Intermittent routing over OpenVPN (SYN sent but no ACK round robin)
-
I am trying to diagnose a problem in my pfsense which:
- Has a lan interface with the clients connected
- Has a WAN interface
- Has an openVPN client connected to PIA (TCP)
- Tried UDP and to avoid any tunnel funkyness with MTU I decided to just use TCP
- The VPN works fine using the same setup in my mac
The symptom points to a return path being sent to the wrong place, hence breaking the path but I can not confirm it.
I have already set a NAT rule from my LAN IP range to the VPN and I also have the gateway created and up
The problem that I do see is that connections do establish almost 50% of the time. If a connection is open, I can see that all its traffic its perfectly routed to the VPN gateway but it just fails to start 50% of the time. Doing packet captures I can see that the client sends the SYN flag but it never receives the SYN ACK, so the TCP connection does not start. Retrying the connection does indeed work but it breaks on the next one, rendering the tunnel useless.
-
Hello. Your settings look good, so you definitely should ask remote side about their settings. I think there is subnet overlapping on remote side
-
I will ask PIA and report back
-
Looks like the problem was the first OpenVPN rule that was there to allow the VPN server to route traffic to the internet but for whatever reason, it was confusing the pfsense routing. I have deleted that NAT rule and now it works as expected