Community discussions

MikroTik App
 
jkstill
just joined
Topic Author
Posts: 4
Joined: Wed Dec 28, 2016 12:16 am

KeepSolid VPN in router OS

Wed Dec 28, 2016 12:26 am

Setup:

Mikrotik Router, latest OS as of today - 6.37.3

DNS server locally from a server running dnsmasq
External DNS served from OpenDNS

Up until this time, everything has worked fine.

Yesterday I configured KeepSolid VPN into the router OS following these instructions:
https://www.vpnunlimitedapp.com/en/info ... tik-router

Mostly it works.

But, it is taking a long time to load some web sites.

Others do not work at all, such as github.com - it times out on windows, and spins forever on Linux in Firefox.

Running with lynx in linux, it gets stuck making the HTTPS connection.

Here is what I see from a TCP dump - lots of ARP requests

jks.com is the local internal domain.
oradns02 is the server where dnsmasq is running.

14:23:29.278667 IP 192.168.1.86.36196 > 192.30.253.112.https: Flags [.], ack 1, win 229, options [nop,nop,TS val 121933384 ecr 3453902430], length 0
14:23:29.290484 IP 192.168.1.86.36196 > 192.30.253.112.https: Flags [P.], seq 1:252, ack 1, win 229, options [nop,nop,TS val 121933387 ecr 3453902430], length 251
14:23:29.336121 STP 802.1d, Config, Flags [none], bridge-id 1000.00:41:d2:0b:5d:04.8035, length 43
14:23:29.578531 IP 192.30.253.112.https > 192.168.1.86.36196: Flags [P.], seq 2797:3591, ack 252, win 29, options [nop,nop,TS val 3453902505 ecr 121933387], length 794
14:23:29.578708 IP 192.168.1.86.36196 > 192.30.253.112.https: Flags [.], ack 1, win 241, options [nop,nop,TS val 121933459 ecr 3453902430,nop,nop,sack 1 {2797:3591}], length 0
14:23:31.336071 STP 802.1d, Config, Flags [none], bridge-id 1000.00:41:d2:0b:5d:04.8035, length 43
14:23:32.084388 ARP, Request who-has 192.168.1.86 tell 192.168.1.1, length 46
14:23:32.084402 ARP, Reply 192.168.1.86 is-at 08:00:27:0a:e1:cd (oui Unknown), length 28
14:23:32.084586 IP 192.168.1.86.56374 > oradns02.jks.com.domain: 4273+ PTR? 1.1.168.192.in-addr.arpa. (42)
14:23:32.085242 IP oradns02.jks.com.domain > 192.168.1.86.56374: 4273 NXDomain* 0/0/0 (42)
14:23:32.364855 ARP, Request who-has oradns02.jks.com tell 192.168.1.86, length 28
14:23:32.365234 ARP, Reply oradns02.jks.com is-at 60:a4:4c:af:75:f4 (oui Unknown), length 46
14:23:33.336241 STP 802.1d, Config, Flags [none], bridge-id 1000.00:41:d2:0b:5d:04.8035, length 43
14:23:35.336226 STP 802.1d, Config, Flags [none], bridge-id 1000.00:41:d2:0b:5d:04.8035, length 43
14:23:37.225373 IP office01.jks.com.17500 > 192.168.1.255.17500: UDP, length 199
14:23:37.225532 IP 192.168.1.86.59271 > oradns02.jks.com.domain: 46775+ PTR? 255.1.168.192.in-addr.arpa. (44)
14:23:37.226004 IP oradns02.jks.com.domain > 192.168.1.86.59271: 46775 NXDomain* 0/0/0 (44)
14:23:37.226143 IP 192.168.1.86.27252 > oradns02.jks.com.domain: 46057+ PTR? 58.1.168.192.in-addr.arpa. (43)
14:23:37.226742 IP oradns02.jks.com.domain > 192.168.1.86.27252: 46057* 1/0/0 PTR office01.jks.com. (73)

It looks like something is not right with DNS when the VPN is connected, but I really don't know what the problem is.

If I disable the VPN, everything goes back to normal.

KeepSolid support is not much help for this, they say it is my problem.

Thanks for any help you can offer.
 
Van9018
Long time Member
Long time Member
Posts: 557
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: KeepSolid VPN in router OS

Fri Dec 30, 2016 2:58 am

Does seem like a DNS issue.

Is your DNS server also going through the VPN?

Use nslookup on a problematic computer, try resolving IPs directly against OpenDNS. Do they resolve quickly? Then try with Google's DNS and compare. 8.8.8.8, 8.8.4.4

Try excluding DNS packets from going through your VPN.

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], ret411, SteveTasks and 133 guests