Lan access to OpenVPN
-
jg3 is using TCP - He should get decent mileage ;)
TCP: It's the 4-wheel-drive of network protocols. It's for knowing you can get there and get back out, and screw the gas mileage. ;D
-
UDP is just plain better 90% of the time for VPN, especially at a distance where things get really really laggy on TCP.
I use TCP only when I must when some overly controlling net-nanny blocks everything except TCP 80.
As long as I have 2 cores, I don't mind running two instances of VPN server on pfsense. -
Well switching to TCP did the job and everything works perfectly now. I don't really care about a bit "laggy" might that happen in the future somewhere. I mostly use the devices to receive email and then security overrules a bit lag.
Thanks again :)
-
I'm glad that helps. Its definitely a NAT mirror issue.
If you ever do find yourself needing that to work well far from home, set up UDP also on a separate port.
Good to see a plan come together anyway ;) -
I'm glad that helps. Its definitely a NAT mirror issue.
If you ever do find yourself needing that to work well far from home, set up UDP also on a separate port.
Good to see a plan come together anyway ;)Is this a problem with my ISP, with my router, pfsense firewall settings or openvpn config itself?
-
Well - Its no longer a problem since you switched to TCP right?
But the NAT mirroring issue on UDP is a pfsense thing.
I have no need for VPNing into my network from inside my network, but if I had that strange desire, I'd use TCP inside the LAN and UDP outside the LAN.
-
Well - Its no longer a problem since you switched to TCP right?
But the NAT mirroring issue on UDP is a pfsense thing.
I have no need for VPNing into my network from inside my network, but if I had that strange desire, I'd use TCP inside the LAN and UDP outside the LAN.
Well if UDP is better and there is a solution to solve this issues while keeping UDP I would like to solve it.
-
Do you need to use the VPN from inside your own network or are you just doing this to test it?
-
Do you need to use the VPN from inside your own network or are you just doing this to test it?
The goal is/was to be able to have my devices always connected to OpenVPN so I can't forget to activate it once I arrive somewhere. (and it's just easier to not have to activate openvpn 5 times a day)
-
Leave it on TCP unless you travel far far away - hundreds of miles or more.
After that, switch over to UDP.
Pretty much all devices will allow multiple configurations and are easily selectable via GUI in the clients.
So, just run 2 instances of openvpn on your server.
This is good idea for anyone really - Just to guarantee access with multiple accessible ports/protocols.