Hello, I have been having problems for about 2 years with CHR-AWS.
Come on, I'll try to explain my senario and the problems.
I currently have 3 SSTP servers behind an LB-AWS running OSPF, but the problem has persisted since I had only one and we used PPtP-server.
Manage 2.5k media SSTP active connections between these 3 servers,
interface flow is no more than 10 ~ 20Mbps.
average processing of 30 ~ 50%.
Free memory 80 ~ 90%.
HD 96% free.
The sstp clients arrive at LB-AWS and connections 443 are re-assigned to one of the available CHR instances (SSTP-SERVER).
I have already contacted Mikrotik support "SUP-12588" in the past we sent (.rif), but the answer I had was very vague and extremely shallow, apparently it seems that it was an intern who answered.
We monitor everything! *** Simply the host (s) stop responding on port 443 SSTP-server. I can even access via wibox normally, even restarting only the SSTP-Server service, it does not come back!
There were several attempts, countless analyzes and all without attempts were unsuccessful.
1 - Upgrade the instance with more memory and CPU
2 - routeros update
3 - we did traffic engineering to analyze the flow and apply the rules (AWS and IP / Firewall / Filter)
4 - change MTU, etc.
5 - we split the load between 2 and 3 instances
6 - we disable all unnecessary packages (wireless, hotspot, mpls, ipv6, etc.).
7 - We disable all services (api-ssl, ftp, telnet, www, www-ssl, bandwidth-server, etc.)
8 - We changed the protocol from pptp to sstp.
9 - we tested several types of configuration, authentication (mschap2, mschap1, pap, chap) TLS version, PFS, etc.
10 - Change UPNP, MSS,
11 - In sstp profile (use compression), etc.
The only solution so far is Stop the instance, that's right "Stop", (restart does not work), after stopping the machine and starting again, everything goes back to normal.