OpenVPN versions: 2.3.17, 2.4.3.
Server OS: Windows Server 2008 R2.
Clients: Windows 7 SP1
Inner network: 192.168.1.0/24
Vpn-segment network: 10.10.10.0/24
Server outer address: 1.2.3.4
Server address in inner network: 192.168.1.1
Address of some host in inner network: 192.168.1.11
Server config:
Code: Select all
dev tun
dev-type tun
proto udp
tap-sleep 3
local 192.168.1.1
bind
cipher AES-128-CBC
engine rdrand
server 10.10.10.0 255.255.255.0
topology subnet
push "route 192.168.1.0 255.255.0.0"
(certificates/keys, etc.)
Code: Select all
dev tun
dev-type tun
proto udp
tap-sleep 3
remote 1.2.3.4 1194 udp
nobind
cipher AES-128-CBC
client
(certificates/keys, etc.)
But when I try to connect with a non-existent host inside the server network, then problems appears.
The bandwidth of the vpn channel drops to almost zero.
If I just try to ping a nonexistent host, then throughput reduces almost to zero.
And if I try to make tcp-ping, then throughput became zero - i.e. packets on the vpn-tunnel generally do not go.
For example, such actions lead to this problem:
ping -t 192.168.1.222
tcping -t 192.168.1.222 3389
Here 192.168.1.222 - a host address which physically is absent on an internal network of the server.
For example in case of a server ping everything looks approximately so:
(parallely we do a ping of a nonexistent node by means of a command: ping - t 192.168.1.222)
Code: Select all
>ping -t 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
Reply from 10.10.10.1: bytes=32 time=1563ms TTL=128
Reply from 10.10.10.1: bytes=32 time=2993ms TTL=128
Reply from 10.10.10.1: bytes=32 time=2995ms TTL=128
Reply from 10.10.10.1: bytes=32 time=2994ms TTL=128
Reply from 10.10.10.1: bytes=32 time=2995ms TTL=128
Reply from 10.10.10.1: bytes=32 time=19ms TTL=128
Reply from 10.10.10.1: bytes=32 time=1991ms TTL=128
Reply from 10.10.10.1: bytes=32 time=2995ms TTL=128
Reply from 10.10.10.1: bytes=32 time=2994ms TTL=128
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
Reply from 10.10.10.1: bytes=32 time=1992ms TTL=128
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
And when, for example, I execute such command: tcping - t 192.168.1.222 3389
everything looks so:
Code: Select all
>ping -t 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=19ms TTL=128
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
Reply from 10.10.10.1: bytes=32 time=20ms TTL=128
Reply from 10.10.10.1: bytes=32 time=2241ms TTL=128
Request times out.
Request times out.
Request times out.
Request times out.
Request times out.
Request times out.
Request times out.
I tried the same thing on the OpenVPN 2.2.2 + Windows Server 2003 installation. This problem is not observed.
Please tell me how to solve this problem!