Eoip tunnel on linux

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

License

ndmsystems/eoip-kernel

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

Kernel mode EOIP (Ethernet Over IP) tunnel compatible with MikroTik RouterOS

There are several projects doing the same job with userland utilities via tap interfaces and raw sockets. While a userland application is easier to install and maintain it lacks the perfomance and stability of an in-kernel module. Especially for the simple job of adding and stripping the EOIP tunneling headers. The userland tunneling application may be good for testing, research or concept proof projects but not suitable for production environments with high bandwidth requirements.

• to solve the perfomance issue with EOIP on Linux
• to make EOIP tunneling support a standard part of the Linux world

This code was developed on a 3.2.44 linux kernel and tested up to 3.2.51. It should not be hard to adapt it to older kernels and 3.4.x series. Bigger changes are required for 3.10+ kernel series.

cd path-to-kernel-source/linux-3.2.44 patch -p1 < path-to-eoip/kernel-patch/kernel-3.2.44-eoip-gre-demux.patch patch -p1 < path-to-eoip/kernel-patch/kernel-3.2.44-eoip-buildconf.patch patch -p1 < path-to-eoip/kernel-patch/kernel-3.2.44-eoip.patch 

afterwards configure the kernel in the usual ways make (menu/x/. )config and do not forget to select IP: EOIP tunnels over IP located under Networking options from Networking support

EOIP tunnel depends on IP: GRE demultiplexer - if it not selected then EOIP tunnel is not shown at all

Besides on embedded systems it is recommended to build EOIP and GRE demux as modules.

cd path-to-eoip/out-of-tree-X.Y.Z make make install 

For this to work at least the running kernel's headers should be available.

On Debian/Ubuntu systems this build process will place the newly built modules in /lib/modules/x.x.x.x/misc . Note that there will be two versions of gre.ko (the GRE demux). At least on 3.2.x it is safe to replace the original version with the modified one because it is backwards compatible.

The eoip.ko module cannot operate properly without the newly built version of GRE demux ( gre.ko ). If the original gre.ko is loaded then it should be removed and the newly built gre.ko loaded before loading eoip.ko .

Userland management utility

eoip - tunnel management utility

 eoip add tunnel-id [name ] [local ] [remote ]  [ttl ] [tos ] 

 eoip change name tunnel-id [local ] [remote ]  [ttl ] [tos ] 

• make a patch for iproute2 to include eoip support
• work towards making this code good enough for inclusion in official kernel/iproute2 releases

This code was developed based on information gathered from sniffed datagrams and information from similar projects without involving any reverse engineering of code from the closed source commercial product

The protocol is not documented and although it looks like there are no deviations in the header format this cannot be guaranteed in all environments or for future releases of the commercial product

After the IP header (which can be fragmented, MTU 1500 is usually used for tunnels) a GRE-like datagram follows. Note that RFC 1701 is mentioned in MikroTik's docs but there is nothing in common between the standard and the actual protocol used.

 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | GRE FLAGS 0x20 0x01 | Protocol Type 0x6400 | = MAGIC "\x20\x01\x64\x00" +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Encapsulated frame length | Tunnel ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ethernet frame. | 

Strangely enough the frame length is kept into network byte order and tunnel ID is in little endian byte order.

This code was tested and works without problems on quite a few different 32/64bit x86 systems.

No testing was done on non-x86 and big endian hardware.

There is no guarantee that there are no bugs left. Patches are welcome.

All code and code modifications in this project are released under the GPL licence. Look at the COPYING file.

Источник

ServerAdminBlog

Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol (stateless and light ethernet point to point tunnel protocol with 28 bytes static overhead) that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP tunnel may run over IPIP tunnel, PPTP tunnel or any other connection capable of transporting IP.

To connect Linux with Mikrotik over EoIP tunnel, you’ll need THIS.

# wget http://www.serveradminblog.com/wp-content/uploads/2016/03/linux-eoip-0.5.tar.gz # tar -xvzf linux-eoip-0.5.tar.gz # cd linux-eoip-0.5 # ./configure # make # make install

# wget http://www.serveradminblog.com/wp-content/uploads/2016/03/linux-eoip-0.5.tar.gz # tar -xvzf linux-eoip-0.5.tar.gz # cd linux-eoip-0.5 # ./configure # make # make install

Copy eoip.cfg to /etc dir, change settings inside according to your needs and save the file. If you use dynamic=1 option, take attention that there is no authorization,
and it is not secure. It is not good idea to use this feature with public ip or insecure(not completely under your control, each host) network.

For not lets suppose you need only one tunnel to remote IP address 1.1.1.1

On Mikrotik create EoIP tunnel with the same ID (1) and set your server’s IP address as remote IP. Run eoio with

# /usr/local/bin/eoip /etc/eoip.cfg

Add IP address to your eoip interface

# /sbin/ifconfig zeoip0 10.254.254.2 netmask 255.255.255.252 up

# /sbin/ifconfig zeoip0 10.254.254.2 netmask 255.255.255.252 up

And optionally add routes (if you have any)

# route add -net 10.2.0.0/16 gw 10.254.254.1

# route add -net 10.2.0.0/16 gw 10.254.254.1

Add the last few lines inside rc.local to enable tunnel after reboot. The eoip interface can be threaten just like any other interface.

