Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn instable with poor internet connection.

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    4 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ahuser
      last edited by

      Hi,
      After the Upgrade from Pfsense 2.0.3  to 2.1 RC0 have i notice  all OpenVPN Connection restarts at the same time when the connection is fully occupied.

      The Problem is not the OpenVPN connection, the problem is the gatway monitoring.
      I solved that with creating vpn interfaces and disable all gateway monitoring.
      My VPN connections runs now consistently without restarts.

      Regards Andreas

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        If the gateway monitoring parameters are at the defaults, then when the internet connection is "poor" (packet loss, latency…) the system will consider it down (that is the point of gateway monitoring - to give up on a gateway at some point). At places with slow links and known issues with packet loss, I set the advanced gateway monitoring parameters "crazy high" - like 40-50% packet loss, 4000-5000ms latency. Then the gateway is only considered down when it really has got to be almost totally unusable.
        At 15-20% packet loss, I find that the OpenVPN links struggle to stay established anyway. I guess too many of the UDP packets disappear in the bit bucket, acknowledges in the OpenVPN protocol, certificate and key renegotiations... just give up.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • A
          adam65535
          last edited by

          I am trying to understand what does gateway monitoring solve for when there is only 1 WAN?  If it is a DHCP WAN then I assume things would automatically get done that need done when the IP changes regardless of gateway monitoring.  I understand with 2 WANs the need to kill states but it seems to me like gateway monitoring just causes issues for people with 1 WAN by killing states and such when the connection just might be temporarily bad.  It seems to me like gateway monitoring by default should not do anything on a 1 WAN system.  Under what circumstances would you want to do state killing, etc when your single WAN goes down for some amount of time?

          I guess a more specific question would be under what circumstances would state killing and other things gateway monitoring does when it detects a downed gateway be wanted with a 1 WAN system?  I would think the majority of setups would never want state killing for a 1 WAN system.  I know this is one of the things that caught me off guard when I first started using pfsense.  I just didn't expect that behavior with 1 WAN.

          1 Reply Last reply Reply Quote 0
          • K
            Klaws
            last edited by

            Under "System:Advanced:Miscellaneous", you'll find the options for "Gateway Monitoring:State", where its says:

            By default the monitoring process will flush states for a gateway that goes down. This option overrides that behavior by not clearing states for existing connections.

            Yup, I think this is pretty well hidden. I would have expected it under "System:Routing:Gateways".

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.