Community discussions

MikroTik App
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

OVPN UDP time-out after 1 hour

Wed Jul 06, 2022 11:23 am

Tested with ROS 7.3.1

I've just recently converted my OVPN TCP tunnels to OVPN UDP and I've noticed that after almost exactly an hour my OpenVPN clients get a hard error that requires the user to click OK and then manually reconnect. Multiple clients are experiencing the same issue.

If the connection timed out and automatically reconnected it would have been better, but because it throws an error it requires user intervention every hour which is really annoying.

Connect time 15:13:38
Sigterm[soft,remove-exit] 16:14:22

Using OpenVPN GUI v11.25.0.0 on the client PC.
2022-07-06 15:13:21 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-07-06 15:13:21 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
2022-07-06 15:13:21 Windows version 10.0 (Windows 10 or greater) 64bit
2022-07-06 15:13:21 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Enter Management Password:
2022-07-06 15:13:21 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-07-06 15:13:22 TCP/UDP: Preserving recently used remote address: [AF_INET]<SERVERIP>:1194
2022-07-06 15:13:22 UDP link local: (not bound)
2022-07-06 15:13:22 UDP link remote: [AF_INET]<SERVERIP>:1194
2022-07-06 15:13:22 [ecoCA2021] Peer Connection Initiated with [AF_INET]<SERVERIP>:1194
2022-07-06 15:13:33 open_tun
2022-07-06 15:13:33 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-07-06 15:13:33 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.0.0/10.0.0.4/255.255.255.0 [SUCCEEDED]
2022-07-06 15:13:33 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.0.4/255.255.255.0 on interface {4BE91EE1-CDDB-4FC8-BBF0-6AC460A016D0} [DHCP-serv: 10.0.0.254, lease-time: 31536000]
2022-07-06 15:13:33 Successful ARP Flush on interface [11] {4BE91EE1-CDDB-4FC8-BBF0-6AC460A016D0}
2022-07-06 15:13:33 IPv4 MTU set to 1500 on interface 11 using service
2022-07-06 15:13:38 Initialization Sequence Completed
2022-07-06 16:14:22 SIGTERM[soft,remote-exit] received, process exiting
Server settings:
port 1194
mode ip
protocol udp
netmask 24
max MTU 1500
keepalive timeout 60
certificate
require-client-certificate yes
tls version only v1.2 (I tried any before and it made no difference)
Auth sha1
cipher aes256

ppp profile settings:
-------------------------
session timeout - not set
idle timeout - not set

client.ovpn
--------------
client

proto udp

remote <SERVERIP> 1194
resolv-retry infinite
dev tun

ca ca.crt
cert client.crt
key client.key
tls-client

nobind
persist-key
persist-tun

cipher AES-256-CBC
auth SHA1
auth-nocache

auth-user-pass auth.txt

route ...
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: OVPN UDP time-out after 1 hour

Wed Jul 06, 2022 12:26 pm

Connected at 16:21:29
Disconnected at 17:22:14.

Just over an hour again.

Server logs show:
17:22:13 ovpn,info ovpn-client: terminating... - peer disconnected
17:22:13 ovpn,info ovpn-client: terminating... - peer disconnected
17:22:14 ovpn,info,account client logged out, 3663 150404 11810 1270 184 from <CLIENTIP>
17:22:14 ovpn,info,account client logged out, 3663 150404 11810 1270 184 from <CLIENTIP>
17:22:14 ovpn,info ovpn-client: disconnected
17:22:14 ovpn,info ovpn-client: disconnected
 
User avatar
basd
just joined
Posts: 8
Joined: Mon Sep 14, 2015 11:37 am
Location: Netherlands
Contact:

Re: OVPN UDP time-out after 1 hour

Fri Jul 08, 2022 11:05 am

Connected at 16:21:29
Disconnected at 17:22:14.

Just over an hour again.

Server logs show:
17:22:13 ovpn,info ovpn-client: terminating... - peer disconnected
17:22:13 ovpn,info ovpn-client: terminating... - peer disconnected
17:22:14 ovpn,info,account client logged out, 3663 150404 11810 1270 184 from <CLIENTIP>
17:22:14 ovpn,info,account client logged out, 3663 150404 11810 1270 184 from <CLIENTIP>
17:22:14 ovpn,info ovpn-client: disconnected
17:22:14 ovpn,info ovpn-client: disconnected
Same problem here.

After 1 hour i am running 7.3.1 acording to the release notes stability must have been improved but not seeing that
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: OVPN UDP time-out after 1 hour

Fri Jul 08, 2022 9:39 pm

Server UDP - 7.3.1 - x86
Client HAP AC3 - 7.3.1
2022-07-08_22-57-39.jpg
You do not have the required permissions to view the files attached to this post.
 
jti
just joined
Posts: 3
Joined: Thu Jan 28, 2021 8:45 pm

Re: OVPN UDP time-out after 1 hour

Sat Aug 27, 2022 9:41 pm

Hello, I have the same problem, every hour a disconnect (0-ovpn-CG: terminating... - peer disconnected). Does anyone have an idea what could be the reason? Router OS 7.4.1. Thank you for your answers
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: OVPN UDP time-out after 1 hour

Sun Aug 28, 2022 12:45 pm

MikroTik have confirmed that they can reproduce the problem. So we need to wait for them to fix it.
 
roe1974
Member Candidate
Member Candidate
Posts: 150
Joined: Mon Dec 31, 2018 2:14 pm

Re: OVPN UDP time-out after 1 hour

Fri Sep 02, 2022 2:58 pm

Hi ... anyone allready tested with 7.5 ?
br, Richard
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: OVPN UDP time-out after 1 hour

Fri Sep 02, 2022 3:02 pm

Hi ... anyone allready tested with 7.5 ?
br, Richard
For me, it's fixed 7.5 x86.
ovpn.jpg
You do not have the required permissions to view the files attached to this post.
 
Wyz4k
Member Candidate
Member Candidate
Topic Author
Posts: 240
Joined: Fri Jul 10, 2009 10:23 am

Re: OVPN UDP time-out after 1 hour

Sat Sep 03, 2022 4:48 pm

Yep, fixed for me too. For the first time I can stay connected for longer than an hour.
 
roe1974
Member Candidate
Member Candidate
Posts: 150
Joined: Mon Dec 31, 2018 2:14 pm

Re: OVPN UDP time-out after 1 hour

Mon Sep 05, 2022 12:30 pm

In the 7.5 thread it says that the connection is no longer closed on the router as soon as the client disconnects it .... could you determine this ?
viewtopic.php?p=955298&hilit=ovpn#p955298

br Richard
 
User avatar
spippan
Member
Member
Posts: 333
Joined: Wed Nov 12, 2014 1:00 pm
Location: Austria

Re: OVPN UDP time-out after 1 hour

Wed Dec 28, 2022 3:36 pm

has anyone checked on the firewall connection tracking lifetimes?
in addition to that ... is there any sort of keep-alive faciliated?

Who is online

Users browsing this forum: adrianmartin16, Qanon, Valerio5000 and 81 guests