I’m testing out the UDP-port in Mikrotik. It’s supposed to be working since 7.x.
But I run into some issues with it.
Running Opnsense as VPN-server and Mikrotik as a client I get the following issues.
If I have a OpenVPN running on TCP it works but as soon as I set it as UDP I get “Connection established” but it doesn’t connect.
If I reboot opnsense it connects, sometimes but not always. And if I disable the client in Mikrotik and enable it again it never connects again.
On the server side I get this error: Unroutable control packet received from [AF_INET6]::ffff:IP-removed:48055 (via ::ffff:IP-removed%em0) (si=3 op=P_CONTROL_V1)
From googling I get clock issues. But the clocks are correct .
When I change it back to TCP it works every time, all the time .
Firewall checked!
MTU tested on both 1500 and 1400, same result.
Connection from Windows or Android tested, works perfectly on both TCP and UDP with the same .ovpn file.
Clocks match on both sides.
Anyone with any explanation here?
I have attached pictures from Winbox
Where are your devices in relation to each other (e.g.: LAN for testing purposes, or, 1 local and 1 VPS, or, 2 VPS)? Does each end have a static Internet routable IP (not an IP in the private ranges)? Does either end have an Internet connection that runs through NAT (or, worse, CG-NAT)?
–
Backups are your friend. Always make a backup!
/system backup save encryption=aes-sha256 name=MyBackup
Please, export and attach your current config to your post if you want help with a config issue:
/export hide-sensitive file=MyConfig/export file=MyConfig
The suggested workaround for waiting 30 seconds before new connection attempt works, but it doesn’t seem sustainable.
I don’t see this issue while connecting from other clients.
The OpnSense VPN server is a VPS with a static IP-address located in Finland.
The Mikrotik is a router with dynamic IP-address. Neither of them runs through NAT, both have their own public interface.
I have the same issue with static IP-address on both sides. I have tested to setup a test version of OpenVPN but get the same issues.
I have not tested with PfSense or Mikrotik-Mikrotik yet .
With no experience on the issue at hand (I ditched ovpn years ago when ros 7 started to take forever and tik ovpn udp support with it), I have a feeling that this could be firewall related.
Double check ports, accept and drop rules and try packet rules instead of connection rules. UDP connection marking isn’t 100% reliable in my experience.
I really can’t get this working. It’s a bit of shame on me here. I wrote to Mikrotik and they can connect with udp ports without any issues but I suspect that they use a Mikrotik as server as well as the client. Like I said, I’m using Opnsense as server but I have tested with pfSense and a installed version of Openvpn on a Ubuntu server and I get the same issues on all of them.
I haven’t tried with Mikrotik as server yet though.
If I set it up in opnsense as before, setup everything in Mikrotik it will connect after about 3 minutes byt itself.
If I then disable the VPN in the Mikrotik or on opnsense and enable the tunnel again it will connect again after about 3 minutes.
Mikrotik only says “Link established” during this wait.
Meanwhile the log in opnsense logs: TLS Error: Unroutable control packet received from… about once a second for 3 minutes and then everything connects and works properly.
If it disconnects for any reason it will start over with TLS Error: Unroutable control packet received from for about 3 minutes and then everything connects and works again.
.
.
