Page 1 of 1

SSTP tunnel does not detect connection failure

Posted: Wed Sep 10, 2014 12:41 pm
by lz1dsb
I started using SSTP few days ago between three locations. One of them is the SSTP server where all of the tunnels are terminated, the other two - dial in. I've started it with password authentication only for the moment, just to test how it works. Over the tunnels I use OSPF to advertise the networks behind the routers. Hardware: two RB951 and one RB751.
The setup works, but today I notice a strange behavior. My Internet connection at the central site was down for a couple of hours, but then after it recovered - the sstp tunnels didn't come back up again! When I connected to the remote devices, the sstp interfaces were shown as "Running". I had to manually disable/enable the sstp interface to reestablish the connection.
Isn't there a detection mechanism in SSTP that detects link failure? Should I configure something additionally?

On the other hand, I'm also running OVPN tunnels to the same locations in parallel. The OVPN tunnels reestablished without my intervention...

Re: SSTP tunnel does not detect connection failure

Posted: Wed Sep 10, 2014 3:23 pm
by NAB
I have had some very bad experiences using SSTP (tunnels staying up when they shouldn't be and massive packet loss).

I would strongly recommend that you avoid SSTP like the plague if at all possible.

Re: SSTP tunnel does not detect connection failure

Posted: Wed Sep 10, 2014 4:38 pm
by lz1dsb
I have had some very bad experiences using SSTP (tunnels staying up when they shouldn't be and massive packet loss).

I would strongly recommend that you avoid SSTP like the plague if at all possible.
I think I'm having exactly the same issue here. The SSTP client does not detect that the SSTP server is no longer reachable. It stays up.
From your experience... what would you recommend. Something stable enough...
I have OVPN tunnels in parallel, but I'm having some OSPF routing issues there...

Re: SSTP tunnel does not detect connection failure

Posted: Thu Sep 11, 2014 7:05 am
by NAB
We're running straight L2TP where encryption isn't required and L2TP/IPSec where it is. Works flawlessly.

Re: SSTP tunnel does not detect connection failure

Posted: Thu Sep 11, 2014 1:50 pm
by MrYan
Do you have a keepalive-timeout set?

Re: SSTP tunnel does not detect connection failure

Posted: Thu Sep 11, 2014 5:01 pm
by lz1dsb
Do you have a keepalive-timeout set?
No, but I noticed that there is such a parameter. I can only see it on the sstp-client though. How should I set it on the server, or this keepalive is just a client function?

Re: SSTP tunnel does not detect connection failure

Posted: Fri Sep 12, 2014 1:00 am
by MrYan
AIUI, once enabled on the client, the server just responds to the relevant keep alive message.