on ETH1 I have my main wan interface that is connecting to internet through my Italian ISP provider EOLO with pppoe credentials
on the USB interface I have an LTE USB KEY with IP 192.168.8.1
then I have multiple 0.0.0.0/0 routes, the first one for the main interface with distance 2 and pppoe as gateway, and the second one for backup connection with distance 1 and 192.168.8.1 as gateway.
The idea is to manually insert the usb key when the main ISP is failing to guarantee a backup connection, and this is working as expected.
Problem is that I have an L2TP client on this router that is connecting to another mikrotik in the main office, this is very stable and fast even with the LTE USB KEY, but after some hours it randomly disconnects and I need to reboot the mikrotik(on client side) to fix the issue. This doesn’t happens with the main WAN interface, only with the USB KEY. Any suggestion to fix this? I feel like that this happens when the LTE connectivity goes down for some seconds or becomes too slow(in example due the BTS congestions) and the public ip changes, so something gets stuck in the firewall’s connections and prevents the vpn from returning back.
This is very important for me, cause the main provider will not work anymore in the next mounths due commercial reasons, so we are using only the LTE interface now(that has a
flat data plan). For the moment the fix is a script to reboot the router every 4 hours, in this way the VPN is always up, but obviously this is not a good solution.
Few suggetion can be used but maybe the simples one with Tools > Netwatch who can monitor your vpn connection and if it offline then do a usb-power-reset - not reboot whole ROS.
Other way is check why you not have internet… when the offline is active then you can ping 192.168.8.1? Access the webgui of 192.168.8.1? Do tracert and check if are any host after 192.168.8.1? Do upgrade of LTE modem? Select other Band who will be more stable? Check UMTS/3G/HSDP+? … as you see - you can do many stuff to diagnose the LTE USB modem and try do more stable connection.
First of all, thank you for the netwatch suggestion, this is very useful, but I can tell you that unplugging and then replugging the usb key will not fix this, the only way is to reboot the entire ROS. when the offline is active then you can ping 192.168.8.1?
I can ping the LTE modem and everything is working, I can surf internet and do all my stuffs.. the LTE is very stable, the only problem is the L2TP that won’t reconnect after some hours.. I think that there is some kind of firewall connection/instance that stucks the VPN in some cases.
This means you should check the Conntrack and remove sticky connection/sesstion with your l2tp server.
Disable L2TP Client
WinBox: IP > Firewall > Connections >> Filter traffic by “Dst. Address” = IP your L2TP Server >> ctrl+a and nest Delete
Enable L2TP Client
this will work?
When the problem exist you can check the Tools>Torch at ether1-wan1 interface and filter by L2TP Server IP and check if Tx have got Rx too.
In Firewall > Connection you can check ports and IP addresses to find problem like comminication is done from wrong Public IP bcs. you have it many - only example.
In Tools>Sniffer you cna check on what interface’s your traffic is still stuck.
Thank you so much @SiB ,
Filter traffic by “Dst. Address” = IP your L2TP Server fixed the issue, so mixing this with netwatch is the solution.
But I also noticed that if I increment the timout field in my L2TP client from default 60 to something like 300 makes sure that the vpn no longer stucks. So the combination of those 2 is fully stable solution for my setup.