Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN slow to connect after upgrade to 24.0.3.1

    OpenVPN
    2
    5
    237
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PhlMike
      last edited by PhlMike

      Netgate 6100 at 23.09 worked fine. Upgraded to 24.03.1 and ever since OpenVPN is slow to connect.

      I created a test user and connected and from the logs it sat for a whole minute. Multiple computers, locations, internets. I used both the version from OpenVPN Client Export (2.6.7) and the latest from the website (2.6.11). Computers are modern and high powered. Windows 11 Pro, 12th and 13th gen Intel I7 and I5. Clients have 16GB+ of ram. My workstation has 64GB of ram.

      2024-06-27 10:15:15 [XXXXXX-VPN] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
2024-06-27 10:16:10 open_tun

      Jun 27 10:16:10 	openvpn 	99910 	Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Jun 27 10:16:10 	openvpn 	99910 	MULTI: primary virtual IP for test/XXX.XXX.XXX.XXX:16527: 10.59.8.6
Jun 27 10:16:10 	openvpn 	99910 	MULTI: Learn: 10.59.8.6 -> test/XXX.XXX.XXX.XXX:16527
Jun 27 10:15:17 	openvpn 	34240 	openvpn server 'ovpns1' user 'test' address 'XXX.XXX.XXX.XXX:16527' - connected
Jun 27 10:15:17 	openvpn 	99910 	OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_7e8a6f49a15a988135bfdca905f082e4.tmp

      I don’t know what it is doing in that intervening minute. Worked fine on 23.09.

      
<openvpn>
	<openvpn-server>
		<vpnid>1</vpnid>
		<dco>disabled</dco>
		<mode>server_tls_user</mode>
		<authmode>Local Database</authmode>
		<protocol>UDP4</protocol>
		<dev_mode>tun</dev_mode>
		<interface>wan</interface>
		<ipaddr></ipaddr>
		<local_port>1194</local_port>
		<description><![CDATA[XXXXXX-OVPN]]></description>
		<custom_options>push &quot;route 10.90.27.0 255.255.255.0&quot;;push &quot;route 10.59.20.0 255.255.255.0&quot;;push &quot;route 10.150.0.0 255.255.0.0&quot;</custom_options>
		<tls>looks sensitive, it was 876 characters long</tls>
		<tls_type>auth</tls_type>
		<tlsauth_keydir>default</tlsauth_keydir>
		<caref>13 chars of stuff</caref>
		<crlref></crlref>
		<ocspurl></ocspurl>
		<certref>13 chars of stuff</certref>
		<dh_length>2048</dh_length>
		<ecdh_curve>none</ecdh_curve>
		<cert_depth>1</cert_depth>
		<strictusercn></strictusercn>
		<digest>SHA256</digest>
		<tunnel_network>10.59.8.0/24</tunnel_network>
		<tunnel_networkv6></tunnel_networkv6>
		<remote_network></remote_network>
		<remote_networkv6></remote_networkv6>
		<gwredir></gwredir>
		<gwredir6></gwredir6>
		<local_network>10.59.0.0/20</local_network>
		<local_networkv6></local_networkv6>
		<maxclients>12</maxclients>
		<connlimit></connlimit>
		<allow_compression>no</allow_compression>
		<compression></compression>
		<compression_push></compression_push>
		<passtos></passtos>
		<client2client></client2client>
		<dynamic_ip>yes</dynamic_ip>
		<topology>subnet</topology>
		<serverbridge_dhcp></serverbridge_dhcp>
		<serverbridge_interface>none</serverbridge_interface>
		<serverbridge_routegateway></serverbridge_routegateway>
		<serverbridge_dhcp_start></serverbridge_dhcp_start>
		<serverbridge_dhcp_end></serverbridge_dhcp_end>
		<dns_domain>XXXXXX.lan</dns_domain>
		<dns_server1>10.59.2.2</dns_server1>
		<dns_server2>10.90.27.2</dns_server2>
		<dns_server3></dns_server3>
		<dns_server4></dns_server4>
		<username_as_common_name><![CDATA[enabled]]></username_as_common_name>
		<udp_fast_io>yes</udp_fast_io>
		<exit_notify>2</exit_notify>
		<sndrcvbuf>1048576</sndrcvbuf>
		<ntp_server1>10.59.2.2</ntp_server1>
		<ntp_server2>10.90.27.2</ntp_server2>
		<netbios_enable></netbios_enable>
		<create_gw>both</create_gw>
		<verbosity_level>4</verbosity_level>
		<data_ciphers>AES-256-GCM,AES-128-GCM,CHACHA20-POLY1305</data_ciphers>
		<data_ciphers_fallback>AES-256-CBC</data_ciphers_fallback>
		<ping_method>keepalive</ping_method>
		<keepalive_interval>25</keepalive_interval>
		<keepalive_timeout>90</keepalive_timeout>
		<ping_seconds>10</ping_seconds>
		<ping_push></ping_push>
		<ping_action>ping_restart</ping_action>
		<ping_action_seconds>60</ping_action_seconds>
		<ping_action_push></ping_action_push>
		<inactive_seconds>3600</inactive_seconds>
	</openvpn-server>
</openvpn>
      1 Reply Last reply Reply Quote 0
      • P
        PhlMike
        last edited by

        Anyone? This is annoying users.

        1 Reply Last reply Reply Quote 0
        • P
          PhlMike
          last edited by

          I really need some help here. I plan on replacing the 6100 on Friday to see if that fixes it, but I would like someone to weigh in.

          P 1 Reply Last reply Reply Quote 0
          • P
            PhlMike @PhlMike
            last edited by

            I do see this when someone authenticates:

            [error]	Unable to contact daemon	Service not running?	0	0 B	0 B

            But then they connect, so it seems to crash openvpn when someone connects. Is that a specific setting that is wrong or something? Or is that bad hardware?

            1 Reply Last reply Reply Quote 0
            • JonathanLeeJ
              JonathanLee
              last edited by

              Hard set your MTU on the interface you dial into your VPN on and also set MSS
              Example:
              Screenshot 2024-07-17 at 14.24.58.png

              Hard setting this helped my speed drastically as it will fragment on some ISPs

              Make sure to upvote

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.