I made a VPN star-based network between my home router and few others, that I configured over a time. This network is here just for quick monitoring of state for a distant routers. Also, good basis for real-life learning, as all those routers are alive.
If a router is not connected over a VPN, this is a signal that something bad happens there. Also, on some routers, their source IP address in a VPN connection can indicate that they are swapped to the secondary link. Again, we have alarm that something is wrong.
I checking them from time to time, as I don’t need to administer them on daily basis. I spotted recently that one of a distant Mikrotik Routerboards (http://routerboard.com/) is not connected over the VPN connection to my router.
Mikrotik Routerboards are very stable devices and this situation is really strange. There fore, I connected to the router and checked VPN connection. It was enabled and in disconnected state.
VPN connections are part of the PPP services. They sharing PPP profiles and a user database for incoming connections. For outgoing VPN we need different profile and few more parameters, including IP address of central router and the credentials (an username and a password).
Troubleshooting steps
My troubleshooting steps were simple. First I checked the date and time on the router. This can be huge problem, if time is not in synchronization. That was OK.
Second step was to check an IP address for distant router. It was OK, too. This is not a problem in most cases, but my router have dynamic IP. I’m using script for updating an IP address of the distant router in the VPN connection.
Then I spotted that a VPN profile is wrong. It was default, instead my custom profile. Profile default is for non-encrypted connections. We can’t use it for VPN. I made necessary changes for a profile in the connection settings and saved it.
Now everything is fine, but my VPN link is still down. As I uncheck Dial on demand option, it should connect in few seconds. Unfortunately, it didn’t. I left it in that, as I was busy with other job.
When I came back to it later, I found in system log lot of errors related to SSTP VPN connection:
16:24:53 sstp,ppp,info MyRouter: terminating...
16:24:53 sstp,ppp,info MyRouter: disconnected
16:24:53 sstp,ppp,info MyRouter: initializing...
16:24:53 sstp,ppp,info MyRouter: connecting...
16:25:07 sstp,ppp,info MyRouter: terminating... - closed by remote peer
16:25:07 sstp,ppp,info MyRouter: disconnected
16:25:07 sstp,ppp,info MyRouter: initializing...
16:25:07 sstp,ppp,info MyRouter: connecting...
16:25:15 sstp,ppp,info MyRouter: terminating... - closed by remote peer
16:25:15 sstp,ppp,info MyRouter: disconnected
As nothing else helped so far, I had two options. I can try to repair just a connection or to try to reboot a whole router. I opted to try to repair connection.
Repairing connection
Repair was simple. I just copied existing connection in the WinBox (a Mikrotik graphical tool), then delete existing one. Now I have copy of my existing connection in memory. I renamed it and saved back.
In matter of seconds, new copy of the VPN connection connected with my router. I can see this in the list of the active VPNs and also in the log (I extract just last few lines):
22:15:18 sstp,packet MyRouter sent control packet type: echo request
22:15:18 sstp,packet 10 01 00 08 00 08 00 00
22:15:18 sstp,packet MyRouter recv control packet type: echo request
22:15:18 sstp,packet 10 01 00 08 00 08 00 00
22:15:18 sstp,packet MyRouter sent control packet type: echo response
22:15:18 sstp,packet 10 01 00 08 00 09 00 00
22:15:18 sstp,packet MyRouter recv control packet type: echo response
22:15:18 sstp,packet 10 01 00 08 00 09 00 00
In case that this doesn’t helped, we can reboot router. This should fix the problem.
Quick tip for work from command line
You can repair a connection also from the terminal session, using RouterOS commands. You can first execute command
interface ppp-client export file=vpn
If you’re not sure that the VPN settings are correct, you can always first export a configuration to the console and review a settings. Be careful, as this will display the username and the password. For export to the console, just remove part file=vpn from previous command.
Then, you can delete VPN connection with:
interface ppp-client remove [find name=MyVPN]
Last step is to import back configuration from file.
interface ppp-client import file=vpn
MiViLiSNet 
Thank you very much. Helped me a lot.
LikeLike
Glad to hear that!
LikeLike
These are posts like this that lead the Internet forward.
LikeLike
Thanks!
LikeLike
[…] knew that I could repair the client-side VPN on this way. However, as I made major changes on the main router, I decided to leave now the branch office […]
LikeLiked by 1 person