11 comments on “Ethernet over IP with DD-WRT and dynamic IPs

  1. Just curious why the startup script has to be delayed (by restarting cron after some time)? I noticed this must also be done for your next post on ebtables, i.e. ebtables module has to be loaded only after some time.

    • I have added sleep for 60 seconds because it didn`t work without delay. Because this is started on startup it needs to wait for some services to start, but probably it can be optimized.

  2. #!/bin/sh
    TESTIP=`ping -c1 xxxxx.dyndns.org | egrep -o ‘([0-9]{1,3}\.){3}[0-9]{1,3}’ -m 1`
    TESTOET=`nvram show | grep oet3_rem | egrep -o ‘([0-9]{1,3}\.){3}[0-9]{1,3}’ `
    if [ $TESTOET != $TESTIP ]; then
    nvram set oet3_rem=$TESTIP ;
    /etc/config/eop-tunnel.startup >/dev/null ;
    date >/tmp/last-run-cron ;
    else
    date >/tmp/last-run-cron ;
    fi

    This is how i use it ofc added the cron table command. Atm i dont see no beter option to run the ting 🙁

  3. Hi, I couldn’t find any technical details upon DD-WRT’s implementation of EoIP. There is Mikrotik’s EoIP that is based on GRE (RFC 1701) with simply customized Key field. How about this EoIP? Or is it just OpenVPN in ‘tap’ mode?

    Regards

    • EoIP in DD-WRTs implementation is a TAP tunnel but not an OpenVPN. I saw on the web that Mikrotik`s EoIP is not compatible with this EoIP, and as far as I know there is no documentation on the implementation or how to link it with another EoIP device (for example Linux machine with tap tunnel and etc.). If you have two or more DD-WRTs, this can be useful to link remote sites with layer 2 links 😉

      • Thanks for clarifying. 🙂
        I’m not DD-WRT-involved, but I’m doing kinda review on Ethernet/VLAN-capable pseudowires.
        FYI, Mikrotik’s EoIP open-source implementation can be found, take a look at linux-eoip for instance. Works fine if someone would need it for compatibility with Mikrotik’s EoIP.

        Regards:)

  4. I tried to use “ip tunnel change oet1 remote $new_IP” but the tunnel never worked afterwards, even after bring down/up the interface.

  5. Of course, the risk here is quite high. Using EoIP across the internet means no authentication, no encryption, and the potential for MITM (Man in the Middle) attacks (e.g., arp poisoning). For this reason, EoIP should be limited to internal usage. But I suppose there will always be somebody somewhere who considers it worth the risk.

    As far as the startup problem, this should probably be installed as a wanup script rather than trying to guess the timing about when the WAN is up.

    SCRIPT_DIR=”/tmp/etc/config”
    SCRIPT=”$SCRIPT_DIR/eoip.wanup”
    mkdir -p $SCRIPT_DIR
    cat < $SCRIPT
    ### your script goes here ###
    EOF
    chmod +x $SCRIPT

    Personally, I don’t recommend using CRON for something that runs continuously. There are startup/shutdown costs associated w/ running CRON and these scripts. Instead, the script should contains its own periodic loop. CRON is ideal for situations where you rarely need the script executed. But for something running every 60 secs, 5 minutes, etc., it’s just too inefficient.

    Finally, it’s only a routed (tun) OpenVPN tunnel that limits you to IP. Using a bridged (tap) OpenVPN tunnel will support any other protocols available over ethernet. Using OpenVPN will also add back much of the security lost w/ EoIP. Even if you simplify the OpenVPN configuration using static keys rather than PKI.

    But again, I get the appeal of EoIP — simplicity. Just beware of the risks.

    • Yes, there is risk but this could be useful if you are using some protocol that is rare and not possible to tunnel through VPN.

      I just added delay in order it to work, but I agree it should be resolved in a better way.

Leave a Reply