we are using a CCR1009 as router for our internal network, with the latest stable RouterOS version 7.8.
We are using the SSTP server with our own certificate (via Let's encrypt).
After a few days we see that 1 of the 9 cores is working 100% of the time on the ssl process.
Disabling and re-enabling the SSTP server doesn't get it down to (nearly) 0.
We have to reboot the router to get the CPU usage back to normal.
If we disable SSTP, we don't get that high CPU load - even after months.
config part of VPN/SSTP
Code: Select all
/interface sstp-server server
set authentication=mschap2 certificate=vpn.pem_0 default-profile=\
ppp-profile-dialin enabled=yes pfs=yes port=444 tls-version=only-1.2
/ppp profile
add dns-server=10.200.0.19 local-address=pool-vpn-dialin name=\
ppp-profile-dialin remote-address=pool-vpn-dialin \
remote-ipv6-prefix-pool=kbd-v6 use-encryption=required
/radius
add address=10.200.0.19 service=ppp,wireless timeout=500ms
/ip pool
add name=pool-vpn-dialin ranges=10.200.10.10-10.200.10.254
Another specialty comes to mind: Twice a day the let's encrypt service on our Linux server checks if the certificate needs to be renewed. After each check we copy the current certificate to the mikrotik (without checking if it was changed).
At first we just deleted the old certificate and copied the current one to the Mikrotik.
Now we disable SSTP, wait 1s, delete certificates + copy current one, wait 1s, enable SSTP.
The latter course of action didn't change anything.
Does anyone have any ideas what I can do fix this problem?
Or do you think that it's just a bug?