Hello, I tried searching the forums for someone with similar problem but couldn’t find anyone that came up with a solution.
So we have Mikrotik RB1100AHx4 that is on v6.49.2 and we have OVPN set up on it. We also have IPsec tunnel to one of our clients locations set up.
So everything worked fine until month and a half ago. It would randomly stop accepting connections from OpenVPN Connect (tried both older and newer than v3.0 for the client).
I have logging enabled for ipsec and ovpn with debug going to disk and ovpn logs show nothing. No new connection attempt, no connection blocked, literally nothing related with ovpn when this happens. Like no traffic is comming to the router related to ovpn, but also no reject entries from firewall. IPsec logs on the other hand show the connection between us and clients location and that works fine. Only when I restart our router does the ovpn start to work again and 9/10 it accepts connections just fine. But last time it happened it refused to work for about 4h even with restart.
This happened on the mains power so first I switched it to UPS just to eliminate some power fluctuations but alas it did not help.
We do have IP providers router in front of ours but that works just as a bridge and I’m waiting to hear from them if their logs show anything.
The mind boggling thing is that this config worked just fine for 3+ years and only started acting up at the end of October. I also bought a new router, matched the firmware to the old one, copied the config manually and nothing, same problem after a week. So it’s not a hardware fault of the router.
At this point I exhausted my options and am hitting a wall. Any help with this and what direction I should go to look for next would be greatly appreciated. The fact that new router didn’t fix the problem only tells me that it’s either some bug in firmware that manifested now (hard to believe that it would work flawless for years) or that maybe it’s a fault with my providers equipment. It’s just such a specific problem that’s hard to pinpoint to something without any help from logs.
Edit:
So when this happens, active connections remain active, just new ones can’t be established.
Here is the redacted config related to ovpn:
/ppp profile
add dns-server=1.1.0.1,8.8.8.8 local-address=OpenVPN-SerengetiPool name=\
OpenVPN remote-address=OpenVPN-SerengetiPool use-encryption=required
add dns-server=1.1.0.1 local-address=OpenVPN-BackupPool name=OpenVPN-Backup \
remote-address=OpenVPN-BackupPool use-encryption=required wins-server=\
8.8.8.8
/interface ovpn-server server
set auth=sha1 certificate=CA-Server cipher=aes256 default-profile=OpenVPN \
enabled=yes netmask=16
/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile=default
client config:
client
dev tun
proto tcp-client
remote (our address)
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca CA-Certificate_new.crt
cert User-Cetificate_new.crt
key User-Cetificate_new.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache
redirect-gateway def1
I know there is a type-o in certificate name but this config is set up like that and stopped working randomly so all was entered correctly.
I did get a new error in logs today
Dec/04/2024 12:21:50 ovpn,info : using encoding - AES-256-CBC/SHA1
Dec/04/2024 12:22:27 ovpn,debug <xxx.xxx.xxx.xxx>: disconnected <peer disconnected>
Dec/04/2024 12:22:27 ovpn,debug listening again for incoming connections
Dec/04/2024 12:22:27 ovpn,info TCP connection established from xxx.xxx.xxx.xxx
Dec/04/2024 12:22:27 ovpn,debug no more listening for incoming connections: too busy
Dec/04/2024 12:22:27 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=9eaab3acb63e7cfc pid=0 DATA len=0
Dec/04/2024 12:22:27 ovpn,debug <xxx.xxx.xxx.xxx>: disconnected <peer disconnected>
Dec/04/2024 12:22:27 ovpn,debug listening again for incoming connections
Dec/04/2024 12:22:27 ovpn,info TCP connection established from xxx.xxx.xxx.xxx
Dec/04/2024 12:22:27 ovpn,debug no more listening for incoming connections: too busy
Dec/04/2024 12:22:27 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=92cfaa6a3e253fee pid=0 DATA len=0
Dec/04/2024 12:22:27 ovpn,debug <xxx.xxx.xxx.xxx>: disconnected <peer disconnected>
Dec/04/2024 12:22:27 ovpn,debug listening again for incoming connections
Dec/04/2024 12:22:27 ovpn,info TCP connection established from xxx.xxx.xxx.xxx
Dec/04/2024 12:22:27 ovpn,debug no more listening for incoming connections: too busy