Code: Select all
/interface ovpn-client add name=ovpn-out connect-to=xxx.xxx.xxx.xxx port=1194 mode=ip user="xxxxx" password="xxxxx" profile=default certificate=xxxxx cipher=aes256 add-default-route=yes disabled=no;
Four weeks was not problem with it, today we lost 3 of 5 clients from VPN (probably there was some interrupts of links between buildings). After investigation we found problem in OpenVPN client in Mikrotik. In logs we seen:
Code: Select all
15:39:39 ovpn,info ovpn-out: initializing...
15:39:39 ovpn,info ovpn-out: dialing...
15:39:43 ovpn,info ovpn-out: using encoding - AES-256-CBC/SHA1
15:39:43 ovpn,info ovpn-out: connected
15:39:44 ovpn,error could not add address: already have such address (6)
15:39:44 ovpn,debug ovpn-out: disconnected <could not add address: already have such address (6)>
15:39:44 ovpn,info ovpn-out: terminating... - could not add address: already have such address (6)
15:39:44 ovpn,info ovpn-out: disconnected
Code: Select all
[admin@xxxxxxx] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE MTU L2MTU
.... cuted .....
6 ovpn-out ovpn-out
Code: Select all
[admin@xxxxxxx] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
.... cuted .....
3 I 10.10.10.10/32 10.10.10.1 0.0.0.0 ovpn-out
Code: Select all
[admin@xxxxxxx] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 DS 0.0.0.0/0 10.10.10.1 1
.... cuted .....
Code: Select all
/system script add name=Remove-invalid-IP-from-ovpn-out policy=write,read source={:foreach i in=[/ip address find invalid and interface=ovpn-out] do={/ip address remove $i;};};
/system scheduler add name=Remove-invalid-IP-from-ovpn-out on-event=Remove-invalid-IP-from-ovpn-out policy=write,read interval=1m;
