I am trying to set up a number of EoIP tunnels from remote devices, terminating on one central "concentrator" device, where the tunnels are encrypted using IPSec transport.

I have successfully set up one tunnel, but when I tried to add more, it didn't work. I then remembered that the EoIP tunnel-ids had to be different for different tunnels. For my first tunnel I had just left the tunnel-id at the default value of 0.

Even with only one tunnel, if I change the tunnel-id to anything other than 0, the tunnel does not work. Traffic is encapsulated and encrypted with IPSec, and arrives at the other end, but the packets do not then appear on the bridge at the remote device.

I assumed initially that there is some issue with the encryption and decryption of the GRE Key part of the packet (the tunnel-id forms part of this), but I have tried testing it without any IPSec and it still doesn't work unless the EoIP tunnel-id is equal to zero.

Can anyone shed any light on this? My understanding from reading around is that the only requirement for EoIP tunnels it that they should have unique MAC Addresses (which mine do) and the same tunnel-id (which mine do). Does anyone know why this wouldn't work with tunnel-id not equal to zero? Any suggestions for things to debug?

By the way I am using RouterOS 4.6 on RouterBoard 750Gs.

Thanks,

Andy

I have upgraded to RouterOS 4.7 and this problem still persists. EoIP tunnel works if tunnel-id=0, but doesn't work with other values.