High packetloss with VPN
-
Hi all
I've been running a Pfsense 2.5 VPN setup with no obvious issues for some years now but I am now experiencing very high packetloss, currently 30% loss and it is causing all sorts of problems.
It makes no difference which VPN provider I use, I tried two (AirVPN and NordVPN) with the same result so I just dont think its that end. Im using all intel server NICs, and have tried using transplants from other systems, no dice. Adjusting the NIC offload settings did nothing.
Quality graphs on the VPN wan show the loss but I cant see a cause, just that it happens.
Ive been over the following threads:
https://forum.netgate.com/topic/158860/pfsense-latency-spikes-in-esxihttps://forum.netgate.com/topic/155642/troubleshooting-wan-latency
https://forum.kitz.co.uk/index.php/topic,24600.240.html?PHPSESSID=3e7f82968764afcc6f0c2d0be011a1ae
There is speculation that its PFBlockerNG causing issues but disabling / removing seems to do nothing.
There were also questions about the Virgin superhub (a uk cable ISP with known modem issues) causing problems but two days ago I switched providers and Im now on a completely different fibre line, with a new draytek modem etc, the issue remains the same.
DNS Resolver has been fiddled with endlessly, forwarding mode enabled and disabled, registering leases enabled and disabled, basically Ive been clicking like a monkey on speed for the last few days and nothing has done owt.
I adjusted the apinger thresholds as well to see what happens, basically nothing except the statuses remain green for longer. The slow internet connections etc make me think its not just the ping packets getting dropped by QoS somewhere, that said I could be wrong.
Just tried upgrading to 2.6.0 devel to see if that shook anything loose, no dice there either.
System load shouldnt be an issue, CPU usage never gets above 15%, memory not above 40%, this is a beefy system for a home setup.
Its quite possible I've just done something stupid but AFAIK i have the vanilla pfsense setup with a VPN, as described across the net, nothing that fancy. This is really starting to piss me off, my only comfort is knowing I'm not alone, has anyone got any more ideas, at this point I'd be willing to travel internationally just to bring you chocolates.
-
I'm in the same boat. I've recently upgrade to 2.5.1 from 2.4.5 CE and my VPN connection to PIA (Private Internet Access) is behaving similarly to your issue. As soon as traffic began to saturate the vpn connection, the packet loss starts to climb and vpn connection eventually shows offline as soon as the packet loss went above 50%. If I stopped the high traffic going to the vpn gateway, the packet loss % slowly decrease then the vpn gateway shows it's back online and packet loss back to 0% again. I've tried using different servers and switching between tcp/udp tunnels but it still exhibits the same behavior.
I've reverted back to 2.4.5 and the vpn connection worked correctly and did not go offline with the enormous amount of packet loss as in 2.5.1. So at this point, I have my main pfsense box running on 2.4.5 since the vpn connection seems to be more stable on that version. I have 2.5.1 loaded on another box so I can tinker with the settings and do some testing to see if anything will eliminate this issues!
-
I have been having packet loss issues as well. I used to maintain 4 client connections for failover purposes but there is so much packet loss that it's unusable. Are you experiencing extreme lag on the web interface as well?
-
Hi all
I have a resolution of sorts but I'm not sure its going to help you guys.
It turns out I have a line fault on my new fibre connection, something about the fault is causing the VPN to lose packets and eventually drop but the WAN connection apparently stayed connected, sneaky.
So it has come to pass, I have transferred from Virgin, they of the two bob modems, to Plusnet, home of the riddled fibre. That said Plusnet customer service was spot on and they promise a fix tomorrow so I may forgive them.
If you are with Virgin in the UK its not impossible the original issues in my post above are affecting you, their superhub is indeed shite.
-
I'm also facing the similar issue after upgrading to 21.02.2 on Negate SG-5100 device. I have setup for two opnvpn clients from a VPN provider. After upgrade only one VPN client is working and other VPN client is not passing any traffic even it's status is up, i did client setup again and changed the cipher setting but nothing helped to resolve this issue. I also tried recovering my back from old version, but that also didn't helped.
Seems downgrading the Pfsense version or waiting for fix from Netgate is only option.
Gian
-
@gianeshwar0201 I wish more people with issues related to this would chime in so the problem will be acknowledged. At this point the only way they will fix it is if it's by accident. When I attempted to submit it as a bug last week it was dismissed for not having enough information. I've rolled back to 2.4.5p1 myself.
-
In my case, the lag increases as the packet loss increases. Once the packet loss gets too high , everything stop working and the VPN status shows offline. If the vpn gateway is not saturated, all traffic flows normally with no packet loss or lag.
This issues is definitely tied to OpenVpn on 2.5.1 and not the VPN provider. I've signed up for a NordVPN account to see if it's PIA that is the the culprit but it behaved the same on both providers. However, both VPN service had no issues with packet loss on my box running 2.4.5.
So at this point , I'm wondering if there is incompatibility issue with the OpenVPN version running on 2.5.1 and what the VPN providers are running. Does anyone else use a different VPN provider other than PIA and NordVPN with similar issues, please chime in.
I'm still doing more tests on the 2.5.1 box and shifting through the log files so I'll post here if I see something.
-
@ibquan I'm having issues with opnvpn clients setup for Surfshark VPN provider. Prior to update to pfsense+ 21.02.2 /2.5 all clients worked fine.
Gian
-
Hi! I’ve had TorGuard openvpn running with multiple connections and policy based routing when I was on pfsense 2.5.0. Once I setup the monitoring up correctly it was pretty stable. It was running for days without a glitch. But being 2.5.0 I had unbound problems and off course the big port-forwarding-is-kaput-on-multi-wan, so I went back to 2.4.5 -p1. I suggest you do the same and secure wipe 2.5.x, nuke the installer and burn the usb you used to install it. Joking
, but 2.5.x releases are headache.
-
@ibquan for me the OpenVPN issues started after 2.5.1.r.20210403.0300 I'm not sure when the new version of OpenVPN was added to the mix but it being an OpenVPN issue seems quite possible.
-
Update - after downgrading to Pfsense+ 21.02.P1 version my VPN issue is resolved. I'll do more tests on Pfsense test box if i'm able to resolved issue with 21.02.02 version. I didn't do any configuration changes to resolve this issue other than installing prior version.
Gian
-
@gianeshwar0201 Every solution I've seen has been to roll back. I don't think this issue is even on Netgate's radar until someone can successfully convince them that this is a problem and it's submitted on pfsense Bugtracker. I tried but it was dismissed. I believe these forums rely on user helping user so I'm not sure if they even monitor what's going on here.