# ifconfig zeoip0 Link encap:Ethernet HWaddr 5B:25:C9:44:6A:79 inet addr:10.254.254.2 Bcast:10.254.254.3 Mask:255.255.255.252 inet6 addr: fe80::5425:d9ff:fe80:6b79/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:167397 errors:0 dropped:0 overruns:0 frame:0 TX packets:138861 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:14934574 (14.2 MiB) TX bytes:12520192 (11.9 MiB) # ps ax|grep dhcp 5180 ? Ss 0:02 /usr/sbin/dhcpd eth1 zeoip0 27356 pts/1 S+ 0:00 grep dhcp

# ifconfig zeoip0 Link encap:Ethernet HWaddr 5B:25:C9:44:6A:79 inet addr:10.254.254.2 Bcast:10.254.254.3 Mask:255.255.255.252 inet6 addr: fe80::5425:d9ff:fe80:6b79/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:167397 errors:0 dropped:0 overruns:0 frame:0 TX packets:138861 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:14934574 (14.2 MiB) TX bytes:12520192 (11.9 MiB) # ps ax|grep dhcp 5180 ? Ss 0:02 /usr/sbin/dhcpd eth1 zeoip0 27356 pts/1 S+ 0:00 grep dhcp

As you can see, you can run dhcp server on eoip interface. Just open /etc/sysconfig/dhcpd and add DHCPDARGS=”eth1 zeoip0″ inside. Save the file and restart dhcp server.

19 thoughts on “ EoIP tunnel on Linux ”

great post Marinko , however i cant get it to work, n oerrors. # /usr/local/bin/eoip /etc/eoip.cfg i use that command and get (removed ip addresses, the command does not return to the shell but i push enter and i get my shell back, is that normal?) Creating tunnel: zeoip0 num 0
Destination for zeoip0: XXXXXXXXX
[root@wiwan60 ~]# RX thread set to cpu 0
TX thread(ID 1) set to cpu 1

@dave No it is not normal. Do you have zeoip0 after you enter ifconfig ? @user
remove permanently of just temp. ?

# /usr/local/bin/eoip /etc/eoip.cfg
Creating tunnel: zeoip0 num 0
Destination for zeoip0: *.*.*.*
ioctl-1: Device or resource busy

I have the next error: Affinity error 22 RX thread set to cpu 0. OS: CentOS 7.0 x86_64 What am I doing wrong?

Thank you for a great post Marinko. I have used it to add EOIP tunnel on OpenWRT router. Best regards and keep up with the good stuff.

First, the location of the file changed to https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/linux-eoip/linux-eoip-0.5.tgz
so maybe you can update it. Second, on what distro is this tested to work? I’ve tried Ubuntu 14.04 32 and 64 bit, Centos 5 32 bit – ./configure fails with an error: “Invalid configuration `i686-pc-linux-‘: machine `i686-pc-linux’ not recognized”. On the “issues” page of the linux-eoip project says that could be fixed by running “Try to run bootstrap.sh first”, but that produces following:
“./bootstrap.sh: line 10: aclocal: command not found” any thoughts?

Hi…
Thanks for note about the link. The latest version is now available on my server. On servers I’m using CentOS 6 (64bit) or CentOS 7 and I didn’t notice any problems you mentioned.
On desktop I’m using Mint 17.3 64bit (which is based on Ubuntu 14.04.x) and the steps shown above works fine. For aclocal problem, try to install automake and try again
# sudo apt-get install automake (on Ubuntu)
or
# yum install automake (on RH based distros)

In case anyone has the same issue as dave in the first comment, I resolved it by changing the source code and recompiling. When I run /usr/local/bin/eoip it wouldn’t exit unless I pressed enter. That messed up any custom scripting I tried to do to automate the process of bringing up the tunnels. I edited eoip.c and changed line 427 from
ret = daemon(1, 1);
to
ret = daemon(0, 0); Then I run make clean && make && make install
and now the eoip drops properly to background without any user interaction. I hope this helps someone to avoid scratching their heads trying to figure this one out 🙂

Hi
I set it up but after running I got error “Affinity error 22”
please help me what is this error and how can I resolve it? thanks

I could not get this working with version 0.5 DDRWRT router and as my research shows a lot of other people having problem with it as well. This is what happens with proprietary protocols. I get the affinity issues but I doubt that is the root cause, it is just a warning. For me it is:
09:02:05.868976 ARP, Request who-has 1.1.1.1 tell 10.0.0.103, length 28 I see this inside the eoip tunnel which is weird by itself as the request should be coming from the inside of the tunnel from 1.1.1.2 from the other side instead of the external ip of the other side. Also I would note when you compile 0.5 it says version 0.4 as well, useless junk.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Pages

Donate Dogecoin

Donate Dogecoin DLPHK4V8aw3vroHTvGfNyjYk3YrfQB1QgQ

Recent Posts

Blogroll

Источник