Recently I’ve been running into a recent issue with one of our CCR’s.
Randomly the router would stop forwarding ICMP packets through the router. I’d get about 100+ nagios alerts that certain hosts behind the router were showing as down. After further investigation everything was actually online, but I could not get ICMP to pass to or through the router so our monitoring server was showing as down.
Thinking it was a software issue I upgraded to the latest release 6.29.1… The problem seems to have changed, or I just noticed the fact the PPTP/GRE traffic is also effected. With 6.29.1, the ICMP problem appears, but seems to resolve itself after a short period of time, but PPTP/GRE will not finalize the connection to its endpoint until the CCR router is rebooted. Mind you the PPTP Server is not on this router but downstream from it. So all customer PPTP traffic was effected. It may have included other protocols, I just noticed the PPTP/GRE VPN’s.
Further troubleshooting would show the PPTP connections would get to the verifying user/pass state and then die.
PPTP Debug logs would show:
TCP connection established from host
rcvd Start-Control-Connection-Request
sent Start-Control-Connection-Reply
rcvd Outgoing-Call-Request
LCP lowerup
LCP open
sent Outgoing-Call-Reply
LCP timer
sent LCP ConfReq id=0x1 … this would continue about 7 times.
I rebooted the CCR and the PPTP sessions went back to working normally…
There’s nothing in the firewall that would block either protocols, and as always the only fix is rebooting the CCR. Anyone else run into this issue?