Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    UDP traffic issues

    OpenVPN
    4
    7
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MaxPF
      last edited by

      I'm using pfSense 1.2.3RC1 at the office and I have it setup as firewall/gateway/OpenVPN server. OpenVPN is running on the standard UDP port. Everything works for the most part, but I have noticed that UDP traffic from the VPN clients to the LAN it's very inconsistent. Sometimes it works other times it doesn't. For example DNS requests from VPN clients to the LAN DNS servers don't always go through and this is causing major issues authenticating with Active Directory when accessing resources on the LAN.

      After disconnecting and reconnecting multiple times, it eventually works, but that's not an acceptable solution. On the other hand, TCP traffic works well all the times.

      I was considering switching OpenVPN to TCP, but then performance degradation and the possibility of "TCP over TCP metldown" are just as bad, if not worse than the original UDP issue.

      Anybody else experiencing issues with UDP traffic? Any suggestion or workaround is very appreciated. Thanks.

      Max

      1 Reply Last reply Reply Quote 0
      • M
        MaxPF
        last edited by

        Anybody?

        1 Reply Last reply Reply Quote 0
        • B
          Bern
          last edited by

          No, sorry, I have only the opposite to report - have multiple sites connected (in pairs) with UDP-based OpenVPN and NOTHING has ever failed, regardless of protocol.

          I also have some IPSec tunnels too and they're very stable.

          Have you got any diagnostics (eg. output from tcpdump)?

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            You might want to take a close look at the modems/routers used at the client ends. Some modems/routers mistake udp openvpn traffic as ip flood type attack and they start to throttle the traffic. The modems/routers should have an option to turn this "protection" off.

            1 Reply Last reply Reply Quote 0
            • M
              MaxPF
              last edited by

              Unfortunately I don't have a tcpdump yet. In regards to the possible issue of routers not handling the openvpn traffic correctly, do you think that using a "safe" udp port like 123 or even 53 would be help?

              1 Reply Last reply Reply Quote 0
              • N
                nerdy
                last edited by

                Hi, we are also experiencing your problem.  The current setup is 2 pfSense 1.2.2 devices - 1 at each site (We only have 2 sites)  We have some road warrior tunnels using UDP without any problems.  However, we cannot get UDP to work with the site to site tunel when using the tutorial (non-PKI)  TCP works fine, but it's causing VoIP issues with our Cisco Phones and Asterisk at the other site.  Any help on this is greatly appreciated!!

                1 Reply Last reply Reply Quote 0
                • N
                  nerdy
                  last edited by

                  Ok, it's working for us now.  We simply used udp port 1194 for the site-to-site tunnel, and 1193 for the road warrior clients.  Now we're looking into pushing routes into the tunnels.  Anyways, I hope this helps anyone else who's having this problem.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.