Layer2 VPN Server

Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. A VLAN is a logical grouping that allows end users to communicate as if they were physically connected to a single isolated LAN, independent of the physical configuration of the network.

It's required that you have switch that support 802.1Q VLAN and shows how to setup Layer 2 VPN Server. Configuration of switches not added coz it depends on how network you have.

With this example we group devices on one or more LANs that are configured ,so that they can communicate as if they were attached to the same wire when in fact they are located on a number of different LAN segments. Using EoIP you can reach routers that are connected by wireless and with vlans we then segment network. Because VLANs are based on logical instead of physical connections, they are extremely flexible. So, in my network i added a few location that goes througt fiber optic and about 40 wireless locations.

Server Side:
First, install latest Mikrotik OS on computer with 2 ethernet intefaces.

Now lets configure them.
/interface set 0 name=ether1-internet
set 1 name=ether2-trunk

/ip address add address=195.101.10.5/29 interface=ether1-internet comment="" disabled=no


Create Eoip interface for remote router1:

/interface eoip
add name=eoip-router1 tunnel-id=310 remote-address=196.200.50.5 comment="" disabled=no

Create vlan for remote router1:

/interface vlan
add name=vlan-router1 interface=ether2-trunk vlan-id=310 comment="" disabled=no
Now bridge eoip and vlan:

/interface bridge
add name=bridge-to-router1

/interface bridge port
add interface=eoip-router1 bridge=bridge-to-router1
add interface=vlan-router1 bridge=bridge-to-router1


Now we add configuration for remote router2
Create Eoip interface for remote router2:

/interface eoip
add name="eoip-router2" tunnel-id=312 remote-address=196.200.50.6 comment="" disabled=no

Create vlan for remote router2:

/interface vlan
add name=vlan-router2 interface=ether2-trunk vlan-id=312 comment="" disabled=no
Now bridge eoip and vlan:

/interface bridge
add name=bridge-to-router2

/interface bridge port
add interface=eoip-router2 bridge=bridge-to-router2 comment="" disabled=no
add interface=vlan-router2 bridge=bridge-to-router2 comment="" disabled=no


Remote Router1 side:
/interface eoip
add name=eoip-client remote-address=195.101.10.5 tunnel-id=310 comment="" disabled=no

/interface bridge
add name=bridge-to-router1

/interface bridge port
add interface=eoip-client bridge=bridge-to-router1 comment="" disabled=no
add interface=ether1 bridge=bridge-to-router1 comment="" disabled=no

Remote Router2 side:
/interface eoip
add name=eoip-client remote-address=195.101.10.5 tunnel-id=312 comment="" disabled=no

/interface bridge
add name=bridge-to-router2

/interface bridge port
add interface=eoip-client bridge=bridge-to-router2 comment="" disabled=no
add interface=ether1 bridge=bridge-to-router2 comment="" disabled=no




Depends on the network you have , some modifications are required , and dont forget to add and configure conresponding VLANS on Allied Telesyn, Cisco , etc. switches.

TIP: You can always add some address to bridge, just to check if there is connectivity to remote router with ping command.

Server side: /ip address
add adress=192.168.100.1/30 interface=bridge-to-router1 comment="" disabled=no

Remote router side: /ip address
add address=192.168.100.2/30 interface=bridge-to-router1 comment="" disabled=no