Mikrotik CHR sever connection lost

0

I have created a server using the Mikrotik created AMI for their CHR software. I keep losing connection to the server entirely; no Winbox, no SSH, no console connect from the Instances page. I keep having to spin up a new server and rebuild my work. No other AWS server (mostly Ubuntu AMI's) on our account has had this issue. I am assuming there is something about the CHR AMI that I am missing which is causing this issue.

I am attempting to set up a VPN using OpenVPN to connect the field devices my employer creates. A previous VPN project was run last year and that server was up for nearly the full year and we could still connect to it, until I removed the PPTP setup and replaced it with the Mikrotik built-in OpenVPN server.

Here is the config export for the CHR.

# mar/31/2022 17:55:47 by RouterOS 6.44.3
# software id = 
#
#
#
/interface bridge
add arp=local-proxy-arp fast-forward=no name=afads priority=0x8192 \
    transmit-hold-count=1
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=afadpool ranges=10.8.0.1-10.8.127.255
/ppp profile
set *0 bridge=afads change-tcp-mss=default local-address=10.8.0.1 only-one=\
    yes use-encryption=yes
add bridge=afads local-address=10.8.0.1 name=SmartFlaggerL3 only-one=yes \
    remote-address=afadpool use-encryption=yes
/interface bridge port
add bridge=afads hw=no interface=ether1
add bridge=afads interface=*F005C9
add bridge=afads interface=*F004E9
add bridge=afads interface=dynamic
/interface ovpn-server server
set auth=sha1 certificate=[ServerCertName] cipher=aes256 default-profile=\
    SmartFlaggerL3 enabled=yes keepalive-timeout=30 netmask=17
/ip firewall address-list
add address=10.8.40.1 list=undeployed
[Removed approx 4000 lines, similar to the one above]
/ip firewall filter
add action=accept chain=forward comment=\
    "Allows units in the Test group to communicate." dst-address-list=test \
    src-address-list=test
add action=accept chain=forward comment=\
    "Allows all traffic from Internal Trusted Servers to units." \
    dst-address-list=!InternalTrustedServers src-address=0.0.0.0 \
    src-address-list=InternalTrustedServers
add action=accept chain=forward comment=\
    "Allows all traffic from units to Internal Trusted Servers." \
    dst-address-list=InternalTrustedServers
add action=accept chain=forward comment="Test of unit to unit communication" \
    disabled=yes dst-address-list=test src-address-list=test
add action=accept chain=forward comment=\
    "Accept Forward for Established and Related Connections" \
    connection-state=established,related,untracked
add action=accept chain=forward comment="Allow Forwarding by OVPN Clients" \
    src-address=192.168.22.128/25
add action=accept chain=input comment=\
    "Accept Input for Established and Related Connections" connection-state=\
    established,related,untracked
add action=accept chain=input comment="Allow OpenVPN Connection" dst-port=\
    1194 protocol=tcp
add action=accept chain=input comment="Allow Input by OVPN Clients" \
    in-interface=all-ppp
add action=accept chain=input comment="Allow Winbox Input" dst-port=8291 \
    protocol=tcp
add action=accept chain=input comment="Allow HTTPS Input" dst-port=443 \
    protocol=tcp
add action=drop chain=input comment="Input drop for all other connection" \
    disabled=yes
add action=drop chain=forward comment="Forward drop for all other connection" \
    disabled=yes
add action=drop chain=forward comment="Invalid drop for all other connection" \
    connection-state=invalid disabled=yes
add action=drop chain=forward comment="PREVENT ALL TALK BETWEEN UNITS." \
    disabled=yes src-address=!10.8.0.5
/ip firewall nat
add action=masquerade chain=srcnat out-interface=all-ppp
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api-ssl disabled=yes
/ppp secret
add name=AFD0001 password=[Redacted] profile=SmartFlaggerL3 remote-address=\
    10.8.80.1 service=ovpn
[Removed nearly 4000 lines, similar to the one above] 
/system identity
set namep[AWS instance auto-generated name]
/system logging
add topics=ovpn
add topics=debug
Watts
asked 8 months ago20 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions