MikroTik

RouterOS: 6.34.6
Model: CCR1036-12G-4S

I use L2TP Server binding to link a username to an interface so that I can add the interface as part of a VRF and apply routes to it.

Problem:
Normally when the client connects and authenticates, it is attached to the L2TP Server Binding interface successfully and life is good. Sometimes the remote clients router is rebooted and re-connects before the L2TP interface has timed out, and automatically creates a Dynamic interface since there is already an active Server Binding interface. The L2TP profile is set to only allow 1 active client, but I am not sure why Mikrotik is not stopping the dynamic interface from being created and only reconnecting once the original L2TP Service Binding interface times out. This creates an issue where the new dynamic interface is not part of the VRF and therefore the connection may seem up, but there is no routing for it.

So... How does one stop the router from adding a dynamic l2tp interface and only accept the connections using the l2tp server binding interface when it is linked to a client.

Well. I observe the same behaviour time to time also. It is definitely a bug, I thought to implement some dynamic binding removal script, as removing it is enough to get the client reconnected to static binding immediately again. But I have not seen this behaviour with 6.37 so far, so no actions was taken yet.

I started seeing this for the past few months. I'm running 6.42.1. Anyone else has this issue?

I can confirm I see it even with 6.43.x. Again time to time.

Is this issue resolved ?

I don't think it is. Just had it happen on 6.44.5. I was using the Server Binding for routing and my solution was changing the route to use the IP as gateway, and making this IP static through Remote Address of the PPP Secret.

This issue affects me too.

Same here,

Been experiencing this issue on and off for at least 3 years now. We had a device where this hadn't yet occured and was operating on 6.42.1 and after upgrading to the latest bugfix, it now happens on this device also.

There must be some sort of solution for this.

I've got this issue under ROS 6.44.6

Can somebody suggest me more or less recent ROS version without this problem?

OK, so help me out here. 1st time using a L2TP server binding interface. So with this, I can now add a route to a remote location using the interface? How do I bind it to a user? Does the username under the secrets get placed here under username?

Even this still happens, I implemented dynamic connections removing script scheduled once per minute so this silly behavior doesn't bother me anymore.

/interface l2tp-server remove [/interface find dynamic]

The clients reconnect again immediately and get the static bindings correctly.

Can you share a sanitized example of both sides? I still cannot get traffic to flow in one direction.

Even this still happens, I implemented dynamic connections removing script scheduled once per minute so this silly behavior doesn't bother me anymore.

/interface l2tp-server remove [/interface find dynamic]

The clients reconnect again immediately and get the static bindings correctly.

I am also experiencing this issue from time to time on firmware v6.47.2

Quite a simple, elegant solution this script. Implementing it now, thanks.

Your welcome. I forgot this topic otherwise I would provide the workaround earlier. At least I mentioned it here four years ago...

Your welcome. I forgot this topic otherwise I would provide the workaround earlier. At least I mentioned it here four years ago...

Honestly surprised this bug still appears to be an issue this far along. Seems relatively simple to resolve in an update.

Maybe there is another solution too... I can imagine to play with the timeouts or with allowing only single connection to the binding. But the situation is so difficulty reproducible for me that I decided not to waste the time further.

Otherwise you are right. The server should handle it.

It isn't bug

From other topic

Hello,
You have to use "only-one" option under PPP profile if you are using static server bindings. This will prevent simultaneous connections to be created resulting in dynamic bindings. When using "only-one" option, it is suggested to use a small keepalive timeout for the VPN which will reduce the downtime between tunnel re-establishments.
Best regards,
Emils Z.

http://mikrotik-ukraine.blogspot.com/20 ... g.html?m=1