After upgrading to v6.45.1, no PPTP or L2TP/IPSec clients are able to connect to my router.
On the server router i can see the log entry of TCP connection stabilized from: xxx.xxx.xxx.xxx. On the customer site the ppt connection starts and keeps like waiting, them timeout.
Upgraded both routers to v6.45.1, but no progress after this.
Correct filter rules applied accepting TCP 1723, and GRE protocol for PPTP. For L2TP/IPSsec, accepting 1701, 500, 4500 udp, and ipsec-ah/esp.
Customers were connected before the upgrade, does anyone is having the same issue?
We have run PPPoE for 7+ years with router OS using RADIUS authentication and accounting.
We found after the upgrade to 6.45.1 we noticed that some TP Link clients, specifically:
TL-WR940N version 6.0
TL-WR841N version 11.1
which had been manually set from defaults in the IPv6 setup from DHCP to PPP were connecting for 26 to 27 seconds and then the PPPoE session disconnected with the RADIUS accounting recording the termination reason as “User-Request” . Client PPPoE sessions would start and stop continuously causing their Internet experience to be slow and require repeated browser reload requests to have browsing work at all.
Analyzing the RADIUS accounting database we found those clients had 0 sessions ending for “User-Request” cause in the days prior to the upgrade to 6.45.1 as their connection would stay up for days. The 27 second PPPoE sessions ending with “User-Request” occurred immediately after upgrading to 6.45.1 resulting in 1000-2000 PPPoE sessions per day.
We manually logged into the LAN side of these routers, clicked IPv6 Setup and disabled IPv6 the client. Then the router would then no longer auto reconnect PPPoE automatically even when set to connect “automatically”. We could click “connect” on the PPPoE client in the router web interface to get the PPPoE sessions to connect.
We reset a the router to defaults and the problem went away as the defaults have IPv6 turned on…using DHCP and not PPP.
After that we found if we simply go to IPv6 Setup and change from PPP to DHCP, saved that and rebooted the router…we confirmed the router would auto reconnect PPPoE automatically as it normally would.
After upgrading to v6.44.5 the problem persists, after playing with some firewall rules have noted that the issues is with GRE protocol. If you’re using mikrotik default firewall on the rules that you have the drops on input and forward you’ll need to add an exception for GRE protocol in order to make PPTP tunnels to work.
In my case that i use a firewall container with drops all input at the top, and at the bottom, and only the rules between this two drops are allowed have to filter GRE protocol on the drops of the invalid connections states.
Here an example for the ones that would like to try it out: