Community discussions

MikroTik App
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Unstable L2TP

Mon Mar 06, 2023 4:56 pm

I configured a L2TP VPN with ipsec. I can connect and it works fine. But after a while I get disconnected from my remote desktop session, I'm still connected to the VPN according to Windows VPN client. I have to disconnect the VPN, connect again and connect back to remote desktop. I need this to work better because I will use this for work when I am on the move. Here is my log from the relevant place

the packet is retransmitted by <public ip of client>[10378].
the packet is retransmitted by <public ip of client>[10378].
purging ISAKMP-SA <public ip of router>[4500]<=><public ip of client>[10403] spi=<removed>.
ISAKMP-SA deleted <public ip of router>[4500]-<public ip of client>[10403] spi:<removed> rekey:1
respond new phase 1 (Identity Protection): <public ip of router>[4500]<=><public ip of client>[10378]
ISAKMP-SA established <public ip of router>[4500]-<public ip of client>[10378] spi:<removed>

Let me know if you need any export from my config
Thanks
 
johnson73
Member Candidate
Member Candidate
Posts: 221
Joined: Wed Feb 05, 2020 10:07 am

Re: Unstable L2TP

Mon Mar 06, 2023 7:15 pm

Are internet matches stable? Is the L2tp configuration on your mikrotik router something like this?
download/file.php?id=48815
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Re: Unstable L2TP

Tue Mar 07, 2023 1:25 pm

Are internet matches stable? Is the L2tp configuration on your mikrotik router something like this?
download/file.php?id=48815
I was on a cell phone connection. Though a stable one. This worked just fine with my old PPTP VPN configured on my windows machine. It even worked fine when the cell phone connection was less stable when I was working from my country house for example. This is pretty important for me because I work on the move from cell phone connections all the time.

I followed this guide so my setup is pretty much on par with this one

https://www.cloudbrigade.com/mikrotik-l2tp-vpn-setup/

Only change I did in firewall was to require ipsec policy for port 1701

edit: I have been working now for a while from a landline without problem so its seems its sensetive to packet loss. How can i make it less sensitive to packet loss?
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Re: Unstable L2TP

Tue Mar 07, 2023 4:03 pm

I have been working for about 3 hours now from a landline and without any connection issues.
I reseted my traffic counter at that point I had a few drops recorded from previous run with a cell phone. After 3 hours no recorded packet drops

Image

I'm pretty sure the VPN responds badly to packet drops. So I guess my question in how I can make it more resilient to a few packet drops. Thanks
 
holvoetn
Forum Guru
Forum Guru
Posts: 6310
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable L2TP

Tue Mar 07, 2023 4:38 pm

Change VPN ?
Wireguard comes to mind, have used it quite a bit using cell-connections without major problems (wireguard on cell phone and/or using SXT LTE as modem).
Even when being in a car driving on the highway, hopping from base station to base station.
It handles reconnects pretty well.
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Re: Unstable L2TP

Tue Mar 07, 2023 5:09 pm

Change VPN ?
Wireguard comes to mind, have used it quite a bit using cell-connections without major problems (wireguard on cell phone and/or using SXT LTE as modem).
Even when being in a car driving on the highway, hopping from base station to base station.
It handles reconnects pretty well.
Are you saying the VPN server in the router isnt good enough? Hard to think it would be worse than just Windows PPTP VPN Server that used to work just fine.
My old combo was Windows PPTP VPN Server and windows built in VPN client. Work flawless unless there was very long downtime like going into a tunnel on a train for example. But now I get disconnected when I have perfect 4G reception.
 
holvoetn
Forum Guru
Forum Guru
Posts: 6310
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable L2TP

Tue Mar 07, 2023 5:16 pm

No, that's your conclusion. I am not saying that at all.
Just that some VPN protocols are more sensitive to connection drops then others.

E.g. when I make connection using Azure Remote Desktop to a virtual server over cell or Wifi I get kicked out at least once or twice a day.
Usually it will recover within the following seconds but it is an annoyance when it happens.
Never happens when using a fixed line. No drops. Nada.

PS As an added plus: wireguard is also less heavy then L2TP so it will go faster or if you want to look at it from another angle, less load on the line so less chances of getting packet drops :D
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Re: Unstable L2TP

Tue Mar 07, 2023 5:24 pm

No, that's your conclusion. I am not saying that at all.
Just that some VPN protocols are more sensitive to connection drops then others.

E.g. when I make connection using Azure Remote Desktop to a virtual server over cell or Wifi I get kicked out at least once or twice a day.
Usually it will recover within the following seconds but it is an annoyance when it happens.
Never happens when using a fixed line. No drops. Nada.

PS As an added plus: wireguard is also less heavy then L2TP so it will go faster or if you want to look at it from another angle, less load on the line so less chances of getting packet drops :D
Than I might as well drop back to my old windows VPN server solution. Are you saying L2TP is not able to handle a few dropped packages?
 
mdadigital
newbie
Topic Author
Posts: 34
Joined: Tue Feb 21, 2023 7:48 pm

Re: Unstable L2TP

Tue Mar 07, 2023 6:02 pm

Ah, its built into the router. I missed that, only looked at L2TP and OpenVPN. Will have a go.
edit: Aha, doesnt work with the built in windows client. Thats a pain.

There must be a way to configure l2TP to be more stable on cell connections?
 
holvoetn
Forum Guru
Forum Guru
Posts: 6310
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable L2TP

Tue Mar 07, 2023 6:07 pm

That's what YOU said ...
I'm pretty sure the VPN responds badly to packet drops. So I guess my question in how I can make it more resilient to a few packet drops. Thanks
 
holvoetn
Forum Guru
Forum Guru
Posts: 6310
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Unstable L2TP

Tue Mar 07, 2023 6:08 pm

Ah, its built into the router. I missed that, only looked at L2TP and OpenVPN. Will have a go.
edit: Aha, doesnt work with the built in windows client. Thats a pain.
What doesn't work with build in client ? Wireguard ?
It is a separate service you need to install. Same concept as OpenVPN, there you also need a separate service to be installed.

Who is online

Users browsing this forum: akakua and 22 guests