In the world of networking, there’s often a need to bridge two remote LANs so they behave like a single local network—even when separated by different routers. For MikroTik users, the concept of EoIP (Ethernet over IP) is familiar: it’s a proprietary tunneling protocol that allows creation of a virtual Ethernet interface (Layer 2) over an IP network.

Good news for Keenetic users: since firmware NDMS v2.10, Keenetic routers also support EoIP! This opens up exciting possibilities for advanced network designs.

In this case study, we’ll go through configuring a fully functional EoIP tunnel between MikroTik and Keenetic using private IP addresses. This approach is ideal when working within a VPN or when GRE passthrough over NAT is correctly handled.

📌 What Is EoIP?

EoIP (Ethernet over IP) is a proprietary tunneling protocol developed by MikroTik. It operates over GRE (Generic Routing Encapsulation), which itself runs on top of IP (specifically, IP protocol 47). In essence, EoIP creates a virtual Ethernet cable between two devices, allowing them to exchange raw Ethernet frames as if they were directly connected. This means you can tunnel L2 traffic (VLAN, DHCP, ARP, PPPoE) transparently between sites.

📋 Requirements for Proper Operation

Before you begin, ensure the following:

• IP Reachability: MikroTik and Keenetic must be able to reach each other via IP. This can be achieved if:

  • They are in the same VPN (e.g., both clients of a VPN server, or site-to-site VPN is in place).
  • Or if GRE (IP protocol 47) is correctly forwarded through NAT on both ends.

• Private IP Usage: We’ll use private IPs for the tunnel setup. For example:

  • MikroTik: 192.168.100.1 (local IP for EoIP)
  • Keenetic: 192.168.200.1 (remote IP for EoIP)

• Matching Tunnel ID: It is critically important that Tunnel ID is the same on both sides (e.g., 100).

• No GRE Blocking: Ensure no firewall or upstream provider blocks GRE (IP protocol 47).

🖧 Network Topology

Here’s our topology:

[LAN A] <--- Ethernet ---> MikroTik (tunnel IP: 192.168.100.1)
                              ↑
                              | EoIP Tunnel (Tunnel ID: 100)
                              ↓
[LAN B] <--- Ethernet ---> Keenetic (tunnel IP: 192.168.200.1)

We’ll establish a shared EoIP subnet: 192.168.88.0/24 for L2 bridging.

⚙️ MikroTik Configuration (RouterOS)

Connect to your MikroTik router (via Winbox, SSH or WebFig) and run the following:

1. Create EoIP Interface:

/interface eoip add name=eoip-keenetic \
  remote-address=192.168.200.1 \
  local-address=192.168.100.1 \
  tunnel-id=100 comment="EoIP tunnel to Keenetic"

2. Create Bridge and Add Ports:

/interface bridge add name=br-eoip comment="Bridge for EoIP tunnel"
/interface bridge port add bridge=br-eoip interface=eoip-keenetic comment="Add EoIP interface to bridge"
/interface bridge port add bridge=br-eoip interface=ether2 comment="Add MikroTik LAN port (or VLAN) to bridge"

Replace ether2 with the actual LAN/VLAN interface you want to bridge.

3. Assign IP to the Bridge (optional):

/ip address add address=192.168.88.1/24 interface=br-eoip comment="IP for EoIP bridge"

⚙️ Keenetic Configuration (NDMS)

Access the CLI via System → Command Line in the web interface.

1. Create EoIP Interface:

interface EoIP0
  tunnel source 192.168.200.1
  tunnel destination 192.168.100.1
  tunnel id 100
  no shutdown
exit

2. Add EoIP Interface to Bridge:

interface Bridge0
  bridge-group Bridge0
  bridge-ports EoIP0 Ethernet0  # Replace with your LAN port
exit

Make sure to use a LAN port, not a WAN port.

3. Assign IP to Bridge (optional):

interface Bridge0
  ip address 192.168.88.2/24
exit
system configuration save

✅ Verifying Tunnel Operation

On MikroTik:

• Check EoIP Interface:

/interface eoip print

Look for R (running) status.

• Ping Keenetic via EoIP:

/ping 192.168.88.2 interface=br-eoip

• Monitor Tunnel Traffic:

/tool torch interface=eoip-keenetic

On Keenetic:

• Check Interfaces:

show interfaces

• Ping MikroTik via EoIP:

ping 192.168.88.1

🛠️ Common Issues & Solutions

MikroTik MTU Fix:

/interface eoip set eoip-keenetic mtu=1400

Keenetic CLI MTU Fix:

interface EoIP0 mtu 1400

MSS Fix for Fragmentation:

/ip firewall mangle add chain=forward \
  action=change-mss new-mss=1360 \
  passthrough=yes protocol=tcp tcp-flags=syn \
  out-interface=eoip-keenetic comment="Adjust MSS for EoIP"

🧩 Use Cases

• Extending L2 domains over WAN or VPN
• Bridging VLANs, DHCP, or PPPoE over multiple sites
• Access to non-IP devices (Layer 2 discovery, broadcast, etc.)
• Building highly available remote network links via EoIP + VPN

💬 Conclusion

Setting up an EoIP tunnel between MikroTik and Keenetic is a powerful example of how proprietary but well-implemented technologies can bridge complex networking needs. Using private IPs (over VPN or NAT) makes this method flexible, secure, and production-ready—perfect for small businesses, branch offices, or lab environments.