UDP Client connection becoming slow

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
radmiraal
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 02, 2017 2:30 pm

UDP Client connection becoming slow

Post by radmiraal » Wed Aug 02, 2017 3:36 pm

Hi, I've an issue with a server that uses openvpn. After restarting openvpn all internet on the machine is fast, and we've no connectivity issues at all. But after a while (can be about 15 minutes or maybe an hour) internet becomes slow, and for example public key auth on cloning git repositories starts to fail.

I'm using the exact same openvpn server on my local machine, and there I've no issues at all. After searching for a few days I feel like being lost, and could need some pointers.

The only 2 differences I can think of between my local machine and the server is the OS (server is Centos 7, local machine ubuntu), and the fact that the server is in the same subnet as the vpn server. I did add some push routes to be sure the vpn server and gateway are not routed over vpn (we do not route alll traffic over vpn).

The interesting part of the 'route -n' output:

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         <subnet>.254   0.0.0.0         UG    100    0        0 ens192
10.91.0.0       0.0.0.0         255.255.255.0   U     0      0        0 tun0
10.93.0.0       10.91.0.1       255.255.255.0   UG    1      0        0 tun0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
<subnet>.0     10.91.0.1       255.255.255.0   UG    20     0        0 tun0
<subnet>.0     0.0.0.0         255.255.255.0   U     100    0        0 ens192
<subnet>.111   0.0.0.0         255.255.255.255 UH    1      0        0 ens192
<subnet>.254   0.0.0.0         255.255.255.255 UH    1      0        0 ens192
Using 'ip route get <ip>' I do see that it picks the gateway (default or vpn) as I expect.

The server is a pfsense machine, not sure how to copy the raw server.conf from there. The client.conf is exported from pfsense, this is my current client.conf (I've played around with the sndbuf / rcvbuf / mssfix and fragment parameters):
client.conf
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote <openvpn ipv4 address> <openvpn port> udp
verify-x509-name "<openvpn.fqdn>" name
pkcs12 <key path>.p12
tls-auth <key path>.key 1
remote-cert-tls server
comp-lzo no
passtos

sndbuf 0
rcvbuf 0
push "sndbuf 393216"
push "rcvbuf 393216"

fragment 1200
mssfix
I'm kind of lost what settings might still have an affect on the performance over time and would appreciate hints / terms to google for or possible solutions.

romon2002
OpenVpn Newbie
Posts: 1
Joined: Wed Oct 11, 2017 2:04 pm

Re: UDP Client connection becoming slow

Post by romon2002 » Wed Oct 11, 2017 2:12 pm

Probably I have the same issue.

My server going slower after several days.
If I try to ping remote hosts via vpn I see packet loss from 65% to 95%.
If I try to ping my external vpn ip, there are no packet loss.

So it looks packets losts on vpn.
Everything starts working fine if I restart openvpn service.

Current version is 2.4.4 but I've got the same results with 2.4.3 and 2.3 also.

Did anybody face the same issue?

Post Reply