Configuring EoIP Tunnel Between MikroTik and Keenetic: Bridging Networks Over Private IPs
Published on 2025-07-17
In the world of networking, there’s often a need to bridge two remote LANs so they behave like a single local network—even when separated by different routers. For MikroTik users, the concept of EoIP (Ethernet over IP) is familiar: it’s a proprietary tunneling protocol that allows creation of a virtual Ethernet interface (Layer 2) over an IP network.
Good news for Keenetic users: since firmware NDMS v2.10, Keenetic routers also support EoIP! This opens up exciting possibilities for advanced network designs.
In this case study, we’ll go through configuring a fully functional EoIP tunnel between MikroTik and Keenetic using private IP addresses. This approach is ideal when working within a VPN or when GRE passthrough over NAT is correctly handled.
📌 What Is EoIP?
EoIP (Ethernet over IP) is a proprietary tunneling protocol developed by MikroTik. It operates over GRE (Generic Routing Encapsulation), which itself runs on top of IP (specifically, IP protocol 47). In essence, EoIP creates a virtual Ethernet cable between two devices, allowing them to exchange raw Ethernet frames as if they were directly connected. This means you can tunnel L2 traffic (VLAN, DHCP, ARP, PPPoE) transparently between sites.
📋 Requirements for Proper Operation
Before you begin, ensure the following:
IP Reachability: MikroTik and Keenetic must be able to reach each other via IP. This can be achieved if:
- They are in the same VPN (e.g., both clients of a VPN server, or site-to-site VPN is in place).
- Or if GRE (IP protocol 47) is correctly forwarded through NAT on both ends.
Private IP Usage: We’ll use private IPs for the tunnel setup. For example:
- MikroTik:
192.168.100.1(local IP for EoIP) - Keenetic:
192.168.200.1(remote IP for EoIP)
- MikroTik:
Matching Tunnel ID: It is critically important that
Tunnel IDis the same on both sides (e.g.,100).No GRE Blocking: Ensure no firewall or upstream provider blocks GRE (IP protocol 47).
🖧 Network Topology
Here’s our topology:
[LAN A] <--- Ethernet ---> MikroTik (tunnel IP: 192.168.100.1)
↑
| EoIP Tunnel (Tunnel ID: 100)
↓
[LAN B] <--- Ethernet ---> Keenetic (tunnel IP: 192.168.200.1)
We’ll establish a shared EoIP subnet: 192.168.88.0/24 for L2 bridging.
⚙️ MikroTik Configuration (RouterOS)
Connect to your MikroTik router (via Winbox, SSH or WebFig) and run the following:
1. Create EoIP Interface:
/interface eoip add name=eoip-keenetic \
remote-address=192.168.200.1 \
local-address=192.168.100.1 \
tunnel-id=100 comment="EoIP tunnel to Keenetic"
2. Create Bridge and Add Ports:
/interface bridge add name=br-eoip comment="Bridge for EoIP tunnel"
/interface bridge port add bridge=br-eoip interface=eoip-keenetic comment="Add EoIP interface to bridge"
/interface bridge port add bridge=br-eoip interface=ether2 comment="Add MikroTik LAN port (or VLAN) to bridge"
Replace ether2 with the actual LAN/VLAN interface you want to bridge.
3. Assign IP to the Bridge (optional):
/ip address add address=192.168.88.1/24 interface=br-eoip comment="IP for EoIP bridge"
⚙️ Keenetic Configuration (NDMS)
Access the CLI via System → Command Line in the web interface.
1. Create EoIP Interface:
interface EoIP0
tunnel source 192.168.200.1
tunnel destination 192.168.100.1
tunnel id 100
no shutdown
exit
2. Add EoIP Interface to Bridge:
interface Bridge0
bridge-group Bridge0
bridge-ports EoIP0 Ethernet0 # Replace with your LAN port
exit
Make sure to use a LAN port, not a WAN port.
3. Assign IP to Bridge (optional):
interface Bridge0
ip address 192.168.88.2/24
exit
system configuration save
✅ Verifying Tunnel Operation
On MikroTik:
- Check EoIP Interface:
/interface eoip print
Look for R (running) status.
