Will be good have possibility configure EoIP in VyOS for connect MikroTik/Linux.
Description
Details
- Difficulty level
- Hard (possibly days)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Feature (new functionality)
Related Objects
- Mentioned In
- T3057: Document GRE-Bridge in 1.3 once fixed
Event Timeline
According to https://help.mikrotik.com/docs/pages/viewpage.action?pageId=24805521 , "EoIP" is simply Ethernet over GRE. We already support that, with the "gre-bridge" encapsulation.
Someone needs to test that with a Mikrotik.
Version of Vyos I have is:
vyos@vyos:~$ show version Version: VyOS 1.3-rolling-202008200357 Release Train: equuleus
Per checking, it seems on this version of Vyos I am unable to add the GRE interface to the bridge:
Config I have is:
+tunnel tun100 { + encapsulation gre-bridge + local-ip 192.168.255.13 + parameters { + ip { + key 10 + } + } + remote-ip 192.168.255.9 +} +bridge br100 { +}
When I try to commit that I get:
[ interfaces tunnel tun100 ] Can not set "key" for tunnel gre-bridge tun100 at tunnel creation
The other problem is, the ability to add the gre-bridge is removed it seems. When I try to from the tunnel the option is gone:
vyos@vyos# set interfaces tunnel tun100 parameters ip Possible completions: key Tunnel key tos Type of Service (TOS) ttl Time to live field
Per link here (https://wiki.vyos.net/wiki/IP_tunneling) there's a line that says:
set interfaces tunnel tun0 parameters ip bridge-group bridge br0
So it seems like that ability is removed. We also need to be able to set the GRE tunnel key as I believe Mikrotik uses that as the call identifier.
For reference, here's the actual packet transmission. It seems that Mikrotik uses the GRE with PPTP header (listed as GREv1), and uses a call identifier setting as can be seen below:
05:36:59.496050 IP (tos 0x0, ttl 250, id 27648, offset 0, flags [none], proto GRE (47), length 28) 192.168.255.9 > 192.168.255.13: GREv1, Flags [key present], call 2560, no-payload, length 8 05:36:59.496096 IP (tos 0xc0, ttl 64, id 10566, offset 0, flags [none], proto ICMP (1), length 56) 192.168.255.13 > 192.168.255.9: ICMP 192.168.255.13 protocol 47 unreachable, length 36 IP (tos 0x0, ttl 250, id 27648, offset 0, flags [none], proto GRE (47), length 28) 192.168.255.9 > 192.168.255.13: GREv1, Flags [key present], call 2560, no-payload, length 8
Per link here (https://wiki.vyos.net/wiki/IP_tunneling) there's a line that says:set interfaces tunnel tun0 parameters ip bridge-group bridge br0
It's old documentation.
For adding an interface to bridge use:
set interfaces bridge br0 member interface tun100
@Viacheslav, when I try that I get the following:
Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces-bridge.py", line 136, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/interfaces-bridge.py", line 127, in apply br.update(bridge) File "/usr/lib/python3/dist-packages/vyos/ifconfig/bridge.py", line 245, in update self.add_port(interface) File "/usr/lib/python3/dist-packages/vyos/ifconfig/bridge.py", line 180, in add_port return self.set_interface('add_port', interface) File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 184, in set_interface return self._set_command(self.config, name, value) File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 109, in _set_command return self._command_set[name].get('format', lambda _: _)(self._cmd(cmd)) File "/usr/lib/python3/dist-packages/vyos/ifconfig/control.py", line 51, in _cmd return cmd(command, self.debug) File "/usr/lib/python3/dist-packages/vyos/util.py", line 179, in cmd raise OSError(code, feedback) FileNotFoundError: [Errno 2] failed to run command: ip link set dev tun100 master br100 returned: exit code: 2 noteworthy: cmd 'ip link set dev tun100 master br100' returned (out): returned (err): RTNETLINK answers: Invalid argument [[interfaces bridge br100]] failed Commit failed
It seems attempting to put the GRE tunnel into the bridge interface it fails out from the ip command on the command line.
By the way, mikrotik IPoE format doesn't compatible with VyOS
If someone wants to experiment:
VyOS-wan
set interfaces bridge br0 member interface eth1 set interfaces bridge br0 member interface tun0 set interfaces ethernet eth0 address '203.0.113.1/30' set interfaces tunnel tun0 encapsulation 'gretap' set interfaces tunnel tun0 multicast 'disable' set interfaces tunnel tun0 remote '203.0.113.2' set interfaces tunnel tun0 source-address '203.0.113.1'
Mikrotik:
/interface bridge add name=bridge1 /interface ethernet set [ find default-name=ether2 ] disable-running-check=no set [ find default-name=ether3 ] disable-running-check=no /interface eoip add local-address=203.0.113.2 mac-address=FE:4A:87:04:95:6E name=eoip-remote remote-address=203.0.113.1 tunnel-id=0 /interface list add name=WAN /interface bridge port add bridge=bridge1 interface=eoip-remote add bridge=bridge1 interface=ether2 /interface list member add interface=ether1 list=WAN /ip address add address=203.0.113.2/30 interface=ether3 network=203.0.113.0
Tcpdump:
vyos@vyos-wan:~$ sudo tcpdump -ntvi eth0 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes IP (tos 0x0, ttl 255, id 21248, offset 0, flags [none], proto GRE (47), length 28) 203.0.113.2 > 203.0.113.1: GREv1, Flags [key present], call 0, no-payload, length 8 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 203.0.113.1 tell 203.0.113.2, length 28 ARP, Ethernet (len 6), IPv4 (len 4), Reply 203.0.113.1 is-at 0c:ce:62:78:00:00, length 28 IP (tos 0x0, ttl 255, id 21504, offset 0, flags [none], proto GRE (47), length 28) 203.0.113.2 > 203.0.113.1: GREv1, Flags [key present], call 0, no-payload, length 8 IP (tos 0x0, ttl 255, id 21760, offset 0, flags [none], proto GRE (47), length 28) 203.0.113.2 > 203.0.113.1: GREv1, Flags [key present], call 0, no-payload, length 8
Tcpdump if "left office" send pings:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes IP (tos 0x0, ttl 64, id 59841, offset 0, flags [DF], proto GRE (47), length 66) 203.0.113.1 > 203.0.113.2: GREv0, Flags [none], length 46 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 100.64.0.12 tell 100.64.0.11, length 28 IP (tos 0x0, ttl 64, id 60583, offset 0, flags [DF], proto GRE (47), length 66) 203.0.113.1 > 203.0.113.2: GREv0, Flags [none], length 46 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 100.64.0.12 tell 100.64.0.11, length 28 IP (tos 0x0, ttl 64, id 61112, offset 0, flags [DF], proto GRE (47), length 66) 203.0.113.1 > 203.0.113.2: GREv0, Flags [none], length 46 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 100.64.0.12 tell 100.64.0.11, length 28
To get it working maybe need custom patches, more details https://github.com/bbonev/eoip
Note "Note that RFC 1701 is mentioned in MikroTik's docs but there is nothing in common between the standard and the actual protocol used."
Closes it as wontfix
Note "Note that RFC 1701 is mentioned in MikroTik's docs but there is nothing in common between the standard and the actual protocol used."