Issue using OpenVPN client and server

  • I seem to be unable to reliably use an OpenVPN server along with an OpenVPN client. Things are fine with just a client, but when I add a server the machines going over the client VPN start dropping connections or having horribly slow connectivity.

    I looked at the firewall rules and it doesn't look like they're grabbing any of the traffic, and the issue doesn't seem to happen with every connection or every domain, but there are significant timeouts when the server is also running.

    This issue still happens when there are no external machines connected to the server.

    The moment I turn off the server the machines on the LAN going over the client OpenVPN start working fine again.

    My pfSense box is an i5 CPU M 520 2.40GHz with 2 cores and 2 threads each. When this is happening the CPU doesn't even go above 5% usage. The machine also has 4GB of memory and an SSD, so I doubt it's the hardware.

    I actually had the same issue on different hardware with similar a configuration.

    pfSsense 2.4.3 was installed fresh on this hardware and configured from the ground up.

  • How do you route the traffic into the clients tunnel?

  • I have a LAN rule as follows:
    Action: Pass
    Interface: LAN
    Protocol: Any
    Source: <alias for machines>
    Destination: Any
    Gateway: <device for the client connection>

    There's also some NAT rules, let me know if you need those.

  • @zeranoe said in Issue using OpenVPN client and server:

    Gateway: <device for the client connection>

    Have you assigned an interface to the client instance and selected the corresponding gateway here? Do not select the "OpenVPN GW", since this is a gateway group including all OpenVPN instances.

  • Yes, the gateway setting is using the interface for the client OpenVPN port.

    There's also an egress floating rule as follows:
    Action: block
    Interface: WAN
    Address Family: IPv4 + IPv6
    Protocol: any
    Source: any
    Destination: any
    Tagged: VPN

    The LAN rule for the client OpenVPN is tagging with VPN

  • I did a Wireshark capture on this and I see that I'm getting a [RSK, ACK] TCP error when attempting to load some pages. Note that the pages load fine and everything works as expected with only the client VPN running.

    I also watched the firewall logs, but nothing came up.

    What's interesting is that once the page load times out, and I attempt to reload the page, sometimes it will work. I'm not really sure how to go about trouble shooting this, but I would really appreciate any advise as I cannot run an OpenVPN server right now.

  • Anyone have an ideas? I think it might be a route issue, but I'm not sure since sometimes the connections go though and sometimes they time out.