- Ping Keenetic via EoIP:
/ping 192.168.88.2 interface=br-eoip
- Monitor Tunnel Traffic:
/tool torch interface=eoip-keenetic
On Keenetic:
- Check Interfaces:
show interfaces
- Ping MikroTik via EoIP:
ping 192.168.88.1
🛠️ Common Issues & Solutions
| Problem | Solution |
|---|---|
| Tunnel doesn’t go up | Check matching Tunnel ID and correct IPs |
| Interfaces up, no traffic | Ensure GRE (IP 47) is allowed through all firewalls |
| Behind NAT | Forward GRE protocol or use EoIP over VPN |
| MTU or packet fragmentation | Manually set MTU to ~1400 on both interfaces |
MikroTik MTU Fix:
/interface eoip set eoip-keenetic mtu=1400
Keenetic CLI MTU Fix:
interface EoIP0 mtu 1400
MSS Fix for Fragmentation:
/ip firewall mangle add chain=forward \
action=change-mss new-mss=1360 \
passthrough=yes protocol=tcp tcp-flags=syn \
out-interface=eoip-keenetic comment="Adjust MSS for EoIP"
🧩 Use Cases
- Extending L2 domains over WAN or VPN
- Bridging VLANs, DHCP, or PPPoE over multiple sites
- Access to non-IP devices (Layer 2 discovery, broadcast, etc.)
- Building highly available remote network links via EoIP + VPN
💬 Conclusion
Setting up an EoIP tunnel between MikroTik and Keenetic is a powerful example of how proprietary but well-implemented technologies can bridge complex networking needs. Using private IPs (over VPN or NAT) makes this method flexible, secure, and production-ready—perfect for small businesses, branch offices, or lab environments.
Related reviews
Huge thanks to Mikhail for the work — I'm very pleased with the result. Special thanks for his recommendations during setup: from my rather muddled brief (I know little about servers), Mikhail, through clarifying questions and suggestions, formed a clear understanding of what the final build would accomplish and how best to organize everything. I recommend him!
ladohinpy · MikroTik hAP router setup. I'll set up a MikroTik Wi‑Fi router for you.
2025-07-21 · ⭐ 5/5
Many thanks to Mikhail for the work, I am very pleased with the result. I especially thank him for the recommendations during the setup process — from my rather muddled brief (and I know little about servers) Mikhail, with clarifying questions and suggestions of his own, formulated a clear understanding of what tasks the final build will solve and how to organize everything in the best way. I recommend!
An excellent specialist, a savvy expert, and a wonderful person. In an hour he fixed what we'd been racking our brains over for days! I'm sure this won't be the last time we rely on his boundless professionalism.
Ravenor · MikroTik hAP router setup. I'll configure a MikroTik Wi-Fi router for you.
2025-05-28 · ⭐ 5/5
An excellent specialist, a savvy expert, and a wonderful person. In an hour he fixed for us what we had been scratching our heads over for days! I'm sure this won't be the first time we make use of his boundless professionalism.
A professional approach to the job!
ErlikZ · MikroTik hAP router setup. I'll set up a MikroTik Wi-Fi router for you.
2025-03-31 · ⭐ 5/5
Professional approach to the job!
Knows their stuff, gets things done. Everything was prompt and to the point; I was satisfied with the collaboration.
Soveni4 · MikroTik hAP router setup. I'll set up a MikroTik Wi‑Fi router for you.
A customer who has settled in2025-03-14 · ⭐ 5/5
Knows, can, does. Everything was prompt and to the point; I was satisfied with the collaboration.
Thanks! We set up the router according to my technical specification, with a full explanation of what we're doing.
GFSoft · MikroTik hAP router setup. I'll configure a MikroTik Wi‑Fi router for you.
Savvy shopper2025-03-09 · ⭐ 5/5
Thank you! The router was configured according to my technical specification, with a full explanation of what we are doing
Everything's great! Thanks! I recommend it.
NekMiha · Help with a MikroTik router
Powerful buyer2024-11-16 · ⭐ 5/5
Everything's great! Thank you! I recommend it