Let us assume we want to bridge two networks: ‘Office LAN’ and ‘Khulna LAN’. The networks are connected to an IP network through the routers [Dhaka] and [Khulna]. The IP network can be a private intranet or the Internet. Both routers can communicate with each other through the IP network.
Our goal is to create a secure channel between the routers and bridge both networks through it. The network setup diagram is as follows:
To make a secure Ethernet bridge between two routers you should:
- Create a PPTP tunnel between them. Dhaka will be the pptp server:
a) [admin@Dhaka] interface pptp-server> /ppp secret add service=pptp b) ... password=top_s3 local-address=10.0.0.1 Khulna-address=10.0.0.2 c) [admin@Dhaka] interface pptp-server> add user=joe d) [admin@Dhaka] interface pptp-server> server set enable=yes e) [admin@Khulna] interface pptp-client> add user=joe f) ... connect-to=192.168.1.1 password=top_s3 mtu=1500 mru=1500 g) [admin@Khulna] interface pptp-client> enable pptp
See the PPTP Interface Manual for more details on setting up encrypted channels.
2. Configure the EoIP tunnel by adding the eoip tunnel interfaces at both routers. Use the ip addresses of the pptp tunnel interfaces when specifying the argument values for the EoIP tunnel:
a) [admin@Dhaka] interface eoip> add tunnel-id=0 b) ... Khulna-address=10.0.0.2 c) [admin@Dhaka] interface eoip> enable eoip-Khulna d) [admin@Khulna] interface eoip> add tunnel-id=0 e) ... Khulna-address=10.0.0.1 f) [admin@Khulna] interface eoip> enable eoip-main
- Enable bridging between the EoIP and Ethernet interfaces on both routers.
On the Dhaka:
[admin@Dhaka] interface bridge> add [admin@Dhaka] interface bridge> print Flags: X - disabled, R - running 0 R mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s [admin@Dhaka] interface bridge> port add bridge=bridge1 interface=eoip-Khulna [admin@Dhaka] interface bridge> port add bridge=bridge1 interface=office-eth [admin@Dhaka] interface bridge> port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST 0 eoip-Khulna bridge1 128 10 1 office-eth bridge1 128 10 [admin@Dhaka] interface bridge>
And the same for the Khulna:
[admin@Khulna] interface bridge> add [admin@Khulna] interface bridge> print Flags: X - disabled, R - running 0 R mtu=1500 arp=enabled mac-address=00:00:00:00:00:00 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s [admin@Khulna] interface bridge> port add bridge=bridge1 interface=ether [admin@Khulna] interface bridge> port add bridge=bridge1 interface=eoip-main [admin@Khulna] interface bridge> port print Flags: X - disabled, I - inactive, D - dynamic # INTERFACE BRIDGE PRIORITY PATH-COST 0 ether bridge1 128 10 1 eoip-main bridge1 128 10 [admin@Khulna] interface bridge> port print
Addresses from the same network can be used both in the Office LAN and in the Khulna LAN.
The routers can ping each other but EoIP tunnel does not seem to work!
Check the MAC addresses of the EoIP interfaces – they should not be the same!