• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN Tunnel TCP Traffic Extremely High Latency

OpenVPN
openvpn routage routing vpn client vpn
3
4
2.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ?
    A Former User
    last edited by Nov 20, 2018, 11:27 PM

    Good evening,
    I am trying to setup a Site-To-Site VPN on a server that I am going to ship out soon for colocation. The server has a pfSense VM, connected to a WAN interface, and a LAN interface. This pfSense router is going to be an OpenVPN client, connecting to an OpenVPN server on a VPS that I have been using for some time now without issue. We will call this new Colo server Site B, and my main home network (also pfSense) Site A. From the Site B pfSense machine, I can ping, and do other things like SSH to servers and curl web pages within the Site A network. This is as expected. From other VMs the virtual LAN on the Site B network (behind the pfSense VM), I can ping hosts within the Site A network, but SSH and wget requests take a long time (I won't see a password prompt on SSH for a few minutes). The same goes for other VPN clients. I can ping the VMs on the Site B network, but it takes a few minutes to SSH to them, and by then the connection has timed out. The odd thing is that I did a packet capture when trying to wget a locally hosted web page, and when viewed in Wireshark, it looked like the request was received very late, and the request was processed immediately, and then received by the requesting client.

    Basically, the pfSense VM at Site B is fully connected to the Site A network, but the clients behind it aren't completely, but can ping the Site A network with no major latency.

    Any help would be appreciated!

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Nov 21, 2018, 8:08 AM

      Almost certainly the server waiting for something like reverse DNS and timing out.

      A few minutes is a long time though.

      If you have packet captures that'd be great to see.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by Nov 21, 2018, 2:04 PM

        I have figured out the problem. There is a bug with the way the VirtIO NIC driver and pfSense interact. Switching to an emulated NIC like the Intel Pro 1000 fixed the problem. This had me pulling my hair out for a week!

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by Nov 21, 2018, 6:27 PM

          https://www.netgate.com/docs/pfsense/virtualization/virtio-driver-support.html

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.