Ciao a tutti, sono giorni che lotto dietro a questa configurazione:
WAN¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯WAN
sonicwall--------------VPN IPSEC------------sonicwall
LAN A______________________________LANB
mikrotik -----------------IPOE----------------mikrotik
LAN B
e nulla, il tunnel IPOE non sale, questo il template che ho usato:
As you've properly concluded yourself, you need a bridge. So let's say
that currently, 192.168.1.253/24 is statically configured at ether1
directly. So you do the following:
/interface bridge add name=br-x
Now press Ctrl-X to get to safe mode if you are connected via ether1
/interface bridge port add bridge=br-x interface=ether1 ; /ip address
set [find interface=ether1] interface=br-x
if you don't lose connection, you can press Ctrl-X again to leave safe
mode and remove the changes above from the rollback buffer (of course
do not press it now if you didn't press it in the step above)
if some IP firewall rules are used at the Mikrotik, replace ether1 by
br-x everywhere
Next, you set up the EoIP tunnel:
/interface eoip add name=eoip-site2 local-address=192.168.1.253
remote-address=192.168.2.253 mtu=1500 disabled=yes
Setting the MTU is very important, as if you leave it at auto, it will
accommodate to the actual MTU of the port through which the tunnel
transport packets will leave, minus the EoIP header. But as the MTU of
a bridge is automatically set to the lowest MTU of all the ones
reported by member ports, and as in this particular setup the EoIP
transport packets leave through the bridge, the MTU would decrease to
0 in a few steps as soon as you'd make the EoIP a member port of the
bridge. If you force the MTU of the EoIP to 1500, it will accept large
enough Ethernet frames to carry the 1500-byte IP packets at the tunnel
interface, and silently fragment them into small enough transport
packets if necessary.
Now you can add the EoIP interface to the same bridge like ether1:
/interface bridge port add bridge=br-x interface=eoip-site2
At the other site, the interface to which 192.168.2.253/24 is attached
stays alone (as you don't want the two subnets to share the same L2
segment). So the EoIP tunnel there will be set using
/interface eoip add name=eoip-site1 local-address=192.168.2.253
remote-address=192.168.1.253 mtu=1500 disabled=yes
If you use the default firewall on the Mikrotiks, add protocol=!gre to
the action=drop connection-state=invalid rule in chain input of /ip
firewall filter
Once done, you can enable the EoIP tunnel interfaces at both ends.
Now you have to make the EoIP tunnel interface at Mikrotik 2 and the
the Ethernet port to which the switch for the Site 1's LAN extension
is connected member ports of the same bridge.
a chiunque in grado di aiutarmi prometto una statua nella piazza a piacimento, una serata con mia moglie o cosa preferisce;-)
