Last disconnect reason peer request mikrotik

Last disconnect reason peer request mikrotik

Mon Aug 01, 2016 10:38 am

Hello.
There mikrotik 750GR2. Connecting to an Internet configured so. 2 ports are combined in the bridge. One port is plugged with a white asterisk ip. The second interface, set the other white ip LAN through which comes to internet. The 3-5 of the ports in the switch group and look to the local area network. Users go to the Internet through nat. On mikrotike set l2tp. Users connect windows (7 and xp) l2tp client and use the LAN resources. But every 8 hours connection unexpected disconnect. In this case, the log records mikrotik

failed to begin ipsec sa negotiation
print detail
Flags: X — disabled, D — dynamic
0 address=0.0.0.0/0 local-address=:: passive=no port=500 auth-method=pre-shared-key secret=»111111111″
generate-policy=port-override policy-template-group=*FFFFFFFF exchange-mode=main-l2tp send-initial-contact=yes
nat-traversal=yes hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des dh-group=modp1024 lifetime=1h
dpd-interval=disable-dpd dpd-maximum-failures=5

[admin@Mikrotik750GR2] /ip ipsec proposal>> print detail
Flags: X — disabled, * — default
0 * name=»default» auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-128-cbc,3des lifetime=30m pfs-group=modp1024

Re: L2TP is disconnect after every 8 hours

Wed May 24, 2017 4:58 pm

Re: L2TP is disconnect after every 8 hours

Wed May 24, 2017 5:49 pm

You can try to change the profile from default-encryption to default and test if that solves the issue.

Sometimes the encryption gets out of sync and resulting that the tunnel gets terminated and the reconnects

Re: L2TP is disconnect after every 8 hours

Thu Jun 01, 2017 10:54 am

Re: L2TP is disconnect after every 8 hours

Mon Jun 05, 2017 9:53 am

Re: L2TP is disconnect after every 8 hours

Mon Jul 17, 2017 9:36 am

Hi
I have exactly the same problem. all my L2TP/IPSEC session get disconnected after exactly 8 hours

Did someone manage to find a solution to this ?

Re: L2TP is disconnect after every 8 hours

Tue Jul 18, 2017 8:12 am

Re: L2TP is disconnect after every 8 hours

Thu Mar 08, 2018 3:41 pm

Re: L2TP is disconnect after every 8 hours

Sun Apr 15, 2018 8:29 am

Hello, I have exactly the same problem. My IPsec/L2TP connection drops every 8 hours. It takes it up to 50 minutes to recover. I’ve looks through the logs, but was not able to find anything wrong. I’ve checked on server side — timeout there 23 hours, on Mikrotik I did not found where timeout can be setup.

What else I could check/look at to fix this?

Re: L2TP is disconnect after every 8 hours

Fri Apr 27, 2018 6:35 pm

8h on L2TP/IPSec

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 12:41 pm

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 1:00 pm

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 2:00 pm

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 2:09 pm

Читайте также:  Роутер ruijie rg ew1200g pro

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 2:42 pm

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 3:50 pm

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 4:23 pm

In my house now: (receiving)

Flags: R — radius
0 name=»casavzla» service=l2tp caller-id=»186.xx.xx.xx» address=192.168.16.11 uptime=3d14h33m3s encoding=»cbc(aes) + hmac(sha256)»
session-id=0x81002F85 limit-bytes-in=0 limit-bytes-out=0

1 name=»mayjo» service=l2tp caller-id=»95.xx.xx.xx» address=192.168.16.10 uptime=9h31m1s encoding=»cbc(aes) + hmac(sha256)» session-id=0x8100301C
limit-bytes-in=0 limit-bytes-out=0

I don’t know how to print the outgoing ppp/pptp.

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 9:53 pm

hgonzale, what are the clients in your case?
The thing is that as this topic made me curious, I’ve started an L2TP/IPsec connection using the embedded VPN client of Windows 10 and used it so that there would be real traffic through the L2TP session, and it broke down as well. In my case, it didn’t take exactly 8 hours but something like 7:36 until the Windows client has decided to renew the IPsec phase 1, but it took it so long between tearing down the old one and starting to establish the new one that Mikrotik has managed to tear down the L2TP layer on inactivity in the meantime. See the commented tour below.

The DHCP lease time on the laptop side is 10 minutes so it is unlikely that this would be related, as there were tens of DHCP renewals which didn’t break the IPsec. So I’ll try another round during the night, this time with an Android device.

On top of that, there is no ISP involved — the laptop is connected using WiFi to one ‘Tik (uptime much longer than between now and the L2TP breakdown), and the L2TP/IPsec connection passes through NATting OpenWRT device and gets to the other ‘Tik which is the L2TP/IPsec server.

When the IPsec connection is initially established, the client declares sincerely the Phase 1 lifetime limitation to 8 hours:

After this, the connection establishes and just works, only Phase 2 is renegotiated from time to time without impact.
Nothing indicates a problem just before the breakdown:

KA means KeepAlive and it is an IPsec keepalive here. These are sent three times a minute.

This is an L2TP keepalive — the server sends HELLO and the client responds with ack. These are sent once a minute and they’re asynchronous to the IPsec KeepAlives

Here below the trouble begins:

So the client has sent us a request to delete the IPsec Phase 1 (ISAKMP), which consequently takes down Phase 2 (ESP in this case) as well.

The line above is important — as we’ve removed the policy, the L2TP packets won’t be matched and sent via the SA although it still exists by now.

Demolition of the IPsec connection completed. The L2TP transport packets cannot get anywhere until the IPsec connection gets established again. But it’s almost the time to send an l2tp HELLO.

and initiates the disconnection process.

Three seconds later, which is 32 seconds after it has shot down the previous Phase 1, the client initiates establishment of a new session:

It then took another 2 seconds until new SAs were negotiated and installed:

And it took another 8 seconds until the client started sending its own HELLO keepalives still within the old session (see the

As Android client also limits the Phase 1 lifetime to 8 hours, I’ll first check how the renegotiation looks like in Android case, and then I’ll try whether configuring a shorter lifetime limit at RouterOS side won’t make the client(s) behave differently.

Re: L2TP is disconnect after every 8 hours

Sat Apr 28, 2018 10:18 pm

All mines are other mikrotiks..

I have a dialup pptp to my server without encryption but is not in the list.
They are only dial in, I need to extract the dial out, but I don’t know to do

Re: L2TP is disconnect after every 8 hours

Sun Apr 29, 2018 8:10 pm

The results with my version of the embedded Android client are even more cryworthy than with Windows 10.

The Android client, like the Windows 10 one, declares a 28800 seconds Phase 1 lifetime in its Phase 1 proposal, and when this time expires, RouterOS drops the connection, without any attempt from Android side to re-establish it before or after the drop. But the Andriod still shows the VPN connection as active and stubbornly attempts to use it, so you can see «packets/bytes sent» on it to grow but «packets/bytes received» stay unchanged, several hours after the connection went down.

Читайте также:  Что значит lte на роутере

I’ve limited the Phase 1 lifetime at Mikrotik side, assuming that it might actively terminate the Phase 1 security association and thus provoke the client for a renewal, or that the client might proactively renew the session from its side once the end of the lifetime announced by Mikrotik approaches; well, none of this happens. Mikrotik keeps the session alive (presumably because it is configured to server mode and is thus unable to renew it), and Android doesn’t bother to renew it either, so the session continues to run. And the Windows client behaves the same way. I expect both sessions to end the same way like when 24 h lifetime is set on Mikrotik side, after 8 hours.

So I assume that gents in Redmond became aware of the issue and have added the auto-renewal into the WIndows10 client (which explains that these sessions do not last exactly 8 hours as reported before), but the auto-renewal takes it too much time (so far?) for the l2tp server not to give up.

If someone here happens to own some iThing, it might be interesting for the audience here to check how the iOS clients behave in this regard.

Источник

Last disconnect reason peer request mikrotik

Thu Apr 07, 2022 6:45 pm

We finally have dude server in V7 but it seems there are other problems. After upgrading to V7.2 from 6.49.5, OpenVPN clients from other mikrotik routers (some of them still 6.49.5 and some 7.2)and windows machines keeps disconnecting right after it connects. I tried many things to change in the server settings but without results.
Does anyone know why this happens?

Re: V7.2 OpenVPN

Fri Apr 08, 2022 12:26 am

Whatever I do in V7.2 for OpenVPN, I can’t make it work. I am using the same ways for server setup and self signed certificates on mikrotik which I used for years. Does anyone have an example of working setup?

Re: V7.2 OpenVPN

Fri Apr 08, 2022 11:02 am

Re: V7.2 OpenVPN

Fri Apr 08, 2022 8:24 pm

1. All that «better openvpn solutions» first made a headache for us
2. I disagree about Your guess because it worked excellent without a single drop for years on more than 150 locations
3. With all due respect, Your reply wasn’t helpful.

Anyone has some valid clue about how to resolve this?

Re: V7.2 OpenVPN

Fri Apr 08, 2022 8:26 pm

Re: V7.2 OpenVPN

Fri Apr 08, 2022 8:39 pm

Re: V7.2 OpenVPN

Fri Apr 08, 2022 9:12 pm

Re: V7.2 OpenVPN

Fri Apr 08, 2022 9:19 pm

Unfortunately, these two routers I upgraded are with dude server and dude is not available in V7.1.5. I have to go back to 6.49.5. Possible?

Re: V7.2 OpenVPN

Fri Apr 08, 2022 9:24 pm

Unfortunately, these two routers I upgraded are with dude server and dude is not available in V7.1.5. I have to go back to 6.49.5. Possible?

Re: V7.2 OpenVPN

Fri Apr 08, 2022 9:25 pm

Re: V7.2 OpenVPN

Fri Apr 08, 2022 10:32 pm

Thanks for suggestion. Do You mean to replace ovpn with wireguard?

Re: V7.2 OpenVPN

Sat Apr 16, 2022 11:43 am

Hello,
sorry i have no idea why your OpenVPN not work in the newer ROS.

We have a some(about 500) of (IoT) connections to few «serverrouter» and they work fine with 7.2.
Most client(IoT) devices are on «long term 6.48»
Since few weeks we have some wireguard(testing) connections with newer ROS devices.
Here an client config that will work with ROS 7.2(1). on a arm-device (RB4011)
The serverrouter are RB1100 Hx4

Re: V7.2 OpenVPN

Sun Apr 17, 2022 10:05 am

Re: V7.2 OpenVPN

Tue Apr 19, 2022 6:45 pm

It happens to be as well but not with all routers. To be precise, the issue occurs only on a «mmips» device. Maybe there is some issue with thich architecture? I tried to take a look at debug logs on both sides but there is nothing useful to make use of. Certificate is okay, login credentials as well.

Читайте также:  Failed to pre process ph2 packet mikrotik kerio

I alo tried basically everything — regenrating all certificates, re-importing them, deleting the whole configuration and startin over but have not succeeded. All the advices in here make sense, but in my case as well — I prefer to use OpenVPN as a backup service.

server side debug log

I am using the latest FW (7.2.1). The device is «hEX S».

Can anyone advise me how to report the issue?

Источник

Last disconnect reason peer request mikrotik

Tue Apr 01, 2014 1:40 pm

Hello.
I have Mikrotik 1100AHx2 as sstp-server and 951Ui-2HnD as client.
and — i don’t understand, why. but, every 2 minutes sstp connection is terminating.

