Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TLS Error: Unroutable control packet received from [AF_INET] with UDP and Mikrotik

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 529 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peterzy
      last edited by

      Hello,

      I have upgraded Pfsense from 2.6.0, to Pfsense 2.7.2
      The new OpenVPN version is 2.6.8
      I am having a bizarre issue - getting in the logs .

      TLS Error: Unroutable control packet received from [AF_INET]

      Cliens connect but stay as UNDEF. The issues happens when the following are true:

      • Proto is UDP
      • I have killed restarted the daemon(client does not know)
      • Clients are RouterOS 7.X(7.14,7.15,7.16), although with OpenWRT I saw it for a few seconds and it fixed itself.

      Playing around with ping interval and ping timeout solves it to some extent, but I am afraid to test in large scale as it might break connection for some remote branches. I believe people here talk about the same thing:

      https://forum.mikrotik.com/viewtopic.php?t=197500

      With these ping settings (not tested on large scale):

      Inactive: 0
      Ping method: keepalive
      Interval: 5
      Timeout: 10
      Exit Notify : Reconnect to this server

      I manage to reconnect the branches in 2-3 minutes. With other settings I was going in endless reconnect loop.

      My whole feeling is that Mikrotik does not understand that old connection is gone – it stay “connected”, while connection is gone.

      Switching from UDP to TCP makes the whole issue go away – reconnect is done in a second.

      Please give me some hints:

      A) Maybe issue was there before, just new Pfsense is more verbose ?
      B) Endless loop came from upgrade. It will not happen again ?
      C) I should simply switch TCP
      I should play with timeouts. They were problematic before, but in Pfsense 2.6 setting “Inactive: 0” worked well
      D) Any other ideas and hints 😊
      Thank you 😊

      N 1 Reply Last reply Reply Quote 0
      • N
        nmenoni @peterzy
        last edited by

        @peterzy I have same issue, did you find a solution?
        Where and how did you configure those ping settings?

        Thank you!

        P 1 Reply Last reply Reply Quote 0
        • P
          peterzy @nmenoni
          last edited by

          @nmenoni The only truly working solution is switch to TCP. Nothing really worked well on UDP. I am running it on TCP for 5 months, it is very stable, but needs to be TCP. :-)

          N 1 Reply Last reply Reply Quote 0
          • N
            nmenoni @peterzy
            last edited by

            @peterzy thank you for your reply.

            In my case all the Mikrotik client devices are in the rural area, so maybe I can make the current VPN to work using UDP (this is the current config) and once I get access to the device I can change the config to TCP. If the device could get connected for a couple of hours for me that's enough.
            In this regards, could you please share the details about changing the PING settings so maybe I can get them connected temporaly.

            Thank you!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.