Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RoadWarrior OpenVPN over UDP failing

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 3.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      linuxamp
      last edited by

      I setup OpenVPN on the pfsense box and installed the openvpn-gui on my remote windows machine.  Everthing works fine over TCP but when I change to udp the connection often hangs.  I don't actually loose the connection but all traffic seems to just freeze.  For instance a putty connection through the VPN will show partial output such as half of the files when running an ls then just hang.  No disconnect message but no response either.

      Both sides are on high quality high speed connections.  It should also be noted that I'm using traffic shaping and snort.

      1 Reply Last reply Reply Quote 0
      • R
        razor2000
        last edited by

        You wouldn't happen to have a dual-wan connection on this pfsense box would you?  I am asking because I want to be sure that you aren't trying to connect to the OpenVPN server using your pfsense's OPT ip address.  The reason being that I cannot connect to my pfsense's OpenVPN server using UDP when using the OPT ip address.  When I change it to TCP, it works just fine.  However, on my main WAN link, I can connect using either TCP or UDP.

        1 Reply Last reply Reply Quote 0
        • L
          linuxamp
          last edited by

          Same happening to me as well.  TCP works great but UDP will gradually fail over a minute or so.  For instance if I pull up a remote web page, the first page will load quickly but might be missing a few elements.  The next page will load slower and miss more elements.  The third and later page requests will simply timeout.

          From what I've been reading, tunneling TCP over TCP is bad because each TCP layer is performing it's own error correction and this will lead to excessive re-transmission but in this case it's TCP within UDP that's failing.

          1 Reply Last reply Reply Quote 0
          • L
            leimrod
            last edited by

            In your OpenVPN config (i.e. OpenVPN\config\client.ovpn) on the client machine what do you have set up as "proto"?

            If it is set to "proto tcp-client" it needs to be changed to "proto udp"

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.