Community discussions

 
svr
just joined
Topic Author
Posts: 7
Joined: Mon Aug 18, 2014 1:53 pm

OVPN Server automatically creates interface

Mon Aug 18, 2014 2:11 pm

I use OVPN connection (RB951 on both sites). On server site I manually created interface named ovpn-client1. Typically, when client makes connection, interface on server site become active and all is OK.
But sometimes server automatically creates interface called <ovpn-client1> (with brackets) and use it instead manually created ovpn-client1 (without brackets). How to prevent this?

Example:
Client log
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: terminating... - nothing received for a while
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: disconnected
Jul/26/2014 17:11:50 memory ovpn, info ovpn-client1: initializing...
Jul/26/2014 17:11:50 memory ovpn, info ovpn-client1: connecting...
Jul/26/2014 17:12:01 memory ovpn, info ovpn-client1: using encoding - BF-128-CBC/SHA1
Jul/26/2014 17:12:02 memory ovpn, info ovpn-client1: connected
Jul/27/2014 17:12:05 memory ovpn, info ovpn-client1: terminating... - nothing received for a while
Jul/27/2014 17:12:05 memory ovpn, info ovpn-client1: disconnected
Jul/27/2014 17:12:15 memory ovpn, info ovpn-client1: initializing...
Jul/27/2014 17:12:15 memory ovpn, info ovpn-client1: connecting...
Jul/27/2014 17:12:18 memory ovpn, info ovpn-client1: using encoding - BF-128-CBC/SHA1
Jul/27/2014 17:12:18 memory ovpn, info ovpn-client1: connected

Server log:
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: terminating... - nothing received for a while
Jul/26/2014 17:11:39 memory ovpn, info, account client1 logged out, 1221 20200 13965 167 184
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: disconnected
Jul/26/2014 17:11:50 memory ovpn, info TCP connection established from (IP address)
Jul/26/2014 17:12:01 memory ovpn, info : using encoding - BF-128-CBC/SHA1
Jul/26/2014 17:12:01 memory ovpn, info, account client1 logged in, 10.10.60.2
Jul/26/2014 17:12:02 memory ovpn, info ovpn-client1: connected
Jul/27/2014 17:12:16 memory ovpn, info TCP connection established from (IP address)
Jul/27/2014 17:12:18 memory ovpn, info : using encoding - BF-128-CBC/SHA1
Jul/27/2014 17:12:18 memory ovpn, info, account client1 logged in, 10.10.60.2
Jul/27/2014 17:12:18 memory ovpn, info <ovpn-client1>: connected
Jul/27/2014 17:12:21 memory ovpn, info ovpn-client1: terminating... - peer disconnected
Jul/27/2014 17:12:21 memory ovpn, info, account client1 logged out, 86420 3728595 1150037 18900 15199
Jul/27/2014 17:12:21 memory ovpn, info ovpn-client1: disconnected
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: OVPN Server automatically creates interface

Mon Aug 18, 2014 4:09 pm

I know this is no consolation, but it happens to other PtP server bindings too, e.g. PPTP.
The conditon for this to happen is as follows:
- connect the VPN client
- kill the client (and I mean kill, not disconnect. e.g. power cycle the client router)
- reconnect the client before the previous server connection times out.
And here you have it.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
lz1dsb
Member Candidate
Member Candidate
Posts: 222
Joined: Wed Aug 07, 2013 11:48 am

Re: OVPN Server automatically creates interface

Mon Aug 18, 2014 5:14 pm

I use OVPN connection (RB951 on both sites). On server site I manually created interface named ovpn-client1. Typically, when client makes connection, interface on server site become active and all is OK.
But sometimes server automatically creates interface called <ovpn-client1> (with brackets) and use it instead manually created ovpn-client1 (without brackets). How to prevent this?

Example:
Client log
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: terminating... - nothing received for a while
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: disconnected
Jul/26/2014 17:11:50 memory ovpn, info ovpn-client1: initializing...
Jul/26/2014 17:11:50 memory ovpn, info ovpn-client1: connecting...
Jul/26/2014 17:12:01 memory ovpn, info ovpn-client1: using encoding - BF-128-CBC/SHA1
Jul/26/2014 17:12:02 memory ovpn, info ovpn-client1: connected
Jul/27/2014 17:12:05 memory ovpn, info ovpn-client1: terminating... - nothing received for a while
Jul/27/2014 17:12:05 memory ovpn, info ovpn-client1: disconnected
Jul/27/2014 17:12:15 memory ovpn, info ovpn-client1: initializing...
Jul/27/2014 17:12:15 memory ovpn, info ovpn-client1: connecting...
Jul/27/2014 17:12:18 memory ovpn, info ovpn-client1: using encoding - BF-128-CBC/SHA1
Jul/27/2014 17:12:18 memory ovpn, info ovpn-client1: connected