14:35:38 sstp,ppp,info sstp-out1: terminating. — conn timeout
14:35:38 sstp,ppp,info sstp-out1: disconnected
14:35:38 sstp,ppp,info sstp-out1: initializing.
14:35:38 sstp,ppp,info sstp-out1: connecting.
14:35:38 route,ospf,info OSPFv2 neighbor 10.200.0.1: state change from Full to Down
14:35:39 sstp,ppp,info sstp-out1: authenticated
14:35:39 sstp,ppp,info sstp-out1: connected

14:37:39 sstp,ppp,info sstp-out1: terminating. — conn timeout
14:37:39 sstp,ppp,info sstp-out1: disconnected
14:37:39 sstp,ppp,info sstp-out1: initializing.
14:37:39 sstp,ppp,info sstp-out1: connecting.
14:37:39 route,ospf,info OSPFv2 neighbor 10.200.0.1: state change from Full to Down
14:37:40 sstp,ppp,info sstp-out1: authenticated
14:37:40 sstp,ppp,info sstp-out1: connected

14:35:38 sstp,ppp,info : terminating. — terminated by remote peer
14:35:38 sstp,ppp,info,account ap0214 logged out, 121 9325 4459 77 75
14:35:38 sstp,ppp,info : disconnected
14:35:38 route,ospf,info OSPFv2 neighbor 172.20.18.30: state change from Full to Down
14:35:39 sstp,ppp,info,account ap0214 logged in, 10.200.18.247
14:35:39 sstp,ppp,info : authenticated
14:35:39 sstp,ppp,info : connected

14:37:39 sstp,ppp,info : terminating. — terminated by remote peer
14:37:39 sstp,ppp,info,account ap0214 logged out, 120 12554 7377 105 114
14:37:39 sstp,ppp,info : disconnected
14:37:39 route,ospf,info OSPFv2 neighbor 172.20.18.30: state change from Full to Down
14:37:40 sstp,ppp,info,account ap0214 logged in, 10.200.18.247
14:37:40 sstp,ppp,info : authenticated
14:37:40 sstp,ppp,info : connected

also, i have other 951Ui-2HnD with same config — and connection uptime is already 2 days.
Have any ideas about reasons ?

Источник

Last disconnect reason peer request mikrotik

Sat Apr 03, 2010 12:47 am

I have set up a OVPN client and serer. I have it working how I want to, but after a shor period of time the connection stops passing any traffic. To get the connection back I have to disable and then enable the OVPN-client connection.

Edit:
The OVPN server needs the CA certificate to be present. I put the CA certificate on the server and the problem seems to be fixed.

Edit 2:
It only stayed up for

1 hour. It returned back to dying after

2 minuets after the OVPN client is started.

Re: OVPN traffic stops

Sun Apr 04, 2010 1:56 am

Here is some log info from when the OVPN drops. I have a ping going across the link from both sides when this happens.

Re: OVPN traffic stops

Sun Apr 04, 2010 10:24 pm

Re: OVPN traffic stops

Sun Apr 04, 2010 10:34 pm

Re: OVPN traffic stops

Mon Apr 05, 2010 11:52 pm

Re: OVPN traffic stops

Tue Apr 06, 2010 12:36 am

Now the log shows «peer disconnected» on both sides

Re: OVPN traffic stops

Wed Apr 07, 2010 5:28 am

Re: OVPN traffic stops

Wed Apr 07, 2010 6:34 am

I would use PPTP, but all traffic except port 80, 443, and a few others have been blocked (and port 80 is filtered). That make me have to use a connection on port 443. I have been using a SSH tunnel, but I would like to use VPN on a router for simpler setup.

I switched to easy-RSA for the certificate, but that still didn’t help. I will try using a linux server next.

Re: OVPN traffic stops

Wed Apr 07, 2010 6:27 pm

I think I found out what the problem was.

When I checked «Add Default Gateway» on the ovpn client, all traffic wanted to go through it, even the ovpn session.

I had to add a static route for the VPN connection IP to the route list to force that IP to go through the correct gateway. It would be nice if that was done automatically (especially since this is for mobile use). I made a simple script for the netwatch tool.

Источник

Adblock
detector