Community discussions

MikroTik App
 
mmmenko
just joined
Topic Author
Posts: 4
Joined: Mon Dec 20, 2021 2:06 pm

Endless authorization errors in the logs of monitored routers on other subnets

Mon Dec 20, 2021 2:46 pm

Hello everyone from Russia!

There was no solution on the Russian forums. I hope for the experience of my English-speaking colleagues.

I have a network of mikrotiks connected by a VPN. 192.168.70.1 - IPsec VPN server configured on router 0.1. In the first subnet, along with the 192.168.1.1 router, there is hAP ac2 configured as a bridge CAP and receiving ip 192.168.1.2.
TheDude server version 6.49.1 is configured on the 192.168.1.2 router. TheDude works great: all devices on the local network are added to the map and monitored by snmp.
But in all routers on other subnets, entries constantly appear in the logs: "login failure for user admin from 192.168.70.1 via winbox". There are no authorization errors on mikrotik 192.168.1.1.
In this case, on all routers in the device settings window, the "Status: up", "RouterOS Status: ok". If I press "Reconnect", there will be a successful authorization in the logs, and after a while - again logs with the same error. If I disable TheDude, no new entries appear.
The problem is not in the firewall because it is allowed to connect to each device via winbox from the local network 192.168.0.0/16. I repeat: everything is fine in the local router 192.168.1.1, but errors in the routers of other subnets.

Hope for help. Thanks.
 
brucepi
just joined
Posts: 8
Joined: Tue Jul 21, 2020 2:34 pm
Location: Zürich, Switzerland

Re: Endless authorization errors in the logs of monitored routers on other subnets

Mon Dec 20, 2021 7:35 pm

Hi mmmenko

do you have other mikrotik devices behind those monitored routers? If yes, you could use those as agents to monitor the router and check, if the log entries disappear.
From my experiences the Router used for IPsec sometimes use the wrong source IP for sending packets through the tunnel. Those packets don't reach the end and might cause the log entries - you might want to use the "packet sniffer" in the tools section, to check the traffic.
 
mmmenko
just joined
Topic Author
Posts: 4
Joined: Mon Dec 20, 2021 2:06 pm

Re: Endless authorization errors in the logs of monitored routers on other subnets

Wed Dec 29, 2021 1:09 pm

Thank you for your responsiveness. For a long time I could not take up the task. Checked the version with non-arriving IPsec packets. The sniffer showed that the packets were successfully reaching the outside routers. Not quite sure how to use external routers as TheDude agents.
 
mmmenko
just joined
Topic Author
Posts: 4
Joined: Mon Dec 20, 2021 2:06 pm

Re: Endless authorization errors in the logs of monitored routers on other subnets

Wed Dec 29, 2021 2:46 pm

Guys! I found! Go to TheDude client> settings (upper left corner)> Syslog> uncheck "Enable". After these changes, the errors stopped appearing. By default, this feature is enabled. If I understand correctly, it is responsible for collecting system logs and works through the default port (514), which is not open for everyone.

Happy New Year, everyone! Special thanks to brucepi. 8)
 
mmmenko
just joined
Topic Author
Posts: 4
Joined: Mon Dec 20, 2021 2:06 pm

Re: Endless authorization errors in the logs of monitored routers on other subnets  [SOLVED]

Tue Jan 11, 2022 8:53 am

Well ... After the automatic backup of TheDude by the script, the server rebooted and the errors resumed. The solution was to increase the connection interval in the server settings: Settings> RouterOS> Connection Interval 24:00:00. Previously, the parameter was set to 00:01:00

Who is online

Users browsing this forum: No registered users and 5 guests