Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sometimes issues with OpenVPN udp via OpenVPN udp

    OpenVPN
    openvpn mtu multi-wan
    1
    1
    544
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Elephant
      last edited by

      Hello.

      I have a very strange problem and am at my wits' end.

      I am running a pfsense 2.4.5 with two internet lines:
      wan1 - DHCP - cable (250/50) - primary
      wan2 - PPPoE - vdsl (100/40) - backup

      In addition to that I have a VPS which I use to get some fixed IPs. The VM and pfsense (as client) are connected via OpenVPN (udp).

      Also there is an OpenVPN server (also udp) on the pfsense which uses one of the tunneled IPs (therefor OpenVPN udp via OpenVPN udp).
      This VPN is used by about 20 clients, mostly Linux, some Windows.
      This worked fine.

      Now comes the problem.
      The wan1 connection has problems at the moment, mainly some higher latency (~20ms) and some package loss (~1%).
      Now I discovered, that with some Linux clients I have sometimes problems transfering data through the VPN.
      Ping works
      HTTP works
      HTTPS works not
      SSH works not
      SMB works not

      If I switch the tunnel to the VPS from wan1 to wan2, everything works.
      wan2 always works.

      So my first idea was, that the package loss of wan1 somehow causes this problem.
      BUT, why are there never problems with the windows clients, and some of the linux clients?
      I never have problems with all of them at once, only some clients are affected at one time.

      Then I thought: MTU problem.
      But in both cases (wan1 active/wan2 active) I can ping endpoints through the VPN with a size of 1472.

      Now the interesting part.
      If I restart (or stop, wait a few minutes, start) the OpenVPN connection on an affected client or reboot the entire client system, nothing changes.
      If I stop the connection, add 'link-mtu 1200' to the client config and then start the connection again, I get mtu miss match messages, BUT it works.
      If I then stop the connection again, revert the config change, start the connection again, IT WORKS AS WELL. Why?

      I have no more ideas... :/

      Is this a strange result of the package loss and the double udp tunnels?
      Is this a problem with stale udp connections with some routers along the way? (--nobind on the client did not help)

      Maybe some one has a new idea or some explanation...

      Thank you! :)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.