UDP Client connection becoming slow

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example.
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 02, 2017 2:30 pm

UDP Client connection becoming slow

Postby radmiraal » Wed Aug 02, 2017 3:36 pm

Hi, I've an issue with a server that uses openvpn. After restarting openvpn all internet on the machine is fast, and we've no connectivity issues at all. But after a while (can be about 15 minutes or maybe an hour) internet becomes slow, and for example public key auth on cloning git repositories starts to fail.

I'm using the exact same openvpn server on my local machine, and there I've no issues at all. After searching for a few days I feel like being lost, and could need some pointers.

The only 2 differences I can think of between my local machine and the server is the OS (server is Centos 7, local machine ubuntu), and the fact that the server is in the same subnet as the vpn server. I did add some push routes to be sure the vpn server and gateway are not routed over vpn (we do not route alll traffic over vpn).

The interesting part of the 'route -n' output:

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         <subnet>.254         UG    100    0        0 ens192   U     0      0        0 tun0   UG    1      0        0 tun0     U     0      0        0 docker0
<subnet>.0   UG    20     0        0 tun0
<subnet>.0   U     100    0        0 ens192
<subnet>.111 UH    1      0        0 ens192
<subnet>.254 UH    1      0        0 ens192

Using 'ip route get <ip>' I do see that it picks the gateway (default or vpn) as I expect.

The server is a pfsense machine, not sure how to copy the raw server.conf from there. The client.conf is exported from pfsense, this is my current client.conf (I've played around with the sndbuf / rcvbuf / mssfix and fragment parameters):

dev tun
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
remote <openvpn ipv4 address> <openvpn port> udp
verify-x509-name "<openvpn.fqdn>" name
pkcs12 <key path>.p12
tls-auth <key path>.key 1
remote-cert-tls server
comp-lzo no

sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"

fragment 1200

I'm kind of lost what settings might still have an affect on the performance over time and would appreciate hints / terms to google for or possible solutions.

Return to “Server Administration”

Who is online

Users browsing this forum: No registered users and 4 guests