Bug in 6.37.1 x86 - L2TP disconnecting after 176 MB downloaded

zojka · November 6, 2016, 5:02pm

Hi,

I found bug in 6.37.1 with L2TP/IPsec and probably PPTP connection but i’m not sure.
I use MT x86 (6.36.3) and after upgraded to 6.37.1 my clients have started inform me that L2TP/IPsec connection is disconnected after 10-15 min. They use default VPN connection on Windows 7 and 10
I checked that and i noticed that L2TP connection was disconnected after 176-178MB downloaded. It happened on 5 VPN servers (x86) in different locations, after made upgrade.
I use also CHR on x86 and in 6.37.1 i had the same problem with L2TP connection

I came back to 6.36.3 and problem doesn’t occur

Can anyone else confirm that ?

pe1chl · November 6, 2016, 7:31pm

I use 6.37.1 on CCR and I cannot confirm that.

laca77 · November 9, 2016, 8:53am

Zojka: may be a related config part would be great for the devs to build up your environment and try to it out.

milo9 · November 29, 2016, 8:57pm

Hi, I had the same problem with current releases. I was unable to transfer some large file over L2TP, it stopped working at around 175-180 MB. I have tried to downgrade to 6.36.3 and now it works fine and stable…

Usually I am not transferring large files over VPN, so I am not sure, since what version this problem occurs.

Client is W10.

computerjlt · December 29, 2016, 9:56pm

I’m having the same problem on 6.37.3 and 6.36.4…

all settings are pretty box standard except for the port knocking sequence to add external ip to a white list. I use vpn on my wifi from my laptop as to not have to mix wifi and lan traffic

computerjlt · December 29, 2016, 10:36pm

6.36.1 has same issue. used W10 and W7.

Enabled fast path no change.

pe1chl · December 29, 2016, 10:44pm

Apparently only when connecting from Windows, as I see no issue at all between MikroTik routers running 6.37.1, 6.37.3 and 6.36.4.
(central router is a CCR, connecting routers are RB951, RB2011)

computerjlt · December 30, 2016, 2:24pm

any ideas what could be causing this?

pe1chl · December 30, 2016, 2:42pm

There are many bugs possible in everyone’s IPsec implementation (I presume you use IPsec below L2TP as Windows normally does that),
and when interworking between two implementations, it is often difficult to say whose fault it is when it does not work OK.
(Of course, the de-facto situation is that when it does not work against Windows it is the other side’s task to fix that with a workaround)

Sometimes you can work around issues like this in the configuration, e.g. by setting some different lifetime/lifebytes in this case.

BartoszP · December 30, 2016, 2:57pm

Being curious … why not to upgrade to 6.37.3 ?

pe1chl · December 30, 2016, 3:26pm

Read the thread: that does not fix it for those that have the problem. Going back to 6.36.3 appears to fix it.

overgules · January 1, 2017, 11:48pm

Quick answer: in version 6.38rc52 l2tp/ipsec works fine.

I investigated this problem. It appears after Windows client decide to change phase2 SA.
Client==>Mikrotik SA, comes up normal.
Mikrotik==>Client SA, don`t comes up.
After this L2TP stop sending/receiving hello packets and broke up.
FYI Windows 10: Lifetime 60min; Lifebytes 100000KB

emils · January 2, 2017, 9:01am

This issue is fixed in 6.38rc. There was an issue with new SA establishment when life-bytes value is reached.

computerjlt · January 10, 2017, 9:16pm

This seems to be fixed in 6.38!

Thanks for the reply emils!