easy, but it is.
Next, we set up the bridge ports. We will assume that the LAN side of the Mikrotik routers are the ether2 interface.
/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=eoiptunnel
The name eoiptunnel is the “name” parameter we used in the configuration we did above for the tunnel setup.
Devices on the right router should use 192.168.1.254 as their default gateway. They will be able
to see the 192.168.1.1, but if you use that as a default gateway for these devices, then ALL their traffic
will go across the bridge. This may be your desire, but it is important to note this fact.
(Reverse the above for devices on the left router.)
I’ve already mentioned the DHCP server. Note that IP addresses cannot be duplicated on either network.
The EoIP tunnel will act just like a (very long) ethernet cable plugged into a switch at both ends of the tunnel.
You are, literally, joining the 2 networks into ONE network.
source: http://fatalsite.net/?p=106
Tidak ada komentar:
Posting Komentar