• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

TLS Error: Unroutable control packet received from [AF_INET] with UDP and Mikrotik

Scheduled Pinned Locked Moved OpenVPN
4 Posts 2 Posters 558 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    peterzy
    last edited by Jun 16, 2024, 5:51 AM

    Hello,

    I have upgraded Pfsense from 2.6.0, to Pfsense 2.7.2
    The new OpenVPN version is 2.6.8
    I am having a bizarre issue - getting in the logs .

    TLS Error: Unroutable control packet received from [AF_INET]

    Cliens connect but stay as UNDEF. The issues happens when the following are true:

    • Proto is UDP
    • I have killed restarted the daemon(client does not know)
    • Clients are RouterOS 7.X(7.14,7.15,7.16), although with OpenWRT I saw it for a few seconds and it fixed itself.

    Playing around with ping interval and ping timeout solves it to some extent, but I am afraid to test in large scale as it might break connection for some remote branches. I believe people here talk about the same thing:

    https://forum.mikrotik.com/viewtopic.php?t=197500

    With these ping settings (not tested on large scale):

    Inactive: 0
    Ping method: keepalive
    Interval: 5
    Timeout: 10
    Exit Notify : Reconnect to this server

    I manage to reconnect the branches in 2-3 minutes. With other settings I was going in endless reconnect loop.

    My whole feeling is that Mikrotik does not understand that old connection is gone – it stay “connected”, while connection is gone.

    Switching from UDP to TCP makes the whole issue go away – reconnect is done in a second.

    Please give me some hints:

    A) Maybe issue was there before, just new Pfsense is more verbose ?
    B) Endless loop came from upgrade. It will not happen again ?
    C) I should simply switch TCP
    I should play with timeouts. They were problematic before, but in Pfsense 2.6 setting “Inactive: 0” worked well
    D) Any other ideas and hints 😊
    Thank you 😊

    N 1 Reply Last reply Nov 21, 2024, 11:38 PM Reply Quote 0
    • N
      nmenoni @peterzy
      last edited by Nov 21, 2024, 11:38 PM

      @peterzy I have same issue, did you find a solution?
      Where and how did you configure those ping settings?

      Thank you!

      P 1 Reply Last reply Nov 22, 2024, 5:13 AM Reply Quote 0
      • P
        peterzy @nmenoni
        last edited by Nov 22, 2024, 5:13 AM

        @nmenoni The only truly working solution is switch to TCP. Nothing really worked well on UDP. I am running it on TCP for 5 months, it is very stable, but needs to be TCP. :-)

        N 1 Reply Last reply Nov 22, 2024, 12:34 PM Reply Quote 0
        • N
          nmenoni @peterzy
          last edited by Nov 22, 2024, 12:34 PM

          @peterzy thank you for your reply.

          In my case all the Mikrotik client devices are in the rural area, so maybe I can make the current VPN to work using UDP (this is the current config) and once I get access to the device I can change the config to TCP. If the device could get connected for a couple of hours for me that's enough.
          In this regards, could you please share the details about changing the PING settings so maybe I can get them connected temporaly.

          Thank you!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received