Server log:
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: terminating... - nothing received for a while
Jul/26/2014 17:11:39 memory ovpn, info, account client1 logged out, 1221 20200 13965 167 184
Jul/26/2014 17:11:39 memory ovpn, info ovpn-client1: disconnected
Jul/26/2014 17:11:50 memory ovpn, info TCP connection established from (IP address)
Jul/26/2014 17:12:01 memory ovpn, info : using encoding - BF-128-CBC/SHA1
Jul/26/2014 17:12:01 memory ovpn, info, account client1 logged in, 10.10.60.2
Jul/26/2014 17:12:02 memory ovpn, info ovpn-client1: connected
Jul/27/2014 17:12:16 memory ovpn, info TCP connection established from (IP address)
Jul/27/2014 17:12:18 memory ovpn, info : using encoding - BF-128-CBC/SHA1
Jul/27/2014 17:12:18 memory ovpn, info, account client1 logged in, 10.10.60.2
Jul/27/2014 17:12:18 memory ovpn, info <ovpn-client1>: connected
Jul/27/2014 17:12:21 memory ovpn, info ovpn-client1: terminating... - peer disconnected
Jul/27/2014 17:12:21 memory ovpn, info, account client1 logged out, 86420 3728595 1150037 18900 15199
Jul/27/2014 17:12:21 memory ovpn, info ovpn-client1: disconnected
I also use OVPN on two RBs. I've never created a manual ovpn-client interface. It's all done by the RouterOS. And it works, it works quite stable actually.
 
svr
just joined
Topic Author
Posts: 7
Joined: Mon Aug 18, 2014 1:53 pm

Re: OVPN Server automatically creates interface

Tue Aug 19, 2014 12:18 pm

Thanks dokmarius,
I think too the sequence is similar:
- Client terminated connection (17:12:05 ovpn-client1: terminating... - nothing received for a while)
- Server doesn’t see this and keeps old connection!
- Client initiated reconnecting (17:12:15 ovpn-client1: initializing...)
- Server accept new connection (17:12:18 <ovpn-client1>: connected), but old connection exist and server creates dynamically new interface
- Timeout on old connection (17:12:21 ovpn-client1: terminating... - peer disconnected)

I tried testing this – reset routers, switches, unplug cables, etc. All works perfect! If connection lost, client reconnected to server correct. I couldn’t repeat this manually.
I’m testing connection 24/7. This happens rarely, maybe once on week. The client is connected to internet by 3G router. I believe 3G connection temporary lost or slowed sometimes, although 3G router didn’t logged this.

About lz1dsb post – I created manually interface, because I have to add static routes. I don’t know another way to connect subnets behind routers. I tried this, but no success.

Thanks
 
svr
just joined
Topic Author
Posts: 7
Joined: Mon Aug 18, 2014 1:53 pm

Re: OVPN Server automatically creates interface

Tue Aug 19, 2014 3:56 pm

Thanks dokmarius,
I think too the sequence is similar:
- Client terminated connection (17:12:05 ovpn-client1: terminating... - nothing received for a while)
- Server doesn’t see this and keeps old connection!
- Client initiated reconnecting (17:12:15 ovpn-client1: initializing...)
- Server accept new connection (17:12:18 <ovpn-client1>: connected), but old connection exist and server creates dynamically new interface
- Timeout on old connection (17:12:21 ovpn-client1: terminating... - peer disconnected)

I tried testing this – reset routers, switches, unplug cables, etc. All works perfect! If connection lost, client reconnected to server correct. I couldn’t repeat this manually.
I’m testing connection 24/7. This happens rarely, maybe once on week. The client is connected to internet by 3G router. I believe 3G connection temporary lost or slowed sometimes, although 3G router didn’t logged this.

About lz1dsb post – I created manually interface, because I have to add static routes. I don’t know another way to connect subnets behind routers. I tried this, but no success.

Thanks
 
lz1dsb
Member Candidate
Member Candidate
Posts: 222
Joined: Wed Aug 07, 2013 11:48 am

Re: OVPN Server automatically creates interface

Sun Jan 25, 2015 11:58 am

That's an old post but anyway. I haven't figured out a convenient way to monitor the threads.
I've also started using static interfaces on OVPN, it's how I can control the settings of the routing protocol I run over that link. It's quite useful, before I didn't know about that option.
 
lz1dsb
Member Candidate
Member Candidate
Posts: 222
Joined: Wed Aug 07, 2013 11:48 am

Re: OVPN Server automatically creates interface

Sun Jan 25, 2015 12:05 pm

I also noticed that in a long run, the OVPN connection breaks down...
 
svr
just joined
Topic Author
Posts: 7
Joined: Mon Aug 18, 2014 1:53 pm

Re: OVPN Server automatically creates interface

Mon Jan 26, 2015 9:51 am

Try to select "only one" property on server PPP profile.
Also see this topic:
http://forum.mikrotik.com/viewtopic.php?f=2&t=86435
For me this works fine.

Who is online

Users browsing this forum: No registered users and 85 guests