sstp/pptp stops working frequently

kosztyua · January 17, 2013, 10:33am

Hi,

Sent this to support, posting here too:

I’ve been running ovpn, pptp and sstp servers for a while now, using 5.22 since it was released. Recently on one of the servers sstp stops working after a while: it does not accept new connections, but the ones made earlier work fine. I have to restart the sstp server every few hours. The only thing changed in the last month was changing to a new radius server, accessed through ovpn instead of directly. Please recommend a solution or fix it.

And today updated it with: it’s not only sstp but pptp as well

Please help me fix this.

Thanks,
Andras

kosztyua · January 17, 2013, 12:31pm

PPTP is giving error 807. After restarting the daemon it works fine.

Also, as I actively monitor when it goes bad, it seems it cannot hold for more than a few minutes.

DESPERATELY NEED HELP, my customers are constantly nagging - rightfully.

kosztyua · January 17, 2013, 5:07pm

OK I have removed the new radius and added back the original one and for one hour it has been working fine. BUT WHY?
I mean earlier when it stopped working, pptp went to error 807, it didnt even send radius requests, it refused earlier.
Also, if this solves the problem, there is a new one: i really dont feel well having cleartext passwords flowing in the wild nets.

lambert · January 17, 2013, 9:47pm

Do any RADIUS packets arrive at the RADIUS server when they are sent via the OVPN tunnel? If so, do they arrive with a source address that the RADIUS server is expecting? Or are they instead sourced from the OVPN tunnel end-point IP on the MikroTik? You may need to set the src-address for the RADIUS server definition on the MikroTik.

It is possible that the MikroTik tries RADIUS authentication a few times. The RADIUS server refused to reply to the requests because it doesn’t recognize the src-address . The MikroTik then declares the RADIUS server dead. The MikroTik could then decline to send any more radius requests to that server for some amount of time.

I am not intimately knowledgeable about MikroTiks’s RADIUS implementation. I am only hypothesizing here.

kosztyua · January 18, 2013, 8:36am

Thank you for the reply!

Yes ofc I set the source address for radius, I dont want cleartext passwords flying in the air And most of the time, also after restarting the pptp/sstp daemon, it is working fine.
However, the later might be true anyway (radius server is now in cloud, maybe it slows down from time to time and timeouts), so I reset the stats and see what happens.

kosztyua · February 7, 2013, 3:08pm

bump

Problem still not solved. Awaiting answer from support too, seems they went the wrong way as they asked me last time the radius version I use. The problem is not with radius, as OVPN continues working fine, only PPTP and SSTP stops working, the daemon itself on the 'tik.

normis · February 11, 2013, 10:05am

could you please test RouterOS v6rc9? We have made some changes and improvements in v6 that could help.

kosztyua · February 17, 2013, 10:03pm

Upgraded the affected router to ros 6rc9 earlier today, so far it is holding up, will keep testing. Thank you!

jaytcsd · February 19, 2013, 4:48pm

kosztyua - Are you using the windows 7 sstp connection from a PC or MikroTik to MikroTik?
I have not found a working example for a windows 7 client.