Hello everyone,
Just spent 2 hours trying to resolve a problem that ocurred for the second time in my life. Here’s my scenario:
1 x RB running a OVPN Server working for years with several clients (other RBs and Windows clients) - Server network: 192.168.0.0/24 - Server IP on the VPN: 1.1.1.254
1 x RB running a OVPN Client, like many others, but this one a few months ago gave me this problem - Client network: 192.168.15.0/24 - Client IP on the VPN: 1.1.1.15
2 x OVPN Windows clients (under the same local network - a user’s home) that failed today - Home network: 192.168.100.0/24 - Clients IPs on the VPN: 1.1.1.116 and 1.1.1.117
Both clients on the scenario are under a questionable internet provider.
The server always work as expected and during all the procedures below he was running with other clients connected and the company network was fine, therefore I conclude it was not a server or company config problem.
A few months ago this one RB client was running fine, but the PC under it’s network wasnt. The refered PC was with some kind of network problem where I wasnt able to ping to some VPN addresses from him. I couldn’t ping to 192.168.0.3 (DNS server, causing all the navigation to fail), or 192.168.0.201 (an app server), but he was fine pinging to 192.168.0.151 (a Windows 10 machine on the server’s network) and other addresses. Back then I didnt paid attention to the OS on the other devices that gave me ping responses. On the RB that controled that network (the RB client) it was all working, all pings and traceroutes working, the problem apparently was on the windows machine under her.
After much work the problem was solved when I enabled “Allow remote requests” on IP > DNS of the RB client. But then I disabled it and it kept working forever. Very weird, I dont think it was the cause.
And today, the same problem happened with those 2 Windows clients (7 and 10). This time there wasnt a RB controlling their network therefore I couldn’t replicate the solution. Tried many things and then I’ve rebooted the RB Server, and that solved the problem. Today I’ve noticed the pings returned from Windows 10 machines, and failed for Windows Servers, don’t know if can be related. All of them have firewall disabled and a Kaspersky running, which were disabled during the tests and didnt make any difference.
As I said, both clients have a not so good internet, but in both cases the internet worked fine with the VPN disconnected, and I could ping some VPN addresses (both from 1.1.1.0/24 and 192.168.0.0/24).
My guess: Some kinda of cache on the RB that was preventing the pings (and any other package) from the problematic clients to go through the VPN Server, I could see the packages getting to the interface but no response came.
My question: where can I see such type of caches of the OVPN Server on the RouterOS? Something that I could have missed to properly fix the problem intead of rebooting (always work but is kinda dissapoiting to not know the real reason, and also give much trouble disconnecting all other clients).
Or if you guys have any other guesses, I’ll aprecciate any suggestion or discussion on that matter.
Thanks all!