Skip to content Skip to sidebar Skip to footer
Home / Mikrotik Tutorial

Configuring Site-to-Site VPN On MikroTik Routers Step-by-Step Tutorial

Post a Comment

A Site-to-Site EoIP (Ethernet over IP) Tunnel with IPsec is a great way to securely connect two MikroTik routers over the internet or any other untrusted network. In this tutorial, we will take a closer look at what an EoIP tunnel is, how it works, and how to set it up on two MikroTik routers.

MikroTik Site to Site EoIP Tunnel with IPsec

What is an EoIP Tunnel?

EoIP is a MikroTik proprietary tunneling protocol that allows you to create a virtual Ethernet network over IP networks. It encapsulates Ethernet frames in IP packets and forwards them over IP networks. This allows you to extend your Layer 2 network over Layer 3 networks such as the internet.

An EoIP tunnel can be used to connect two or more MikroTik routers over an untrusted network such as the internet. The EoIP tunnel encrypts and encapsulates the traffic in IP packets, and the IPsec encrypts and authenticates the traffic. This ensures that the traffic is secure and cannot be intercepted or modified by unauthorized entities.

How to Set Up an EoIP Tunnel with IPsec?

The following is a step-by-step guide on how to set up an EoIP tunnel with IPsec on two MikroTik routers:

Step 1: Configure the IP Addresses

First, you need to configure the IP addresses of the two routers that will be connected via the EoIP tunnel. You can do this by navigating to the IP > Addresses menu on both routers.

Router1: IP Address: 192.168.1.1 Subnet Mask: 24  Router2: IP Address: 192.168.2.1 Subnet Mask: 24

Step 2: Configure the EoIP Tunnel

Next, you need to configure the EoIP tunnel on both routers. You can do this by navigating to the Interfaces menu on both routers.

Router1: Interface Name: EoIP1 Local Address: 10.0.0.1 Remote Address: 10.0.0.2 Tunnel ID: 1 Keepalive Timeout: 10  Router2: Interface Name: EoIP1 Local Address: 10.0.0.2 Remote Address: 10.0.0.1 Tunnel ID: 1 Keepalive Timeout: 10

The Remote Address field should contain the IP address of the remote router, and the Tunnel ID should be the same on both routers. The Local Address can be any IP address that is not in the same subnet as the IP addresses of the two routers.

Step 3: Configure the IPsec Policy

After configuring the EoIP tunnel, you need to configure the IPsec policy on both routers. You can do this by navigating to the IP > IPsec menu on both routers.

Router1: Policy Name: Policy1 Src. Address: 192.168.1.0/24 Dst. Address: 192.168.2.0/24 Protocol: all Proposal: default Level: required Auth. Method: pre-shared-key Secret: mysecretkey  Router2: Policy Name: Policy1 Src. Address: 192.168.2.0/24 Dst. Address: 192.168.1.0/24 Protocol: all Proposal: default Level: required Auth. Method: pre-shared-key Secret: mysecretkey

The Secret field should contain a shared key that is known to both routers. This key is used to authenticate the traffic between the two routers.

Step 4: Configure the Firewall Rules

After configuring the IPsec policy, you need to configure the firewall rules on both routers to allow traffic between the two subnets. You can do this by navigating to the IP > Firewall menu on both routers.

Router1: Chain: forward Src. Address: 192.168.1.0/24 Dst. Address: 192.168.2.0/24 Protocol: all Action: accept  Router2: Chain: forward Src. Address: 192.168.2.0/24 Dst. Address: 192.168.1.0/24 Protocol: all Action: accept

Step 5: Test the Connection

After configuring all the necessary settings, you can test the connection between the two routers. You can do this by pinging the IP address of the other router from each router.

Router1: ping 192.168.2.1  Router2: ping 192.168.1.1

If the ping is successful, then the connection is established, and you can now transfer data between the two networks over the EoIP tunnel with IPsec.

Final Thoughts

An EoIP tunnel with IPsec is a secure and reliable way to connect two MikroTik routers over an untrusted network. It encrypts and encapsulates the traffic to ensure that it cannot be intercepted or modified by unauthorized entities. With the above step-by-step guide, you can easily set up an EoIP tunnel with IPsec on your MikroTik routers.

It is important to note that the above guide only covers the basic configuration settings for an EoIP tunnel with IPsec. You can further customize the settings to suit your specific needs and requirements.

MikroTik Site to Site EoIP Tunnel with IPsec - System Zone
ipsec openvpn mikrotik vpn eoip ipip routeros gre routers ikev2 configure client nordvpn howto konfiguracja navigazione anonima systemzone elektroda blogamico


Fig: MikrotikRouter Site-to-site IPSec VPN Tunnel Configuration has One
vpn ipsec mikrotik router site tunnel dhcp address configuration side ip fig gif


MikroTik VPN Configuration with PPTP (Connecting Remote Client
mikrotik vpn pptp


How to configure Mikrotik PPTP remote access vpn
mikrotik vpn pptp remote access configure



You may like these posts :

Post a Comment for "Configuring Site-to-Site VPN On MikroTik Routers Step-by-Step Tutorial"