Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Packet Corruption

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awesomo
      last edited by

      I have had a pfSense install working great for the past 6 months, but a few weeks ago ALL of our road warriors are experiencing packet corruption (TCP TUN).

      I restarted pfSense, I made a new UDP TUN server, new CA, a new user, and a new certificate for the user. I tried to connect and I had the same problems. HTTPS sites don't load due to certificate corruption, remote desktop doesn't work, normal websites take 4-5 refreshing to load correctly. I have no idea why it is just this one site when I have 20 other installs setup the same way and none of them have failed like this yet.

      I get no errors in the OpenVPN logs and NO errors in the Client OpenVPN logs.

      Installed Packages:
      Snort
      iperf
      mtr-nox11
      OpenVPN Client Export
      vnstat2

      I have tried everything short of a complete re-install. Does anyone know what I should try next?

      1 Reply Last reply Reply Quote 0
      • M
        marvosa
        last edited by

        So, you are doing full tunnel then?  Post your server1.conf.

        1 Reply Last reply Reply Quote 0
        • A
          awesomo
          last edited by

          Here you go:

          
          dev ovpns1
          dev-type tun
          dev-node /dev/tun1
          writepid /var/run/openvpn_server1.pid
          #user nobody
          #group nobody
          script-security 3
          daemon
          keepalive 10 60
          ping-timer-rem
          persist-tun
          persist-key
          proto tcp-server
          cipher AES-128-CBC
          up /usr/local/sbin/ovpn-linkup
          down /usr/local/sbin/ovpn-linkdown
          local 10.1.10.100
          tls-server
          server 10.2.20.0 255.255.255.0
          client-config-dir /var/etc/openvpn-csc
          username-as-common-name
          auth-user-pass-verify /var/etc/openvpn/server1.php via-env
          tls-verify /var/etc/openvpn/server1.tls-verify.php
          lport 443
          management /var/etc/openvpn/server1.sock unix
          push "route 10.2.15.0 255.255.255.0"
          push "dhcp-option DOMAIN business.local"
          push "dhcp-option DNS 10.2.15.5"
          push "dhcp-option DNS 8.8.8.8"
          ca /var/etc/openvpn/server1.ca
          cert /var/etc/openvpn/server1.cert
          key /var/etc/openvpn/server1.key
          dh /etc/dh-parameters.1024
          tls-auth /var/etc/openvpn/server1.tls-auth 0
          persist-remote-ip
          float
          
          
          1 Reply Last reply Reply Quote 0
          • A
            awesomo
            last edited by

            I upgraded to 2.0.3 and the random corruption has disappeared. I will report back if anything changes. Overall a very wierd occurance. I have a few dozen installs setup the same way on versions 1.2.3 to 2.0.3 and have never had this issue, ever.

            1 Reply Last reply Reply Quote 0
            • M
              marvosa
              last edited by

              Glad it's working.  It looks like you're using split tunnel, so my thought was it had to be on the client end, but you're also double NATing and using port 443 instead of 1194… that probably has something to do with it.

              Also, I'm curious to know why you're pushing out google DNS with a split tunnel deployment.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.