After upgrade 6.39.2 -> 6.40.4 my ovpn interface become a default one

norlin · October 16, 2017, 10:41am

Hi,

Sorry for a newbie post, I don’t really know how those things are working.
For a long time, I had that interfaces scheme:

bridge-local
ether1-gateway (1st wan, disabled, backup ISP)
ether2-gateway (2nd wan, enabled, main ISP)
ether3-master-local
ether4-slave-local
ether5-slave-local
ovpn interface
wlan1

Also I have some firewall rules/mangle/etc to filter traffic by address list to the ovpn, while by default traffic goes directly to my ISP

After upgrading to 6.40.4 I have found all the traffic tries to go through my ovpn interface and stuck there (traceroute shows router ip → ovpn ip and stops there)

If I disable my ovpn interface, everything works good (but vpn).

Disabling Firewall rules don’t affect anything in that context.

And I have no idea what to check and how to fix it nor which conf info should I provide here for a help.
Downgrade to 6.39.3 didn’t helped (before all of that I was on 6.39.2, but I can’t find a way to downgrade to it…), as well as upgrade to release candidate version ( v6.41rc44).

norlin · October 16, 2017, 6:42pm

I believe there is something wrong with default routes:

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 X S  ;;; VPN unblock
        0.0.0.0/0                          norlin.guru               1
 1 ADS  0.0.0.0/0                          188.32.224.1              1
 2 ADC  0.0.0.0/1          10.8.0.99       norlin.guru               0
 3 ADS  10.8.0.0/24                        10.8.0.1                  1
 4 ADC  188.32.224.0/19    188.32.246.3    ether2-gateway            0
 5 ADS  192.168.88.0/24                    10.8.0.1                  1
 6 ADC  192.168.99.0/24    192.168.99.1    bridge-local              0

where “norlin.guru” is my ovpn interface with network 10.8.0.*

And those are automatically created routes which I can’t edit. And for some reason all trafic goes into ovpn by default

norlin · October 17, 2017, 10:28am

After downgrade to 6.39.2 and restore the config backup teh issue is gone and here is how my routes table looks:

 0 A S  ;;; VPN unblock
        0.0.0.0/0                          norlin.guru               1
 1 ADS  0.0.0.0/0                          188.32.224.1              1
 2 ADS  10.8.0.0/24                        10.8.0.1                  0
 3 ADC  10.8.0.1/32        10.8.0.99       norlin.guru               0
 4 ADC  188.32.224.0/19    188.32.246.3    ether2-gateway            0
 5 ADS  192.168.88.0/24                    10.8.0.1                  1
 6 ADC  192.168.99.0/24    192.168.99.1    bridge-local              0

Also after new try to upgrade to 6.39.3 the issue happens again, so it’s broken in the “bugfix only” branch.

emils · October 17, 2017, 10:35am

When running the affected version, please disable and enable the tunnel, generate supout.rif file and send it to support@mikrotik.com. We will see how we can resolve the issue.