Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GlobalProtect VPN issues lead me down a Traffic Shaping rabbit hole

    Scheduled Pinned Locked Moved
    Traffic Shaping
    2
    4
    107
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • _
      _ToXIc_
      last edited by

      Hey all, trying to tune my limiters. BUt before that a quick run down of what lead me down this path...
      even tho I havent changed anything on my FW (work claims the same) last week my GlobalProtect VPN from work just disconnects randomly and some days every hour. Looked at the VPN logs along with some wiresharks from the work laptop (LAN) and packet captures LAN/WAN
      seen different things..
      re-negotiating with tunnel cyphers,
      Tunnel timeouts about 156ms
      nothing really clear

      anywhoo
      happened on this thread https://forum.netgate.com/topic/169479/pfsense-dropping-connection-every-hour-xx-50
      using Traffic Shaping to help.
      so went through the guide and went from C to A+. I have a symmetric Gig connection from a Adtran TA 352 to my Dell R330 via cat 6 running the latest pfsense.
      So ive configured the queue length to 5000 and then to 5000 down 4000 up.. my upload have been cut in half.. any recomendations?

      20241008_214244199_iOS.png 20241008_214235320_iOS.png

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @_ToXIc_
        last edited by

        @_ToXIc_ What do the logs say on your GlobalProtect agent?
        Settings > Troubleshooting > Collect Logs

        For reference, i am using GP 6.0.3

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        _ 1 Reply Last reply Reply Quote 0
        • _
          _ToXIc_ @michmoor
          last edited by

          @michmoor im on 6.2.4

          (P6640-T9692)Error( 413): 10/01/24 10:55:33:324 send(84) failed: 10022(An invalid argument was supplied.)
          (P6640-T9692)Error(2005): 10/01/24 10:55:33:324 Send(84) to socket failed
          (P6640-T9692)Error(1024): 10/01/24 10:55:33:324 ProcPackets, ProcDriverData() failed
          (P6640-T9692)Info (1046): 10/01/24 10:55:33:324 ProcDrv thread dies
          (P6640-T9692)Dump ( 465): 10/01/24 10:55:33:324 ending ProcDrv thread
          (P6640-T2276)Info ( 564): 10/01/24 10:55:33:324 ProcMon: receive ProcDrv quit event
          (P6640-T2276)Debug( 654): 10/01/24 10:55:33:324 Tunnel downtime is 156 miliseconds

          im also trying to regain my upload speeds after doing the Traffic Shaping using this guide
          https://docs.netgate.com/pfsense/en/latest/recipes/codel-limiters.html

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @_ToXIc_
            last edited by

            @_ToXIc_
            I would revert the change regarding bloat. That doesn’t impact what’s going on here and typically it’s best left alone.
            There are also debug logs for the agent

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            1 Reply Last reply Reply Quote 0
            • First post
              Last post