OVPN Server automatically creates interface

RouterOS General
1

I use OVPN connection (RB951 on both sites). On server site I manually created interface named ovpn-client1. Typically, when client makes connection, interface on server site become active and all is OK.
But sometimes server automatically creates interface called (with brackets) and use it instead manually created ovpn-client1 (without brackets). How to prevent this?

Example:
Client log
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: terminating… - nothing received for a while
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: disconnected
Jul/26/2014 17:11:50 memory ovpn, info ovpn-client1: initializing…
Jul/26/2014 17:11:50 memory ovpn, info ovpn-client1: connecting…
Jul/26/2014 17:12:01 memory ovpn, info ovpn-client1: using encoding - BF-128-CBC/SHA1
Jul/26/2014 17:12:02 memory ovpn, info ovpn-client1: connected
Jul/27/2014 17:12:05 memory ovpn, info ovpn-client1: terminating… - nothing received for a while
Jul/27/2014 17:12:05 memory ovpn, info ovpn-client1: disconnected
Jul/27/2014 17:12:15 memory ovpn, info ovpn-client1: initializing…
Jul/27/2014 17:12:15 memory ovpn, info ovpn-client1: connecting…
Jul/27/2014 17:12:18 memory ovpn, info ovpn-client1: using encoding - BF-128-CBC/SHA1
Jul/27/2014 17:12:18 memory ovpn, info ovpn-client1: connected

Server log:
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: terminating… - nothing received for a while
Jul/26/2014 17:11:39 memory ovpn, info, account client1 logged out, 1221 20200 13965 167 184
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: disconnected
Jul/26/2014 17:11:50 memory ovpn, info TCP connection established from (IP address)
Jul/26/2014 17:12:01 memory ovpn, info : using encoding - BF-128-CBC/SHA1
Jul/26/2014 17:12:01 memory ovpn, info, account client1 logged in, 10.10.60.2
Jul/26/2014 17:12:02 memory ovpn, info ovpn-client1: connected
Jul/27/2014 17:12:16 memory ovpn, info TCP connection established from (IP address)
Jul/27/2014 17:12:18 memory ovpn, info : using encoding - BF-128-CBC/SHA1
Jul/27/2014 17:12:18 memory ovpn, info, account client1 logged in, 10.10.60.2
Jul/27/2014 17:12:18 memory ovpn, info : connected
Jul/27/2014 17:12:21 memory ovpn, info ovpn-client1: terminating… - peer disconnected
Jul/27/2014 17:12:21 memory ovpn, info, account client1 logged out, 86420 3728595 1150037 18900 15199
Jul/27/2014 17:12:21 memory ovpn, info ovpn-client1: disconnected

2

I know this is no consolation, but it happens to other PtP server bindings too, e.g. PPTP.
The conditon for this to happen is as follows:

  • connect the VPN client
  • kill the client (and I mean kill, not disconnect. e.g. power cycle the client router)
  • reconnect the client before the previous server connection times out.
    And here you have it.
3

I also use OVPN on two RBs. I’ve never created a manual ovpn-client interface. It’s all done by the RouterOS. And it works, it works quite stable actually.

4

Thanks dokmarius,
I think too the sequence is similar:

  • Client terminated connection (17:12:05 ovpn-client1: terminating… - nothing received for a while)
  • Server doesn’t see this and keeps old connection!
  • Client initiated reconnecting (17:12:15 ovpn-client1: initializing…)
  • Server accept new connection (17:12:18 : connected), but old connection exist and server creates dynamically new interface
  • Timeout on old connection (17:12:21 ovpn-client1: terminating… - peer disconnected)

I tried testing this – reset routers, switches, unplug cables, etc. All works perfect! If connection lost, client reconnected to server correct. I couldn’t repeat this manually.
I’m testing connection 24/7. This happens rarely, maybe once on week. The client is connected to internet by 3G router. I believe 3G connection temporary lost or slowed sometimes, although 3G router didn’t logged this.

About lz1dsb post – I created manually interface, because I have to add static routes. I don’t know another way to connect subnets behind routers. I tried this, but no success.

Thanks

5

Thanks dokmarius,
I think too the sequence is similar:

  • Client terminated connection (17:12:05 ovpn-client1: terminating… - nothing received for a while)
  • Server doesn’t see this and keeps old connection!
  • Client initiated reconnecting (17:12:15 ovpn-client1: initializing…)
  • Server accept new connection (17:12:18 : connected), but old connection exist and server creates dynamically new interface
  • Timeout on old connection (17:12:21 ovpn-client1: terminating… - peer disconnected)

I tried testing this – reset routers, switches, unplug cables, etc. All works perfect! If connection lost, client reconnected to server correct. I couldn’t repeat this manually.
I’m testing connection 24/7. This happens rarely, maybe once on week. The client is connected to internet by 3G router. I believe 3G connection temporary lost or slowed sometimes, although 3G router didn’t logged this.

About lz1dsb post – I created manually interface, because I have to add static routes. I don’t know another way to connect subnets behind routers. I tried this, but no success.

Thanks

6

That’s an old post but anyway. I haven’t figured out a convenient way to monitor the threads.
I’ve also started using static interfaces on OVPN, it’s how I can control the settings of the routing protocol I run over that link. It’s quite useful, before I didn’t know about that option.

7

I also noticed that in a long run, the OVPN connection breaks down…

8

Try to select “only one” property on server PPP profile.
Also see this topic:
http://forum.mikrotik.com/t/preventing-dynamic-temporary-vpn-interfaces/78486/1
For me this works fine.