OpenVPN Client Slow DNS Resolution



  • So, I've had some issues with regards to pfSense acting as a VPN Client across two installations and hardware.

    The first piece of hardware was an APU2C4, which has now been decommissioned. I am now on a VMware pfSense with the Intel NICs with DirectIO. Powered by an Xeon.

    The issue is when I'm having pfSense act as a VPN client, the DNS resolution seems to be awfully slow and at times time out. The way I have the VPN pass it's address is via NAT. SecureVLAN > OpenVPN Address via the NAT page. I have also tried creating an interface and setting rules to use the VPN gateway etc, same issue.

    However, if pfSense acts as a VPN Server, remote clients are working just fine.

    I am using Unbound in Forwarding mode.

    I have tried various things such as making adjustments to the VPN config, and disabling the AES kernel module to reduce overhead. As OpenVPN and OpenSSL use these by default anyway.

    Here's the current VPN client configuration:

    persist-tun;persist-key;persist-remote-ip;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA;ns-cert-type server;verify-x509-name gb name-prefix;

    Oh, one last thing, I have made sure that I have cleared the states upon making changes to NAT and among other things.

    This also happens across multiple providers, I do however have an MTU of 9000 set on LAN and VLANs, but the WAN remains as 1500.


Log in to reply