mikrotik pptp VPN

[lexyus]

dear ahenning,

thank you very much for your reply. My sites are in two different locations and both connected using mikrotik pptp VPN.

i'm attach how i'm setup wanos in both of my sites, please check if it's already correct.

i'm also attach my reports, the optimization were 1x factor and Kb saved were nearly 1KB

thanks for your reply

[ahenning]

Hi lexyus,

I moved the post to the troubleshooting section.

Ok, based on the stats, optimization is not working yet. You can also check the peer status tab to confirm whether the peers are up/down. From the stats it seems they are 'down'.

• From the info in the screenshots, it looks like traffic is flowing correctly through this end. Also verify that the other end has the exact same stats. Then we know the traffic is flowing in both directions via both appliances.
• Check the logs (Diagnostics > Logs) and see whether there are perhaps any 'Peer detected on lan0' messages. If so, the lan0 and wan0 cables need to be swapped around.
• Check whether the Mikrotik VPN might be stripping the TCP Options 76, which is needed for peer detection. This can be done by setting UDPENCAP=Enable in '/tce/etc/wanos/wanos.conf' en resetting the service from the GUI. Do this on both ends.

[lexyus]

Dear ahenning,

here's my screenshot from log, a lot of "peer detected on lan0" appear.
so i need to swap the interface, right?

[ahenning]

Yes, swap one side, then have a look at the logs and the peer status.

[lexyus]

I already swap interface using Interface stats "Switch Interface Port Roles" function. I swap the one with IP 192.168.7.41.
but it seems the diagnostic -> log & peer status doesn't make any changes. Am i missing something?

[lexyus]

here's I attached log after swap on one side

[ahenning]

It could be the old entries. Please reset the service: configure > reset > reset service. After the reset have a look at the logs and peer status.

Since you have the messages in the logs, you are almost there, its just a case of aligning the lan0 and wan0 interfaces. You can use the mac addresses as well to make sure.

[lexyus]

I have reboot both appliance,

This log comes from 192.168.6.41
Log Options
Display log level:   informational

Peer detected on lan0:  319
Peer detected on lan0:   60
Peer detected on lan0:   60
Peer detected on lan0:   52
Peer detected on lan0:  176
Peer detected on lan0:   56
Peer detected on lan0:   60
Sat Jan 5 02:33:36 UTC 2002  : Info : Reboot Requested
Sat Jan 5 02:37:35 UTC 2002  : Routine : Initializing Startup Scripts
Sat Jan 5 02:37:35 UTC 2002  : Routine : Set Interface Roles
Sat Jan 5 02:37:35 UTC 2002  : Routine : Setting Optional Interface driver flags if supported
Cannot set device rx csum settings: Operation not supported
Cannot set device tx csum settings: Operation not supported
Cannot set device scatter-gather settings: Operation not supported
Cannot set device tcp segmentation offload settings: Operation not supported
Cannot set device rx csum settings: Operation not supported
Cannot set device tx csum settings: Operation not supported
Cannot set device scatter-gather settings: Operation not supported
Cannot set device tcp segmentation offload settings: Operation not supported
Sat Jan 5 02:37:36 UTC 2002  : Routine : Check Configs
Sat Jan 5 02:37:36 UTC 2002  : Routine : Updating Configuration
Sat Jan 5 02:37:37 UTC 2002  : Routine : Initializing Wanos Click
wanos.click:11: While initializing 'wan0 :: FromDevice':
  warning: wan0: no IPv4 address assigned
Sat Jan 5 02:37:38 UTC 2002  : Alert : Minimum Required Memory is 2GB
wanos.click:12: While initializing 'lan0 :: FromDevice':
  warning: lan0: no IPv4 address assigned
DropBroadcasts: dropped a packet


This log comes from 192.168.7.41, which I swapped the interface

Log Options
Display log level:   informational

Peer detected on lan0:   52
Peer detected on lan0:  188
Peer detected on lan0:   60
Peer detected on lan0:   52
Tue Nov 25 15:32:21 UTC 2014  : Info : Reboot Requested
Tue Nov 25 15:32:27 UTC 2014  : Routine : Initializing Startup Scripts
Tue Nov 25 15:32:27 UTC 2014  : Routine : Set Interface Roles
Tue Nov 25 15:32:27 UTC 2014  : Routine : Setting Optional Interface driver flags if supported
Cannot set device rx csum settings: Operation not supported
Cannot set device tx csum settings: Operation not supported
Cannot set device scatter-gather settings: Operation not supported
Cannot set device tcp segmentation offload settings: Operation not supported
Tue Nov 25 15:32:28 UTC 2014  : Routine : Check Configs
Tue Nov 25 15:32:28 UTC 2014  : Routine : Updating Configuration
Tue Nov 25 15:32:28 UTC 2014  : Routine : Initializing Wanos Click
Tue Nov 25 15:32:28 UTC 2014  : Alert : Minimum Required Memory is 2GB
wanos.click:11: While initializing 'wan0 :: FromDevice':
  warning: wan0: no IPv4 address assigned
wanos.click:12: While initializing 'lan0 :: FromDevice':
  warning: lan0: no IPv4 address assigned
DropBroadcasts: dropped a packet


Admin edit: length

[lexyus]

yes, i screen capture both default interface setting, when i run swap function, the mac address did swap

[ahenning]

Looks right. You can check the debug log for 'Peer Alive' messages.

Next generate some traffic across the VPN e.g. copy a file across two or three times. Keep an eye on the peer status, throughput and optimization stats.

Note the Alert that a minimum of 2GB memory is needed. Eventually the devices will run out of memory and throughput will slow down or even stop completely.

What is the VPN link speed?

[lexyus]

Yes sir, I'm just running it from an old stock PC with 1GB memory just to try if it's working. If it does, I will buy a brand new one.

VPN link speed is 4Mb.


and about this solution,
"Check whether the Mikrotik VPN might be stripping the TCP Options 76, which is needed for peer detection. This can be done by setting UDPENCAP=Enable in '/tce/etc/wanos/wanos.conf' en resetting the service from the GUI. Do this on both ends."

would it be better if I do it too?

thanks for reply

[lexyus]

Dear Ahenning,

i tried to copy same file 3 times to remote site, but it seems it all ran with same transfer rate. Would it be runs faster after several copy?

thanks for reply

[ahenning]

Since the peer detect messages are reaching the remote peer, udpencap is likely not necessary, but yes you can give it a try (both ends). It could be that some NATting is the obstacle.

Check the peer status, it must say 'up' for optimization to work. How about those 'Peer Alive' messages in the debug log?

[lexyus]

Dear ahenning,

i have managed to change UDPENCAP options to Enabled on both side and reset service.


peer status still show "Down" on both ends. Where is the "Peer Alive" message in debug log? i can't find it

thanks for reply

[lexyus]

Hi ahenning, I have some condition, perhaps it might give a clue.


yesterday when you told me to swap the interface on one side, i did swap on one side (192.168.7.41)
then the condition is

192.168.6.41 : peer status Down
192.168.7.41 : peer status Down


and today i try to swap the other wanos (192.168.6.41)
and this is what happen :

192.168.6.41 : peer status up
192.168.7.41 : peer status down

Internet browsing has no problem, but then have a problem with email, we can't send & receive emails from outlook.

After i swap back again the 192.168.6.41 ,  the peer status goes again to Down and emails are working.

perhaps you could explain what is happening?

thanks for reply