Community discussions

MikroTik App
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

PPTP client does not go down when idle

Fri Apr 30, 2021 6:06 am

Dear Colleagues,

I have a PPTP client configured with dial-on-demand and idle timeout (see below). Dial-on-demand works, but for some reason the pptp-client interface does not go down when there is no traffic to the hq. I expect it to go down after 10 minutes of inactivity. What am I missing?

I can bring the interface down manually (disable/enable), and it will stay down until there is some traffic destined to the hq. But i won't go down by itself when there is no traffic.
/interface pptp-client print 
Flags: X - disabled, R - running 
 0  R name="hq" max-mtu=1450 max-mru=1450 mrru=disabled connect-to=x.x.x.x user="xxxxxxxx" password="yyyyyyyy" 
      profile=default-encryption keepalive-timeout=60 use-peer-dns=no add-default-route=no dial-on-demand=yes 
      allow=pap,chap,mschap1,mschap2 

/ppp profile print 
Flags: * - default 
 1 * name="default-encryption" bridge-learning=default idle-timeout=10m use-ipv6=yes use-mpls=default use-compression=default 
     use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=default address-list="" on-up="" on-down="" 
 
nostromog
Member Candidate
Member Candidate
Posts: 226
Joined: Wed Jul 18, 2018 3:39 pm

Re: PPTP client does not go down when idle

Fri Apr 30, 2021 7:04 pm

I have seen it failing due to either /ip/cloud or /interface/detect-internet being active and polling the connection.

One way to find out what is keeping the connection up ise to use
/tool/sniffer/quick interface=<myvpn>
for a while to understand what is keeping it alive.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11968
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: PPTP client does not go down when idle

Fri Apr 30, 2021 11:09 pm

NTP?
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: PPTP client does not go down when idle

Sat May 01, 2021 9:34 pm

One way to find out what is keeping the connection up ise to use
/tool/sniffer/quick interface=<myvpn>
for a while to understand what is keeping it alive.
Thanks for the very useful advice about the packet sniffer. I've directed a TZSP stream of traffic to Wireshark and found out that it's OSPF hello packets from the remote side of the PPTP connection keeping the link up.
Last edited by vas on Sat May 01, 2021 10:05 pm, edited 1 time in total.
 
User avatar
vas
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Mon Jan 04, 2021 5:35 am
Location: Tomsk, Russia
Contact:

Re: PPTP client does not go down when idle

Sat May 01, 2021 9:38 pm

NTP?
OSPF hellos from the hq.

I wonder if I filter them out with the firewall, will they stop keeping the link up?

UPD. Hmm, this filter rule below should be already dropping them. correct? Is there anything else I can do (other than to persuade the hq admin to disable OSPF on the PPTP server interface)?
[admin@MikroTik] > /ip firewall filter print chain=input 
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; defconf: accept established,related,untracked
      chain=input action=accept connection-state=established,related,untracked 

 1    ;;; defconf: drop invalid
      chain=input action=drop connection-state=invalid 

 2    ;;; defconf: accept ICMP
      chain=input action=accept protocol=icmp 

 3    ;;; defconf: accept to local loopback (for CAPsMAN)
      chain=input action=accept dst-address=127.0.0.1 

 4    ;;; defconf: drop all not coming from LAN
      chain=input action=drop in-interface-list=!LAN 
[admin@MikroTik] > 
 
nostromog
Member Candidate
Member Candidate
Posts: 226
Joined: Wed Jul 18, 2018 3:39 pm

Re: PPTP client does not go down when idle

Wed May 05, 2021 5:05 pm

UPD. Hmm, this filter rule below should be already dropping them. correct? Is there anything else I can do (other than to persuade the hq admin to disable OSPF on the PPTP server interface)?
I don't think you can do much about what the other side sends. If you know the kind of legitimate traffic you are expecting, you could try a script that would run periodically and kills the connection if it can't find "good" traffic... and expect that the other processes will start again as needed. But all a bit clumsy.

Who is online

Users browsing this forum: GoogleOther [Bot], haedertowfeq, JDF, mozerd, mtest001 and 48 guests