Community discussions

 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

L2TP problem

Sun Sep 09, 2012 11:20 am

Brand new RB1100AHx2, about 50 L2TP tunnels, nothing nonstandard in configuration, after one day without any problem tunnels suddenly are not able to connect. Log from L2TP server:

07:39:45 l2tp,ppp,info tunnel6: terminating... - could not add address: already have such address (6)

I have sent suppout files to support...
 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

Re: L2TP problem

Mon Sep 10, 2012 10:04 am

Another info: when this problem occurs, all dynamic IP addresses of VPN interfaces are marked as "invalid" - so another solution is to manually remove all invalid addresses.
 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

Re: L2TP problem

Tue Sep 11, 2012 4:46 pm

Still no answer from support...
 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

Re: L2TP problem

Wed Sep 12, 2012 5:53 pm

Another newly created autosupout.rif file sent to support, still without answer. Hey Mikrotik, I am not some kind of fcuknig tester, I am your customer with routers in production environment!
 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

Re: L2TP problem

Fri Sep 14, 2012 3:56 pm

Still no answer from support after 6 days, I would like to work in such support... Today I noticed, that similar problem with not-deleted items in addresses exists also in Firewall-Mangle. My VPN connection change MSS and currently I have lot of mangle items in list. It seems that on VPN disconnection address and also mangle items are not deleted correctly.
Is somebody from Mikrotik interested in such kind of information?
 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

Re: L2TP problem - L2TP server error confirmed by support

Fri Sep 14, 2012 11:02 pm

Few minutes after my last post support sent me an answer to all my mails. Definively it is a bug in L2TP server. When L2TP server crashes, it does not delete assigned IP addresses so later it is not possible to complete connection because L2TP server is not able to insert internal IP into address list.
The only temporary solution is to create scheduled script which periodcally deletes all dynamic and invalid addresses. :roll:
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:

Re: L2TP problem - L2TP server error confirmed by support

Mon Sep 17, 2012 9:42 pm

Few minutes after my last post support sent me an answer to all my mails. Definively it is a bug in L2TP server. When L2TP server crashes, it does not delete assigned IP addresses so later it is not possible to complete connection because L2TP server is not able to insert internal IP into address list.
The only temporary solution is to create scheduled script which periodcally deletes all dynamic and invalid addresses. :roll:
Yeah, fully understand the frustration. MTK and VPN support is just a bunch of bubble-gum and duct tape, IMO.

---
But, can you give us a sample of a script that does this?
I'm not clear how you'd implement the script.
- If I helped you solve your problem ... Karma is an appropriate gift! :) -
 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

Re: L2TP problem

Tue Sep 18, 2012 1:20 am

I configured those VPN on new RB1100AHx2 as a replacement of old x86 based Mikrotik with ROS 3.17 where this configuration worked several years without any hitch, so my dissapointment is very strong. Instead fully functional router I have to scratch my left ear by right hand with the help of scheduled script... :evil:

Scheduled script, that removes all dynamic invalid addresses is found here: http://forum.mikrotik.com/viewtopic.php?f=9&t=65452
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1369
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: L2TP problem

Wed Sep 19, 2012 9:29 am

I find it hard to believe this bug still exists? Can I take a look at this setup and config, mate? Send me an e-mail with the WinBox access or write to Skype: hypnologic
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

Re: L2TP problem

Wed Sep 19, 2012 2:35 pm

cha cha
 
seany
newbie
Posts: 31
Joined: Fri Sep 18, 2009 1:14 pm

Re: L2TP problem

Thu Sep 20, 2012 9:47 am

Oh it still exists. I get it weekly if not more and it's very frustrating. It fails to remove other stuff like dynamic bridges too. I get this with L2TP clients and I'm also sure I've had it with PPP and VRRP. Been affected by this for well over a year and still no fix...
 
User avatar
NetworkPro
Forum Guru
Forum Guru
Posts: 1369
Joined: Mon Jan 05, 2009 6:23 pm
Location: Worldwide
Contact:

Re: L2TP problem

Thu Sep 20, 2012 9:53 am

Have you done the usual things? Upgrade bootloader, reset and start from scratch, reinstall with NetInstall and start clean with a sightly different (better) configuration, change x86 hardware platform etc etc. ?
wiki.mikrotik.com/wiki/NetworkPro_on_Quality_of_Service
 
rrestoration
just joined
Posts: 2
Joined: Thu Sep 20, 2012 9:59 am

Re: L2TP problem

Thu Sep 20, 2012 10:18 am

L2TP can have problems with firewalls, NATs, and proxies too. In this setup, firewalls need to be configured to allow both the IKE traffic and ESP-encapsulated data. If your VPN client computer is behind a NAT, both the VPN client and the VPN server must support IPsec NAT-Traversal (NAT-T). Note, however, that the VPN server can’t be located behind a NAT, and that L2TP/IPsec traffic can’t flow through a proxy.

http://www.hairtransplantlahore.com
Last edited by rrestoration on Mon Oct 29, 2012 7:10 am, edited 1 time in total.
 
gsloop
Member Candidate
Member Candidate
Posts: 213
Joined: Wed Jan 04, 2012 11:34 pm
Contact:

Re: L2TP problem

Thu Sep 20, 2012 11:54 pm

Have you done the usual things? Upgrade bootloader, reset and start from scratch, reinstall with NetInstall and start clean with a sightly different (better) configuration, change x86 hardware platform etc etc. ?
Perhaps I'm missing something, but didn't Mikrotik actually confirm that it's a known bug/problem and suggest the script as a fix? If so, why are you suggesting they do other stuff to fix the problem when Mikrotik says - "Yeah, known problem."

[And even if it's fixed, to have Mikrotik suggest a work-around, rather than suggest a real fix - I'm not sure which is worse?]

-Greg
- If I helped you solve your problem ... Karma is an appropriate gift! :) -
 
antoninn
newbie
Topic Author
Posts: 30
Joined: Wed Nov 14, 2007 12:59 pm

Re: L2TP problem

Fri Sep 21, 2012 12:01 am

This is what guy from Mikrotik support wrote to me (I suppose after he analyzed suppout.rif file):

At one point l2TP server crashed. And left all addresses unremoved.
We will try to repeat the problem and fix it in the future. But currently you can
add a simple script in scheduler which removes all invalid addresses from your
router.
 
User avatar
SiB
Member Candidate
Member Candidate
Posts: 163
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: L2TP problem

Sat Nov 02, 2013 7:12 am

Hello,
IP Address and Mangle have good marks as Invalid and Dynamic but I use a L2TP with profile who have limit 2/2 and I see that new connection report into logs:
03:42:04 l2tp,ppp,error could not add queue: already have such name (6)
and a queue ARE NOT mark as INVALID, it means I cannot remove it from script without remove other good queue :(.

Case go to Mikrotik Support but you say it's OLD and KNOW issue - it's bad for me.
1100AHx2 v5.21.

My current script:
http://forum.mikrotik.com/viewtopic.php?f=9&t=67813
 
dannnic
just joined
Posts: 4
Joined: Mon Nov 18, 2013 8:23 am

Re: L2TP problem

Mon Nov 18, 2013 9:08 am

@antoninn

I'm planing to configure a similar setup for my client with 50 concurrent connections. Did your issue has been resolved with newer version of firmware or Hardware ?

I hope to use the new RB1100AHx2 with v6.6
really appreciate your suggestions ...

Who is online

Users browsing this forum: Google [Bot] and 98 guests