Something broke in 7.19.1. My sstp started crashing periodically. The only thing that helps is reducing the keepalive timeout. Older devices with router os 7.18.2 work stably.
Send a supout report to MT on their support page…
We have seen the same instability running 2 CCR2116-12G-4S+ routers with ROS 7.19.1 in a data center environment. Prior to updating our routers with ROS 7.19.1 we had run for 6+ months with ROS 7.16.1 without any issues.
In our environment the CCR2116 devices (one primary and the other is backup with VRRP between them) run the SSTP-SERVER and 2800+ SSTP VPN connections from about ~2500 951G-2Hnd and ~300 hAP ax^3 devices run the Mikrotik SSTP-client. Since we updated on May 28 (~7 days ago) we have experienced 3 failures where most or all of the SSTP VPN connections have been terminated. A script in the primary router monitoring the number of active VPNs automatically triggers a VRRP failover when we lose 500 or more VPNs from the Mikrotik devices in a short time. During that time interval (2-3 minutes) during which the VPNs terminated there have been no network issues.
After the failover in which the backup router takes over and the primary reboots itself, only about 80-90% of the remote devices reconnect to the server. The remaining 10-20% of the devices indicate the sstp-client connections are ‘terminating’ and will require either a disconnect and reconnect of the ether1 interface (used by the VPN connection) or a power cycle to again reconnect to the data center routers running the SSTP server . After this action is completed (which unfortunately requires an on-site visit to accomplish) the VPN sstp clients on the remote devices immediately reconnect its VPN to the data center. While running ROS 7.16.1, on the few occasions we had a planned outage, all of the SSTP client devices successfully reconnected to the data center without manual intervention.
Overnight tonight we plan to downgrade to ROS 7.16.1
on a RB5009 with Firmware 7.18.1 or 7.19.4 SSTP was unstable with Windows Client.
Disable AES256-GCM-SHA384 on SSTP Server helps