I have OpenVPN server interface in Mikrotik with PPP username specified in it, so that when this user dials in, his connection automatically gets assigned to this interface.
The problem is that sometimes user dials in and his connection stays dynamic (i.e DR ), never gets assigned to OpenVPN server interface. Any suggestions?
Cheers,
Mir
update:
Just realised that this is happening because old connection to OpenVPN server Interface does not get reset after user loses connection and Mikrotik still thinks that user is connected to that interface, that’s why when user tries to re-connect he only gets dynamic interface.
So my question is why, even if you are disconnected, Mikrotik thinks that someone is still connected to that interface?
This is happening for both, Linux and Windows clients including Mikrotik to Mikrtoik tunnels.
If user is not disconnecting properly, unexpected reboot, killed ovpn client etc.
Then there is no way server would know that client is no longer available. To fix the problem adjust keepalive-timeout value and set only-one=yes in ppp profile used by ovpn server.
I have done as you have suggested (enabled keep-alive feature in Ovpn server settings)
Straight after I did that, all VPNs have dropped.
I have disabled keepalive but VPN did not come back up.
Rebooted Mikrotik, works fine again.
I will try again this evening.
Thanks again for the answer.
M
update
Last night I have changed keepalive setting in winbox by going to: “PPP–>Interface–>Ovpn Server” this caused Ovpn server crash.
This time I have done it via command “ppp profile set only-one=yes seapoint_openvpn_ser
vers_profile” as suggested. Will keep my eye on the result, thanks again for suggestion. update2
Also in profile settings enabled idle-timeout so that if connection is not active (ie ghost connection), Mikrotik will kill it. http://www.mikrotik.com/testdocs/ros/2.9/guide/aaa_ppp.php
still have the same problem. When I close openVPN client not properly, or I lose internet connection, I can not reconnect again as Mikrotik still thinks that I am connected.
Is there a way to tell Mikrotik to kick existing connection if the user is trying to connect with the same user name? It think its logical.
I know it has been quite a bit of time but did you ever get this resolved? I have the same problem with a station to station configuration. When the internet drops, the ovpn server does not drop and reset. I have to reboot the router each time.
PPP Profile - Set profile to only one Connection at a time
About ghosting users…i didnt find a good way to solve this problem but i set a script that remove the ghosting session
You can find all ghosting session in /ppp/active
Look for session with no Encoding
So i create a script that check all time (OpenVPN)
/ppp/active remove [find service=ovpn encoding=“”]
And set up a Schedule to run this script every minute
Sorry for any mistake. My english is a work in progresss