OpenVPN Tunnel TCP Traffic Extremely High Latency

  • Good evening,
    I am trying to setup a Site-To-Site VPN on a server that I am going to ship out soon for colocation. The server has a pfSense VM, connected to a WAN interface, and a LAN interface. This pfSense router is going to be an OpenVPN client, connecting to an OpenVPN server on a VPS that I have been using for some time now without issue. We will call this new Colo server Site B, and my main home network (also pfSense) Site A. From the Site B pfSense machine, I can ping, and do other things like SSH to servers and curl web pages within the Site A network. This is as expected. From other VMs the virtual LAN on the Site B network (behind the pfSense VM), I can ping hosts within the Site A network, but SSH and wget requests take a long time (I won't see a password prompt on SSH for a few minutes). The same goes for other VPN clients. I can ping the VMs on the Site B network, but it takes a few minutes to SSH to them, and by then the connection has timed out. The odd thing is that I did a packet capture when trying to wget a locally hosted web page, and when viewed in Wireshark, it looked like the request was received very late, and the request was processed immediately, and then received by the requesting client.

    Basically, the pfSense VM at Site B is fully connected to the Site A network, but the clients behind it aren't completely, but can ping the Site A network with no major latency.

    Any help would be appreciated!

  • LAYER 8 Netgate

    Almost certainly the server waiting for something like reverse DNS and timing out.

    A few minutes is a long time though.

    If you have packet captures that'd be great to see.

  • I have figured out the problem. There is a bug with the way the VirtIO NIC driver and pfSense interact. Switching to an emulated NIC like the Intel Pro 1000 fixed the problem. This had me pulling my hair out for a week!