Connection stalls sporadically

LeoLinux

Hi,

I set up pfSense-01 with a static IP to be the OpenVPN server. Thus far I always connected through a FreeBSD OpenVPN Client and it worked perfectly. No I decided to substitude the FreeBSD OpenVPN Client by a box called pfSense-02. Now all of a sudden the connection seems to stall sporadically.

FreeBSD pfSense-01.MyDomain.de 10.1-RELEASE FreeBSD 10.1-RELEASE #0 29f4af5(releng/10.1)-dirty: Mon Dec  1 04:02:16 CST 2014     root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10  amd64

FreeBSD pfSense-02.MyDomain.Local 10.1-RELEASE FreeBSD 10.1-RELEASE #0 29f4af5(releng/10.1)-dirty: Tue Dec  2 00:20:42 CST 2014     root@pfsense-22-i386-builder:/usr/obj.i386/usr/pfSensesrc/src/sys/pfSense_wrap.10.i386  i386

64 bytes from 192.168.50.200: icmp_seq=35 ttl=63 time=1091.976 ms
64 bytes from 192.168.50.200: icmp_seq=36 ttl=63 time=101.790 ms
64 bytes from 192.168.50.200: icmp_seq=37 ttl=63 time=53.909 ms
64 bytes from 192.168.50.200: icmp_seq=38 ttl=63 time=53.123 ms
64 bytes from 192.168.50.200: icmp_seq=39 ttl=63 time=51.637 ms
64 bytes from 192.168.50.200: icmp_seq=40 ttl=63 time=53.054 ms
64 bytes from 192.168.50.200: icmp_seq=41 ttl=63 time=55.677 ms
64 bytes from 192.168.50.200: icmp_seq=42 ttl=63 time=55.594 ms
64 bytes from 192.168.50.200: icmp_seq=43 ttl=63 time=53.403 ms
64 bytes from 192.168.50.200: icmp_seq=44 ttl=63 time=56.186 ms
64 bytes from 192.168.50.200: icmp_seq=45 ttl=63 time=54.847 ms
64 bytes from 192.168.50.200: icmp_seq=106 ttl=63 time=1086.723 ms
64 bytes from 192.168.50.200: icmp_seq=107 ttl=63 time=95.487 ms
64 bytes from 192.168.50.200: icmp_seq=108 ttl=63 time=64.366 ms
64 bytes from 192.168.50.200: icmp_seq=109 ttl=63 time=50.702 ms
64 bytes from 192.168.50.200: icmp_seq=110 ttl=63 time=52.501 ms
64 bytes from 192.168.50.200: icmp_seq=111 ttl=63 time=56.576 ms
64 bytes from 192.168.50.200: icmp_seq=112 ttl=63 time=64.332 ms
64 bytes from 192.168.50.200: icmp_seq=113 ttl=63 time=58.205 ms
64 bytes from 192.168.50.200: icmp_seq=114 ttl=63 time=82.425 ms
64 bytes from 192.168.50.200: icmp_seq=115 ttl=63 time=54.828 ms
64 bytes from 192.168.50.200: icmp_seq=176 ttl=63 time=1084.518 ms
64 bytes from 192.168.50.200: icmp_seq=177 ttl=63 time=94.368 ms
64 bytes from 192.168.50.200: icmp_seq=178 ttl=63 time=56.230 ms
64 bytes from 192.168.50.200: icmp_seq=179 ttl=63 time=53.393 ms
64 bytes from 192.168.50.200: icmp_seq=180 ttl=63 time=51.000 ms
64 bytes from 192.168.50.200: icmp_seq=181 ttl=63 time=50.912 ms
64 bytes from 192.168.50.200: icmp_seq=182 ttl=63 time=54.112 ms

LeoLinux

I should probably also mention, that

• SSH connections sometimes drop

• HTTP(s) requests take forever to be answered through OpenVPN tunnel

• etc. …

due to this huge lack of connection … All in all the OpenVPN tunnel connection is not usable under the current conditions.

Here is the config of pfSense-01 (OpenVPN server)

dev ovpns1
verb 3
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.49.100
ifconfig 192.168.250.1 192.168.250.2
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 2
push "route 192.168.50.0 255.255.255.0"
push "route 192.168.49.0 255.255.255.0"
route 192.168.10.0 255.255.255.0
secret /var/etc/openvpn/server1.secret 
push "route 192.168.49.0 255.255.255.0"
push "route 192.168.50.0 255.255.255.0"
push "route 192.168.51.0 255.255.255.0"

And here is the config of pfSense-02 (OpenVPN client)

dev ovpnc2
verb 3
dev-type tun
tun-ipv6
dev-node /dev/tun2
writepid /var/run/openvpn_client2.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.9.100
engine cryptodev
lport 0
management /var/etc/openvpn/client2.sock unix
remote OpenVPN-Server.tld 1194
ifconfig 192.168.250.2 192.168.250.1
route 192.168.49.0 255.255.255.0
route 192.168.50.0 255.255.255.0
route 192.168.51.0 255.255.255.0
secret /var/etc/openvpn/client2.secret 
resolv-retry 2

Could anyone guess why this drastic timeouts are happening ONLY with pfSense as client? (Remember a regular FreeBSD OpenVPN client works totally nice with current pfsense-01 server settings)

Derelict

Note that this is 2.2 and should probably be in the beta forum.

Hmm.  Up for 10 down for 60.  Same values as in the keepalive.

LeoLinux

Turns out I had a second simultaneous connection running from another Host in the pfSense LAN network. This caused the connection to have this mysterious freezes.