Hi all,

I have a client with a RB750G running his network for a while now.

In the last 2 months, the L2TP server has been playing up and I have no idea why. It will suddenly stop accepting connections until the RB is rebooted. It will then work again for any amount of time and then it may or may not stop again.

Ive got a script to update a dynamic hostname with WAN IP every hour or so in case of a change.
During these non connection times, I am able to ping either the hostname or WAN IP.

I have resorted to setting a script to reboot the RB twice a day (outside of work hours to avoid downtime) - but surely this cant be the answer!

Could it be a firewall rule doing this? If it was, surely that wouldnt allow the connection at all - not just sporadically.
I cant post the config now because I am currently locked out of VPN until the morning :/

Any suggestions?

Thanks!

Bump..

No one??

Hi

Few considerations:
* does a reboot always help / restore to working condition?
* is the duration of "uptime" variable or more-or-less consistent?
* have you tried same config with other hardware?
* have you tried identifying the issue once it has occurred?
* is it only vpn that goes down or also other networking functions?

Hi

Few considerations:
* does a reboot always help / restore to working condition?
9 out of 10 times it restores it, very rarely doesnt
* is the duration of "uptime" variable or more-or-less consistent?
No, can go days or weeks on end and then boom
* have you tried same config with other hardware?
No - but have identical setups elsewhere that dont have issues
* have you tried identifying the issue once it has occurred?
I cant seem to find anything that references it stopping
* is it only vpn that goes down or also other networking functions?
Only VPN functionality. Everything else still works perfectly

Thanks for the reply!

My answers in red above

I run L2TP/IPsec clients and servers on several different MikroTik routers and I have not seen this.
However, none of the servers has that "changing WAN address" and associated scripting.
So I would recommend to focus on that. Is it down after address change?

I run L2TP/IPsec clients and servers on several different MikroTik routers and I have not seen this.
However, none of the servers has that "changing WAN address" and associated scripting.
So I would recommend to focus on that. Is it down after address change?

Thanks - not a bad idea.

Im actually using MikroTiks own DDNS now so maybe Ill get rid of that script and then see what happens.

Ill also try pull the logs and post them.

If related it might be linked to the ip change itself, not how it is updated to a ddns server.

If related it might be linked to the ip change itself, not how it is updated to a ddns server.

Correct, that is what I wanted to imply. Not only the scripting is important but also the fact that the address changes.
Maybe it could be worked around by disable/enable the L2TP server when an address change is detected....

VPN has stopped responding again,

Now I am getting entries in logs like so:

respond new phase 1 (Identity Protection)

Hangs on this for a while until the connection crashes and then:

phase 1 negotiation failed due to time up

Are the addresses in those logs correct?

It does seem like they are,

I just updated from 6.40.5 to 6.41

Will keep an eye on it and see what happens, if it stops working will check logs again....

It does seem like they are,

I just updated from 6.40.5 to 6.41

Will keep an eye on it and see what happens, if it stops working will check logs again....

hi
i found v6.41 bug is "hex" vpn error.
There was no problem with using bug fix version.
The mangle setting is cleared when rebooting, clearing only the VPN settings.

나의 SM-N950N 의 Tapatalk에서 보냄

hi
i found v6.41 bug is "hex" vpn error.
There was no problem with using bug fix version.
The mangle setting is cleared when rebooting, clearing only the VPN settings.

나의 SM-N950N 의 Tapatalk에서 보냄