Open vpn timeouts

djnrg787

Hi I have a multi location open vpn tunnel setup the server is on a cable connection with 100/4 bandwidth, what seems to be happening is if users are using a lot of regular non tunneled bandwidth the tunnels will drop. we have 10 remote sites which run tomato. all was working fine when we had a slower 3/2 connection but when we switched to cable it started to drop off. Can I set it so open vpn will take priority? I attached bandwidth graphs. nothing has changed as far as users or bandwidth goes since the connection change over other then the ability to use more now. sorry if what I said doesn't make sense im not the best at explaining it. I hope the graphs help.
bandwidth.xls

phil.davis

100/4 is a big difference in bandwidth in each direction. That is going to be painful for users moving data in the "4" direction. I am guessing that the "4" direction is getting saturated and loads of ACKs in response to packets that flow nicely in the "100" direction are getting delayed.
OpenVPN should be using UDP - but I guess some (too many) packets are going missing or being really delayed in the "4" direction.

I guess you could traffic shape but firstly I am surprised at how different the data rates are in each direction. If you have site-to-site tunnels then I am guessing that users are moving stuff (files…) in both directions, so I would expect that a more balanced link would be good.

djnrg787

its charter in st Louis they market this "awesome" internet I personally hate the company which says yay you get 100mbps but fails to show the 4 upload I don't get it either. on 6/768 dsl we never had an issue. The tunnels only transmit very little data using telnet to power some POS systems. I tried to configure the shaping once before only to get kicked out and make the connection so slow im sure I did something wrong.

djnrg787

Just an update after the connections drop I see in the logs:

php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use CharterGW.
Apr 24 11:42:43 php: rc.openvpn: OpenVPN: Resync server1 State VPN
Apr 24 11:42:43 kernel: in6_purgeaddr: link-local all-nodesmulticast address deletion error
Apr 24 11:42:43 kernel: in6_purgeaddr: node-local all-nodesmulticast address deletion error
Apr 24 11:42:43 kernel: ovpns1: link state changed to DOWN
Apr 24 11:42:43 check_reload_status: Reloading filter
Apr 24 11:42:44 kernel: ovpns1: link state changed to UP
Apr 24 11:42:44 check_reload_status: rc.newwanip starting ovpns1
Apr 24 11:42:46 php: rc.newwanip: rc.newwanip: Informational is starting ovpns1.
Apr 24 11:42:46 php: rc.newwanip: rc.newwanip: on (IP address: 10.0.8.1) (interface: []) (real interface: ovpns1).
Apr 24 11:42:46 php: rc.newwanip: pfSense package system has detected an ip change -> 10.0.8.1 … Restarting packages.
Apr 24 11:42:46 check_reload_status: Starting packages
Apr 24 11:42:48 php: rc.start_packages: Restarting/Starting all packages.

djnrg787

disabling gateway monitoring fixed the problem. I guess cable is just variable and not clean.