OpenVPN site to site freezes, with packet drops and latency when selecting OVPN interface as default gateway towards the other site's internet connection.

boyan1

PfSense CE-2.5.1 Release

Having a problem with site to site connection when forcing Site B to use the internet connection from Site A on TCP connection. UDP is OK.

In the previous releases this worked like a charm when I would assign static routes in-between sites and set the default gateway of Site B to be the OpenVPN interface thus forcing all outbound communication to pass through Site A.

Now it still works for pings and smaller packets, but when i open up a web browser on Site B, the gateway reports packet drops and big latency until it completely freezes.

Since time is very short, I fixed this with the option "redirect-gateway def1;" in Site B pfsense router, however after reboot the service needs to be restarted again so that the correct gateway is used. To additionally fix this, i wrote a shell script that would do this automatically for me.

Right now, doing it this way it works fine and I have no issues, but I wonder what the problem could be. I might try packet capture and analysis later to see if i can find more.

So far while I was having the problem and using the specific gateway, I've tried optimizing the packets by tweaking MSS & MTU for the OVPN interface, encryption algorithms, different settings and basically everything i could think of but nothing helped. Once there is more network activity the gateway simply freezes and all communication is blocked for a few minutes.

This worked perfectly fine for me in 2.4.5 and 2.5.0. Has anyone experienced the same issue?