OpenVPN Network Dropouts
-
Hello. Im relatively new to pfSense and I hope you can help me.
I am having a persistent issue with the stability of my OpenVPN connection.The Problem
My OpenVPN will randomly lose connectivity to the internet, and the frequency of these dropouts varies significantly.
Some days the connection will drop several times an hour and other times it will only drop once or twice a day.
Typically, the connection will re-establish after a few minutes, but occasionally it wont re-establish its connection and the only way to fix it is to disable and re-enable the OpenVPN client.
In the past I have been able to restore the connection by disconnecting my media server from the network (reconnecting it caused the connection to dropout again).I originally assumed that the error with my OpenVPN setup and so I contacted NordVPN support, but after working with them to recreate my OpenVPN client using an updated tutorial and collecting system logs from pfSense it appears that the OpenVPN client was working perfectly fine throughout these dropouts.
This suggests the issue is not with OpenVPN, but with something before it.The connection dropouts only effect connection under the OpenVPN client.
I know this because I run a PLEX and web server, and to get these to run properly I must use a static route (for the PLEX IPs) and port forwarding to route the raw connection to my server and thus bypassing my VPN.
When my PC (under the VPN) is experiencing a dropout the connection to my server is still operational.
I will detail my pfSense box specs and connected devices below.I have put this section at the bottom because Im not sure if its linked to my overall issue but it might help somehow.
I have also noticed some severe bandwidth degradation that I cannot localise (it may be due to VPN server load but I am sceptical.
At times, I will see bandwidth speeds nearing my ISP package (100Mb) but the longer the VPN connection is active the more the speed will degrade down to a baseline of around 30Mb/s.
I have monitored CPU loads in pfSense while running a bandwidth test and CPU usage never rose above 20%.System Specs
pfSense Version:
o 2.3.3/2.3.3_p1/2.3.4
Dell Optiplex 760 SFF:
o CPU: Intel Q9400 Core2Quad 2.6GHz
o RAM: 8GB
o HDD: 300GB WD Raptor
o NIC: Sun 375-3481-01 Quad Port PCI-E
Belkin Gigabit Switch
Netgear Managed Gigabit Smart Switch (Unused):
o Originally replacement for Belkin switch but unused because it experiences high latency and low throughput on my network (added in this list in case it is relevant)
o Netgear R7000 WiFi Router (Access Point mode)Connected Devices
My network has the following devices connected to it:
Windows 10 PC (LAN)
Windows 10 Laptop (WLAN/LAN)
Microsoft Surface 3 (WLAN)
Nokia Lumia 930 (WLAN)
Windows Server 2016 Standard Media/Web Server (LAN)
2x Amazon FireTV Sticks (WLAN)
EPSON WorkForce WF-2750 Printer (WLAN) -
I've been running a Syslog server so I can record the activity logs for my pfSense box, but there are aren't any notable errors or warnings.
I used to only capture OpenVPN logs, but changed it to all when I wasn't getting any useful data.I was getting a lot of Authenticate/Decrypt packet error: bad packet ID errors so I changed my OpenVPN client from UDP to TCP.
2017-05-21 14:14:23 Daemon.Error 192.168.1.1 May 21 14:14:22 openvpn[43547]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2241995 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
The network still loses connectivity on TCP, and the only other unusual thing that the log shows is that the unbound service has a tendency to restart a lot.
2017-05-21 16:41:09 Daemon.Notice 192.168.1.1 May 21 16:41:07 unbound: [35012:0] notice: Restart of unbound 1.6.1. 2017-05-21 16:41:09 Daemon.Notice 192.168.1.1 May 21 16:41:07 unbound: [35012:0] notice: init module 0: iterator 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: start of service (unbound 1.6.1). 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: service stopped (unbound 1.6.1). 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: server stats for thread 0: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: server stats for thread 1: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: server stats for thread 1: requestlist max 0 avg 0 exceeded 0 jostled 0 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: server stats for thread 2: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: server stats for thread 2: requestlist max 0 avg 0 exceeded 0 jostled 0 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: server stats for thread 3: 0 queries, 0 answers from cache, 0 recursions, 0 prefetch, 0 rejected by ip ratelimiting 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: server stats for thread 3: requestlist max 0 avg 0 exceeded 0 jostled 0 2017-05-21 16:41:09 Daemon.Notice 192.168.1.1 May 21 16:41:07 unbound: [35012:0] notice: Restart of unbound 1.6.1. 2017-05-21 16:41:09 Daemon.Notice 192.168.1.1 May 21 16:41:07 unbound: [35012:0] notice: init module 0: iterator 2017-05-21 16:41:09 Daemon.Info 192.168.1.1 May 21 16:41:07 unbound: [35012:0] info: start of service (unbound 1.6.1).
Other than that the only thing the logs show are numerous filterlog entries.