By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS Marketplace

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Mikrotik CHR sever connection lost

I have created a server using the Mikrotik created AMI for their CHR software. I keep losing connection to the server entirely; no Winbox, no SSH, no console connect from the Instances page. I keep having to spin up a new server and rebuild my work. No other AWS server (mostly Ubuntu AMI's) on our account has had this issue. I am assuming there is something about the CHR AMI that I am missing which is causing this issue. I am attempting to set up a VPN using OpenVPN to connect the field devices my employer creates. A previous VPN project was run last year and that server was up for nearly the full year and we could still connect to it, until I removed the PPTP setup and replaced it with the Mikrotik built-in OpenVPN server. Here is the config export for the CHR. ``` # mar/31/2022 17:55:47 by RouterOS 6.44.3 # software id = # # # /interface bridge add arp=local-proxy-arp fast-forward=no name=afads priority=0x8192 \ transmit-hold-count=1 /interface ethernet set [ find default-name=ether1 ] disable-running-check=no /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=afadpool ranges=10.8.0.1-10.8.127.255 /ppp profile set *0 bridge=afads change-tcp-mss=default local-address=10.8.0.1 only-one=\ yes use-encryption=yes add bridge=afads local-address=10.8.0.1 name=SmartFlaggerL3 only-one=yes \ remote-address=afadpool use-encryption=yes /interface bridge port add bridge=afads hw=no interface=ether1 add bridge=afads interface=*F005C9 add bridge=afads interface=*F004E9 add bridge=afads interface=dynamic /interface ovpn-server server set auth=sha1 certificate=[ServerCertName] cipher=aes256 default-profile=\ SmartFlaggerL3 enabled=yes keepalive-timeout=30 netmask=17 /ip firewall address-list add address=10.8.40.1 list=undeployed [Removed approx 4000 lines, similar to the one above] /ip firewall filter add action=accept chain=forward comment=\ "Allows units in the Test group to communicate." dst-address-list=test \ src-address-list=test add action=accept chain=forward comment=\ "Allows all traffic from Internal Trusted Servers to units." \ dst-address-list=!InternalTrustedServers src-address=0.0.0.0 \ src-address-list=InternalTrustedServers add action=accept chain=forward comment=\ "Allows all traffic from units to Internal Trusted Servers." \ dst-address-list=InternalTrustedServers add action=accept chain=forward comment="Test of unit to unit communication" \ disabled=yes dst-address-list=test src-address-list=test add action=accept chain=forward comment=\ "Accept Forward for Established and Related Connections" \ connection-state=established,related,untracked add action=accept chain=forward comment="Allow Forwarding by OVPN Clients" \ src-address=192.168.22.128/25 add action=accept chain=input comment=\ "Accept Input for Established and Related Connections" connection-state=\ established,related,untracked add action=accept chain=input comment="Allow OpenVPN Connection" dst-port=\ 1194 protocol=tcp add action=accept chain=input comment="Allow Input by OVPN Clients" \ in-interface=all-ppp add action=accept chain=input comment="Allow Winbox Input" dst-port=8291 \ protocol=tcp add action=accept chain=input comment="Allow HTTPS Input" dst-port=443 \ protocol=tcp add action=drop chain=input comment="Input drop for all other connection" \ disabled=yes add action=drop chain=forward comment="Forward drop for all other connection" \ disabled=yes add action=drop chain=forward comment="Invalid drop for all other connection" \ connection-state=invalid disabled=yes add action=drop chain=forward comment="PREVENT ALL TALK BETWEEN UNITS." \ disabled=yes src-address=!10.8.0.5 /ip firewall nat add action=masquerade chain=srcnat out-interface=all-ppp /ip service set telnet disabled=yes set ftp disabled=yes set www disabled=yes set api-ssl disabled=yes /ppp secret add name=AFD0001 password=[Redacted] profile=SmartFlaggerL3 remote-address=\ 10.8.80.1 service=ovpn [Removed nearly 4000 lines, similar to the one above] /system identity set namep[AWS instance auto-generated name] /system logging add topics=ovpn add topics=debug ```
0
answers
0
votes
19
views
asked 6 months ago