Issue using OpenVPN client and server

Zeranoe

I seem to be unable to reliably use an OpenVPN server along with an OpenVPN client. Things are fine with just a client, but when I add a server the machines going over the client VPN start dropping connections or having horribly slow connectivity.

I looked at the firewall rules and it doesn't look like they're grabbing any of the traffic, and the issue doesn't seem to happen with every connection or every domain, but there are significant timeouts when the server is also running.

This issue still happens when there are no external machines connected to the server.

The moment I turn off the server the machines on the LAN going over the client OpenVPN start working fine again.

My pfSense box is an i5 CPU M 520 2.40GHz with 2 cores and 2 threads each. When this is happening the CPU doesn't even go above 5% usage. The machine also has 4GB of memory and an SSD, so I doubt it's the hardware.

I actually had the same issue on different hardware with similar a configuration.

pfSsense 2.4.3 was installed fresh on this hardware and configured from the ground up.

viragomann

How do you route the traffic into the clients tunnel?

Zeranoe

I have a LAN rule as follows:
Action: Pass
Interface: LAN
Protocol: Any
Source: <alias for machines>
Destination: Any
Gateway: <device for the client connection>

There's also some NAT rules, let me know if you need those.

viragomann

@zeranoe said in Issue using OpenVPN client and server:

Gateway: <device for the client connection>

Have you assigned an interface to the client instance and selected the corresponding gateway here? Do not select the "OpenVPN GW", since this is a gateway group including all OpenVPN instances.

Zeranoe

Yes, the gateway setting is using the interface for the client OpenVPN port.

There's also an egress floating rule as follows:
Action: block
Interface: WAN
Address Family: IPv4 + IPv6
Protocol: any
Source: any
Destination: any
Tagged: VPN

The LAN rule for the client OpenVPN is tagging with VPN

Zeranoe

I did a Wireshark capture on this and I see that I'm getting a [RSK, ACK] TCP error when attempting to load some pages. Note that the pages load fine and everything works as expected with only the client VPN running.

I also watched the firewall logs, but nothing came up.

What's interesting is that once the page load times out, and I attempt to reload the page, sometimes it will work. I'm not really sure how to go about trouble shooting this, but I would really appreciate any advise as I cannot run an OpenVPN server right now.

Zeranoe

Anyone have an ideas? I think it might be a route issue, but I'm not sure since sometimes the connections go though and sometimes they time out.