Connection stalls sporadically



  • Hi,

    I set up pfSense-01 with a static IP to be the OpenVPN server. Thus far I always connected through a FreeBSD OpenVPN Client and it worked perfectly. No I decided to substitude the FreeBSD OpenVPN Client by a box called pfSense-02. Now all of a sudden the connection seems to stall sporadically.

    FreeBSD pfSense-01.MyDomain.de 10.1-RELEASE FreeBSD 10.1-RELEASE #0 29f4af5(releng/10.1)-dirty: Mon Dec  1 04:02:16 CST 2014     root@pfsense-22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10  amd64
    
    FreeBSD pfSense-02.MyDomain.Local 10.1-RELEASE FreeBSD 10.1-RELEASE #0 29f4af5(releng/10.1)-dirty: Tue Dec  2 00:20:42 CST 2014     root@pfsense-22-i386-builder:/usr/obj.i386/usr/pfSensesrc/src/sys/pfSense_wrap.10.i386  i386
    
    64 bytes from 192.168.50.200: icmp_seq=35 ttl=63 time=1091.976 ms
    64 bytes from 192.168.50.200: icmp_seq=36 ttl=63 time=101.790 ms
    64 bytes from 192.168.50.200: icmp_seq=37 ttl=63 time=53.909 ms
    64 bytes from 192.168.50.200: icmp_seq=38 ttl=63 time=53.123 ms
    64 bytes from 192.168.50.200: icmp_seq=39 ttl=63 time=51.637 ms
    64 bytes from 192.168.50.200: icmp_seq=40 ttl=63 time=53.054 ms
    64 bytes from 192.168.50.200: icmp_seq=41 ttl=63 time=55.677 ms
    64 bytes from 192.168.50.200: icmp_seq=42 ttl=63 time=55.594 ms
    64 bytes from 192.168.50.200: icmp_seq=43 ttl=63 time=53.403 ms
    64 bytes from 192.168.50.200: icmp_seq=44 ttl=63 time=56.186 ms
    64 bytes from 192.168.50.200: icmp_seq=45 ttl=63 time=54.847 ms
    64 bytes from 192.168.50.200: icmp_seq=106 ttl=63 time=1086.723 ms
    64 bytes from 192.168.50.200: icmp_seq=107 ttl=63 time=95.487 ms
    64 bytes from 192.168.50.200: icmp_seq=108 ttl=63 time=64.366 ms
    64 bytes from 192.168.50.200: icmp_seq=109 ttl=63 time=50.702 ms
    64 bytes from 192.168.50.200: icmp_seq=110 ttl=63 time=52.501 ms
    64 bytes from 192.168.50.200: icmp_seq=111 ttl=63 time=56.576 ms
    64 bytes from 192.168.50.200: icmp_seq=112 ttl=63 time=64.332 ms
    64 bytes from 192.168.50.200: icmp_seq=113 ttl=63 time=58.205 ms
    64 bytes from 192.168.50.200: icmp_seq=114 ttl=63 time=82.425 ms
    64 bytes from 192.168.50.200: icmp_seq=115 ttl=63 time=54.828 ms
    64 bytes from 192.168.50.200: icmp_seq=176 ttl=63 time=1084.518 ms
    64 bytes from 192.168.50.200: icmp_seq=177 ttl=63 time=94.368 ms
    64 bytes from 192.168.50.200: icmp_seq=178 ttl=63 time=56.230 ms
    64 bytes from 192.168.50.200: icmp_seq=179 ttl=63 time=53.393 ms
    64 bytes from 192.168.50.200: icmp_seq=180 ttl=63 time=51.000 ms
    64 bytes from 192.168.50.200: icmp_seq=181 ttl=63 time=50.912 ms
    64 bytes from 192.168.50.200: icmp_seq=182 ttl=63 time=54.112 ms
    
    


  • I should probably also mention, that

    • SSH connections sometimes drop

    • HTTP(s) requests take forever to be answered through OpenVPN tunnel

    • etc. …

    due to this huge lack of connection … All in all the OpenVPN tunnel connection is not usable under the current conditions.

    Here is the config of pfSense-01 (OpenVPN server)

    dev ovpns1
    verb 3
    dev-type tun
    tun-ipv6
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.49.100
    ifconfig 192.168.250.1 192.168.250.2
    lport 1194
    management /var/etc/openvpn/server1.sock unix
    max-clients 2
    push "route 192.168.50.0 255.255.255.0"
    push "route 192.168.49.0 255.255.255.0"
    route 192.168.10.0 255.255.255.0
    secret /var/etc/openvpn/server1.secret 
    push "route 192.168.49.0 255.255.255.0"
    push "route 192.168.50.0 255.255.255.0"
    push "route 192.168.51.0 255.255.255.0"
    
    

    And here is the config of pfSense-02 (OpenVPN client)

    dev ovpnc2
    verb 3
    dev-type tun
    tun-ipv6
    dev-node /dev/tun2
    writepid /var/run/openvpn_client2.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher AES-128-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    local 192.168.9.100
    engine cryptodev
    lport 0
    management /var/etc/openvpn/client2.sock unix
    remote OpenVPN-Server.tld 1194
    ifconfig 192.168.250.2 192.168.250.1
    route 192.168.49.0 255.255.255.0
    route 192.168.50.0 255.255.255.0
    route 192.168.51.0 255.255.255.0
    secret /var/etc/openvpn/client2.secret 
    resolv-retry 2
    
    

    Could anyone guess why this drastic timeouts are happening ONLY with pfSense as client? (Remember a regular FreeBSD OpenVPN client works totally nice with current pfsense-01 server settings)


  • LAYER 8 Netgate

    Note that this is 2.2 and should probably be in the beta forum.

    Hmm.  Up for 10 down for 60.  Same values as in the keepalive.



  • Turns out I had a second simultaneous connection running from another Host in the pfSense LAN network. This caused the connection to have this mysterious freezes.


Log in to reply