OpenVPN Client & Server Issues

Iceman

@Derelict I'm thinking that I should maybe create an interface for the OpenVPN Server, then create a outbound NAT rule for that OpenVPN Server, and then create LAN rules based on that interface allowing my LAN net to pass traffic to that OpenVPN Server interface. I understand that the OpenVPN interface rules under it's own tab are processed first and as a group for all VPN's which might be causing the issues considering I have a separate interface configured for the OpenVPN Client "PIA_VPN". Your thoughts?

Derelict

Well you obviously screwed something up because what you are describing simply does not happen under normal circumstances.

About all that happens when you start an OpenVPN server is routes are inserted into the routing table for the tunnel network and any Remote Networks configured in that server. And it listens for inbound connections. Nothing else. OpenVPN client and OpenVPN server instances will be completely separate processes.

If you somehow managed to have conflicting routes or something it might affect traffic. Maybe you happened to choose a tunnel network that the OpenVPN provider also chose to use somewhere.

Iceman

@Derelict I though so too, but I changed the remote network from a Class A to a Class B, and that didn't make a difference. Upon watching the hangout video produced by Jim Pingle "OpenVPN as a WAN on pfSense", he had answered a question from one of the chat members stating that you typically would not want 1 outbound NAT firewall rule that uses the "OpenVPN" interface when using multiple VPN's.

Derelict

Class A to Class B, what does that mean? Why would anyone anywhere be using /8 or /16 networks in an OpenVPN? If you are doing that you are both wrong and almost certainly conflicting with a network your OpenVPN provider is using internally.

They either conflict or they don't. Look at the routing table. Look at the logs.

Iceman

@Derelict In other words I went from using 10.8.0.0/24 to using 172.16.10.0/24 for my OpenVPN Server. And I will look at the logs to determine if there is confict. I don't think there is though.

Derelict

Those are /24 networks, not "Class A" or "Class B" networks. If anything, they are "Class C" networks but nobody (nobody) uses classful terminology any more. Like ever.

Derelict

That server will do two things:

Insert a route for 172.16.10.0/24 into the routing table so the firewall knows to send traffic to those addresses into that OpenVPN process.

Push a route for 192.168.1.0/24 to any clients that connect so they know to send that traffic over the OpenVPN tunnel.

None of that has anything to do with any OpenVPN client connection you have set up.

Are you going to send that status output file?

Iceman

@Derelict I know that has nothing to do with OpenVPN client connections. The problem seems to affect my WAN too. I run my whole LAN net through PIA_VPN but have rules in place to allow a few devices to bypass that PIA_VPN. They are also affected when the OpenVPN Client and OpenVPN Server are running simultaneously. I can send a status output file, but you'll need to be specific with me exactly which status file you are talking about and before sending it I would need to edit it if need be as to not expose any private info.

Iceman

@Derelict said in OpenVPN Client & Server Issues:

Those are /24 networks, not "Class A" or "Class B" networks. If anything, they are "Class C" networks but nobody (nobody) uses classful terminology any more. Like ever.

They are Non-standard

Derelict

Nobody uses those any more. It is all Classless (CIDR) RFC1918.

chpalmer

Except a few older websites that refuse to update things..

Iceman

@Derelict said in OpenVPN Client & Server Issues:

Nobody uses those any more. It is all Classless (CIDR) RFC1918.

I was only using this to generalize with you that there shouldn't be any conflicts between the tunnel networks.

Derelict

Well there is obviously something wrong with what you have done or it would be working.

Pretty much at a loss to say what that is based on what we have been shown.

I sent a private asking for a complete status output that I have yet to receive. So absent that I'm not sure what to tell you.

chpalmer

@Iceman said in OpenVPN Client & Server Issues:

When I have both enabled, all the traffic that that goes through the OpenVPN Client suffers a dramatic decrease in bandwidth.

pfsense hardware??

Iceman

@Derelict I stepped away from the office for a moment to grab a bite to eat...I will replicate and send the log file when I get back.

Iceman

@chpalmer said in OpenVPN Client & Server Issues:

@Iceman said in OpenVPN Client & Server Issues:

When I have both enabled, all the traffic that that goes through the OpenVPN Client suffers a dramatic decrease in bandwidth.

pfsense hardware??

Protectli FW6B

Iceman

@Derelict I was able to resolve this issue by deleting the OpenVPN Server that was created by the wizard and creating a new VPN Server and assigning it to an interface. Once that was completed, I then created rules for that interface by adding the rules on it's tab and a rule on the WAN1 tab. Then I created a NAT outbound rule for that interface and everything is working correctly now.