Hi Guys,
On one Mikrotik router, I have two internet links, and I made a failover, and it works properly.
Because I need same the public IP address, there is an SSTP client on that Mikrotik. And on the other Mikrotik CCR is SSTP Server.
When one internet link breaks, SSTP is realized through another ISP. When the primary link is established, the SSSTP is realized through it.
The problem is that the server doesn't kill the old inactive SSTP connection and during that time there are two SSPT connections on the server.
The killing of the old SSTP connection on the CCR is after about 30 seconds, sometimes more than two minutes, can it be accelerated?
How can I kill an old SSTP connection after some 5 s of inactivity, or when a new SSTP connection with the same user / pass is attempted?
Thanks a lot,
Regards
Nikola
-
-
nikola89381
newbie
- Posts: 28
- Joined:
Re: Faster killing inactive SSTP connection on SSTP Mikrotik server.
Hey,
So first off it might be worth considering a different protocol other than SSTP maybe IPSec as depending on your equipment you can get the benefit of hardware acceleration.That's a side note.
To answer your question you can turn down the keepalive timeout under the sstp server settings. This will help the SSTP server to detect the dead connection quicker https://wiki.mikrotik.com/wiki/Manual:I ... figuration has the details. You could also tune down the keepalive on the client.
Since the tunnels sound like they are between 2 mikrotik devices I am assuming you're routing over them which means you could use a routing protocol and enable bfd. However with all these options you need to be careful.
If you set the timers to be very aggressive and you fill the link then you might start to get instability due to the increased latency of the link being full which would result in the tunnel flapping over and back between the two internet connections.
Just my 2 cents
Cheers
Mark
So first off it might be worth considering a different protocol other than SSTP maybe IPSec as depending on your equipment you can get the benefit of hardware acceleration.That's a side note.
To answer your question you can turn down the keepalive timeout under the sstp server settings. This will help the SSTP server to detect the dead connection quicker https://wiki.mikrotik.com/wiki/Manual:I ... figuration has the details. You could also tune down the keepalive on the client.
Since the tunnels sound like they are between 2 mikrotik devices I am assuming you're routing over them which means you could use a routing protocol and enable bfd. However with all these options you need to be careful.
If you set the timers to be very aggressive and you fill the link then you might start to get instability due to the increased latency of the link being full which would result in the tunnel flapping over and back between the two internet connections.
Just my 2 cents
Cheers
Mark
-
-
nikola89381
newbie
- Posts: 28
- Joined:
Re: Faster killing inactive SSTP connection on SSTP Mikrotik server.
Hi Mark,
Thank you, it works, I reduced it to 15s keepalive timeout, now there are about 15 lost packets on the computer until the backup link works. This is great.
I also use SSTP IP for remote Mikrotik management.
I will test IPSEC, thanks for the suggestion.
I will still test to find the ideal solution.
Thank you very much for your help.
Greetings
Nikola
Thank you, it works, I reduced it to 15s keepalive timeout, now there are about 15 lost packets on the computer until the backup link works. This is great.
I also use SSTP IP for remote Mikrotik management.
I will test IPSEC, thanks for the suggestion.
I will still test to find the ideal solution.
Thank you very much for your help.
Greetings
Nikola