MikroTik IPIP Tunnels with OSPF
The MikroTik Security Guide and Networking with MikroTik: MTCNA Study Guide by Tyler Hart are available in paperback and Kindle!
Preface
Running an IP-IP tunnel between sites with OSPF for routing is an easy, dynamic site-to-site solution. We'll set up a tunnel, configure OSPF, and verify connectivity.
Navigation
Network Topology
The network topology for this writeup is two sites, each with a Mikrotik router: Site | WAN IP | LAN Subnet | LAN Gateway | Point-to-Point IP | --- | --- | --- | --- | --- | Philly | 1.1.1.1 | 192.168.1.0/24 | 192.168.1.1 | 10.255.0.1/30 | Seattle | 2.2.2.2 | 10.1.0.0/24 | 10.1.0.1 | 10.255.0.2/30 |
Both routers are connected to the internet and have a publicly routable address. Their respective LAN networks don't overlap, and we've set aside a 10.255.0.0/30 network for the point-to-point IPIP addresses. Using the high 10.255.0.0/30 network ensures it won't overlap with any additional sites that come online.
IPIP Tunnel
Setting up the IPIP tunnel is pretty straightforward - point one router to the other and that's it.
On the Philly router:
/interface ipip add name=Seattle remote-address=2.2.2.2 comment=Seattle
On the Seattle router:
/interface ipip add name=Philly remote-address=1.1.1.1 comment=Philly
Add the routable IP addresses to the IPIP tunnel interfaces. This gives OSPF something to run over between the two devices. Having a dynamic routing protocol running means this solution can grow beyond two sites.
On the Philly router:
/ip address add interface=Seattle address=10.255.0.1/30 comment="Seattle link"
On the Seattle router:
/ip address add interface=Philly address=10.255.0.2/30 comment="Philly link"
OSPF Routing
We'll use a very simple OSPF configuration since there's only two sites. Both sites will be put on the OSPF "Backbone" area, number zero. As the network grows you can add additional OSPF areas.
On the Philly router:
/routing ospf network
add comment="Seattle link" network=10.255.0.0/30
add comment="LAN" network=192.168.1.0/24
On the Seattle router:
/routing ospf network
add comment="Philly link" network=10.255.0.0/30
add comment="LAN" network=10.1.0.0/24
These configurations have OSPF advertising the point-to-point links between the routers, and the LAN's behind the routers. With those routes advertised we should have full reachability between sites.