Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue using OpenVPN client and server

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 2 Posters 766 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zeranoe
      last edited by Zeranoe

      I seem to be unable to reliably use an OpenVPN server along with an OpenVPN client. Things are fine with just a client, but when I add a server the machines going over the client VPN start dropping connections or having horribly slow connectivity.

      I looked at the firewall rules and it doesn't look like they're grabbing any of the traffic, and the issue doesn't seem to happen with every connection or every domain, but there are significant timeouts when the server is also running.

      This issue still happens when there are no external machines connected to the server.

      The moment I turn off the server the machines on the LAN going over the client OpenVPN start working fine again.

      My pfSense box is an i5 CPU M 520 2.40GHz with 2 cores and 2 threads each. When this is happening the CPU doesn't even go above 5% usage. The machine also has 4GB of memory and an SSD, so I doubt it's the hardware.

      I actually had the same issue on different hardware with similar a configuration.

      pfSsense 2.4.3 was installed fresh on this hardware and configured from the ground up.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        How do you route the traffic into the clients tunnel?

        1 Reply Last reply Reply Quote 0
        • Z
          Zeranoe
          last edited by

          I have a LAN rule as follows:
          Action: Pass
          Interface: LAN
          Protocol: Any
          Source: <alias for machines>
          Destination: Any
          Gateway: <device for the client connection>

          There's also some NAT rules, let me know if you need those.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Zeranoe
            last edited by

            @zeranoe said in Issue using OpenVPN client and server:

            Gateway: <device for the client connection>

            Have you assigned an interface to the client instance and selected the corresponding gateway here? Do not select the "OpenVPN GW", since this is a gateway group including all OpenVPN instances.

            1 Reply Last reply Reply Quote 0
            • Z
              Zeranoe
              last edited by

              Yes, the gateway setting is using the interface for the client OpenVPN port.

              There's also an egress floating rule as follows:
              Action: block
              Interface: WAN
              Address Family: IPv4 + IPv6
              Protocol: any
              Source: any
              Destination: any
              Tagged: VPN

              The LAN rule for the client OpenVPN is tagging with VPN

              1 Reply Last reply Reply Quote 0
              • Z
                Zeranoe
                last edited by

                I did a Wireshark capture on this and I see that I'm getting a [RSK, ACK] TCP error when attempting to load some pages. Note that the pages load fine and everything works as expected with only the client VPN running.

                I also watched the firewall logs, but nothing came up.

                What's interesting is that once the page load times out, and I attempt to reload the page, sometimes it will work. I'm not really sure how to go about trouble shooting this, but I would really appreciate any advise as I cannot run an OpenVPN server right now.

                1 Reply Last reply Reply Quote 0
                • Z
                  Zeranoe
                  last edited by

                  Anyone have an ideas? I think it might be a route issue, but I'm not sure since sometimes the connections go though and sometimes they time out.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.