Community discussions

MikroTik App
 
sebgva
just joined
Topic Author
Posts: 1
Joined: Wed Sep 28, 2022 8:19 pm

VPN failed after speedtest

Thu Sep 29, 2022 11:40 am

Hi,

I am quite new with Mikrotik products. I've setup a L2TP server to provide remote access to iphone, laptop ... Everything works fine except in one specific situation.

I am able to use my remote device without any issue, but if I launched a speedtest on the iPhone, after several seconds the connection is frozen : througput is down, browsing is broken.

During the speedtest, I am able to ping remote host, but after several seconds there is a timeout, and active connection in PPP->Active Connections disappears.

Any idea ?

Thanks a lot.
 
SwissMT
just joined
Posts: 2
Joined: Sun Dec 18, 2022 11:31 am

Re: VPN failed after speedtest

Sun Dec 18, 2022 11:38 am

Hi

I'm faceing the same issue. VPN-Tunnel from iPhone to MT works fine over L2TP. "Normal" traffic flow's as well into both directions (e.g. browsing, email, fileshare).
By doing a speedtest on the iphone it comes to this issue. The download works fine. But as soon as the upload (from iPhone to MT) starts and works for 1-2 seconds, then it crushes.
No traffic anymore. Only solution then is to stop the VPN-connection on the iPhone and start it new. It looks like the VPN-Tunnel stucks somwhere itselfs.

Does anybody has an idea where to search for the root cause?
BR
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VPN failed after speedtest

Mon Dec 19, 2022 4:39 am

Iphones are embarrassed by speed tests??
Just don't do speed tests and be happy.

I tried it on my iphone, cellular connection to my Home router via WIREGUARD and it worked fine, no cutout at all.
77 down 15 up were my speeds..............

Sounds like you are using the wrong VPN type.
 
SwissMT
just joined
Posts: 2
Joined: Sun Dec 18, 2022 11:31 am

Re: VPN failed after speedtest

Fri Sep 15, 2023 2:03 pm

After update Router OS from 7.8 to 7.9, as well the site-to-site VPN iKE stops working well. The tunnel was up, but almost no speed trough the tunnel was possible. An invastigation by support was not succesfully.

The solution was found on the following thread, thx a lot!

https://saputra.org/threads/mikrotik-fa ... -ipsec.34/

(Copy from original thread:)
Fasttrack is a new feature introduced in RouterOS v6.29 that allows you to forward packages in a way that they are not handled by the Linux Kernel which greatly improves the throughput of your router as well as lowering the CPU load.

Fasttrack allows all packages that have the state Established or Related to bypass the Kernel and be directly forwarded to the target. So, once a connection is marked as established or related, it won’t go through any firewalling or processing and will directly forwarded to the target. Of course – a connection gains the state of established or related once it went through the firewall so it will still be secure.

But there’s a known issue that Fasttrack will not work with IPsec connections, it will result in a rather wonky experience or very unstable IPsec connection. So if you have IPsec connections in your MikroTik but want to take the advantages of Fasttrack, here’s the resolution for you!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: VPN failed after speedtest

Fri Sep 15, 2023 2:59 pm

Swiss MT, that is already covered by the default rules in the forward chain.
We accept ipsec traffic prior to the fastrack rule!! Done!

add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-mark=no-mark connection-state=established,related hw-offload=\
yes

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], JesusUve, kiloon, rarriazu, xrlls and 88 guests