Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    High ping time when others connect

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 361 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kkris
      last edited by kkris

      Hello

      I have an OpenVPN on my Netgate SG-2100 21.02.2-RELEASE for several external clients and I discovered something that does not seem to be right. I hope someone can give me feedback on this.

      OpenVPN Info:
      Mode: Remote Access ( SSL/TLS + User Auth )
      Data Ciphers: AES-256-GCM, AES-128-GCM, AES-256-CBC
      Digest: SHA1
      D-H Params: 1024 bits
      Protocol: TCP on IPv4 only

      Network Info
      Tunnel network: 192.168.17.0/24
      Local network: 192.168.101.0/24
      Client IP (A): 192.168.17.23
      Client IP (B): 192.168.17.6
      Local device IP (C): 192.168.101.101
      SG-2100 IP on VPN (D): 192.168.17.1

      When A pings C the response time is between 40 - 70ms on average. The moment B connects to the network, the response time jumps up to >2'500ms. Here is the ping from A to C:

      Reply from 192.168.101.101: bytes=32 time=45ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=74ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=61ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=70ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=57ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=86ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=40ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=37ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=2640ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=41ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=56ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=78ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=69ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=54ms TTL=63
      Reply from 192.168.101.101: bytes=32 time=65ms TTL=63

      The same thing happens when A pings D directly:

      Reply from 192.168.17.1: bytes=32 time=67ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=44ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=66ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=43ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=62ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=45ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=3498ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=36ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=68ms TTL=64
      Reply from 192.168.17.1: bytes=32 time=68ms TTL=64

      I have the exact same setup also on a low budget VPS running pfsense 2.5.1-RELEASE (which is also quite far from here) where I do not see this behavior. Actually I copied the whole OpenVPN-setup from the SG-2100 to the VPS and only changed the network addresses.

      The real issue for me is not this one package. I am really just curious to find out why there is a difference between the hardware appliance and the VPS, because I would like to have a stable setup.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • K
        kkris
        last edited by

        I changed the option "Certificate Depth" from
        "One (Client+Server)"
        to
        "Do not check"
        and now I do not experience the issue anymore.

        My question stays the same though:
        Why is this happening on the SG-2100 and not on a virtual pfSense?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.