With the release of Mikrotik RouterOS 6.30 , you can now put IPSEC security over an EoIP Tunnel. Creating a secure encrypted, easy to setup VPN.
For sites with dynamic addresses, you need to keep the local and remote IPs updated.
I have my tunnels called eoip- then tunnel number then .site name. E.G. eoip-222.myhouse
I’m using IPCloud addresses but you can use any dyndns addresses or even fixed DNS Names. But if they are coming from a dynamic site, IP Cloud is the easiest way.
:global “EoIPTunnel1” “eoip-Number.Name”
:global “EoIPRemote1” “remoterouter.sn.mynetname.net”
:global “EoIPLocal1” “localrouter.sn.mynetname.net”
:global “EoIPRemoteIP1” [:resolve $”EoIPRemote1“]
:global “EoIPLocalIP1” [:resolve $”EoIPLocal1“]
:global “EoIPConnectTo1” [/interface eoip get $EoIPTunnel1 remote-address]
:global “EoIPConnectFrom1” [/interface eoip get $EoIPTunnel1 local-address]:if ($EoIPRemoteIP1 != $EoIPConnectTo1) do={
:log info “****** Updating EoIP Tunnel – Remote end for $EoIPTunnel1”
/interface eoip set $”EoIPTunnel1” remote-address=$”EoIPRemoteIP1“}
:if ($EoIPRemoteIP1 = $EoIPConnectTo1) do={
:log info “**** No Update necessary for EoIP Tunnel – Remote End $EoIPTunnel1“}:if ($EoIPLocalIP1 != $EoIPConnectFrom1) do={
:log info “****** Updating EoIP Tunnel – Local End for $EoIPTunnel1”
/interface eoip set $”EoIPTunnel1” local-address=$”EoIPLocalIP1“}
:if ($EoIPLocalIP1 = $EoIPConnectFrom1) do={
:log info “**** No Update necessary for EoIP Tunnel – Local End $EoIPTunnel1“}
This will then allow connection between two sites with changing addresses.
Save the script as something good. I have EoIP.222
Add it into the scheduler and your set.
/system scheduler
add interval=9m name=EoIP.222 on-event=EoIP.222 policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/01/1970 start-time=00:00:01
« Mikrotik IPSEC VPN failover to PPTP on main link failure Active / Active failover VPN over SSTP »