@BFost said in Looking for ideas on troubleshooting an OpenVPN file transfer speed problem.:

is getting 60-70ms latency which seems totally fine to me

You understand with that latency, your 8mbps is right in the ball part for a window size of 64k.. So you really need to look what is going on.

math.jpg

I take it they are downloading, and not uploading - because upload they have a max of 10 per their isp anyway..

Are they on wifi.. We have lots of users report bad vpn performance - they were just on a shit wifi connection. If they plugged in a wire, no issue with their performance.

@Sperber said in Dual OpenVPN-Setting, CARP & Failover (HA, MultiWAN):

(Vorkbaard hat das bereits beschrieben: https://vorkbaard.nl/openvpn-in-a-pfsense-carp-cluster/ )

Die Info ist aber relativ alt und nicht zutreffen. Wir haben da sehr verschiedene und komplexe Services laufen und keiner braucht irgendwelche seltsamen Settings mit "local <extIP>" o.ä. - das sollte heute überhaupt nicht mehr nötig sein. Macht im CARP Setup auch keinen Sinn, da die CARP VIPs alle auf dem Master laufen und man diese so nicht ansprechen kann. Split CARP mit Master/Backup auf dem selben Node ist in der FreeBSD Variante von CARP/pf nicht enthalten, das ist leider nur in OpenBSD enthalten.

Mich interessiert allerdings auch wie @viragomann wie man überhaupt auf der 2. pfSense im CARP die Annahme von OpenVPN erlauben will. Der Traffic kommt ja nicht bei ihr an, weil der via CARP IMMER zur primären läuft, nicht auf den sekundären Node. Und wenn man das forwarden sollte auf Node 2, würde der Node versuchen asymmetrisch zu antworten (oder es läuft alles wieder über Node1), was auch wieder nicht sehr schön ist.

Wie ist das also realisiert, dass die Clients sich auf Node2 connecten und das auch funktioniert, wenn Node2 mal aktiv wird und Node1 passiv weil vlt. gerade gewartet wird o.ä.?

Ansonsten wäre mir schleierhaft wie das im Redundanzfall wirklich sauber funktionieren sollte ohne dass manuell eingegriffen wird?

Cheers
\jens

Start your own thread, it's unlikely to be the same issues others have hit. While symptoms may be similar, there are numerous possible causes that can look the same, and trying to diagnose multiple people's issues in a single thread is not feasible.

@steveits

/facepalm - Again, I am new to this and I see what I needed to do! I installed the patches package and applied all, did the reboot, and bingo! Back in business! Thank you so much!

@brepo

I feel a little sorry for myself, because I spent more than 10 years with pfsense and everything suited me before :)

Solved!
Followed a lot of rabbit holes down until I found these:
https://serverfault.com/questions/1064935/openvpn-server-connexion-ok-but-no-access-to-remote-lan

which lead to:
https://openvpn.net/community-resources/how-to/#expanding-the-scope-of-the-vpn-to-include-additional-machines-on-either-the-client-or-server-subnet

Main take away was that I needed to add

push "route [Local LAN subnet] 255.255.255.0"

to the advanced configuration on the server setup.
Still reading a bit more to understand how this worked, but I'm able to ping my local machine as well as remote into it.

Happy days.

@kamil-0 opcjach serwera OpenVPN odchacz opcję "Inter-client communication". Komunikacja między klientami nie powinna działać. Ale jak wrócę do domu to sprawdzę.

@viragomann it's ok problem solved i can ping Local machine on LAN network after configuring check box redirect gratway

@wingrait said in Network Drive Slow Performance?:

10Mbps = 1.25MB/s with no other overhead.

hahaha - well problem solved ;) Glad you got it figured out.. Bytes vs bits is hard sometimes hahahah <ROFL>

edit: btw thanks for pointing out the actual issue, vs just walking away leaving the thread hanging to keep egg off your face..

The B vs b thing bites everyone in the butt at some point, reminds me of still the constant question about wireless, but the router says it can do 1900mbps on the box - why am I only see 200 ;) hehehe

@moadmin
Hey guys, can i get any suggestion on this, its still happening even with split tunnel config.
When VPN is on and connected, google meet calls are choppy and distorted, when we turn it off the video is smooth and in good quality.
This happened after we updated our pfsense to 2.6.

Yes, it could be. I'll try to replicate and open something if there isn't anything already open.

@coyotekg The client certs use the CA as the issuer just like the server certs do so yes, you would need to change them.

@marcelobeckmann O problema foi resolvido quando liberei as portas 1194 na LAN e no OPENVPN, nas regras do firewall dos dois PFsenses. Após isso, as VPN começaram a fechar a conexão e consigo pingar entre os servidores. Muito obrigado pela ajuda.