OpenVPN server down with Outgoing TUN queue full

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
EddieRey
OpenVpn Newbie
Posts: 1
Joined: Fri Mar 20, 2020 10:54 am

OpenVPN server down with Outgoing TUN queue full

Post by EddieRey » Fri Mar 20, 2020 11:18 am

Hello everyone,
I'm trying to organize things here so people can work safely from home. My goal is to have about 15 people to be able to connect to their work computer with RDP, through a VPN. I have basic network knowledge, but I'm not an expert...

I've set up a the following working configuration (local subnet is 192.168.2.0)

Server config

port 1194
proto tcp
tcp-queue-limit 65536
bcast-buffers 65536
dev tap
dev-node tap-bridge
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
topology subnet
ifconfig-pool-persist ipp.txt
server-bridge 192.168.2.16 255.255.255.0 192.168.2.150 192.168.2.200
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
persist-key
persist-tun


Client config

client
dev tap
proto tcp
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
comp-lzo


From a "technical" point of view, the VPN is up. Client1 can access his computer with RDP. The problem is that the server is flooded with lines like :

Code: Select all

Thu Mar 19 23:31:16 2020 client1/xx.xxx.xxx.xx:12871 MULTI: Outgoing TUN queue full, dropped packet len=66
Thu Mar 19 23:31:17 2020 client1/xx.xxx.xxx.xx:12871 MULTI: Outgoing TUN queue full, dropped packet len=66
Thu Mar 19 23:31:19 2020 client1/xx.xxx.xxx.xx:12871 MULTI: Outgoing TUN queue full, dropped packet len=66
Thu Mar 19 23:31:21 2020 client1/xx.xxx.xxx.xx:12871 MULTI: Outgoing TUN queue full, dropped packet len=42
Thu Mar 19 23:31:22 2020 client1/xx.xxx.xxx.xx:12871 MULTI: Outgoing TUN queue full, dropped packet len=42
Thu Mar 19 23:31:23 2020 client1/xx.xxx.xxx.xx:12871 MULTI: Outgoing TUN queue full, dropped packet len=42
Thu Mar 19 23:31:23 2020 client1/xx.xxx.xxx.xx:12871 MULTI: Outgoing TUN queue full, dropped packet len=66
A single client can generate hundreds of lines within a minute. OpenVPN server then goes unresponsive for a minute or more, depending on the load (and this is with only ONE connection...)

I thought it could be because I give client an IP of 192.168.2.x, like in the local subnet, and too much traffic was routed through the VPN.
But even when I tried (and failed...) to use 192.168.3.x as a pool for the VPN clients, I had the same problem anyway, even with my bridge 192.168.3.x => 192.168.2.x not working...

I tried to increase tcp-queue-limit and bcast-buffers, as you can see, but to no avail.

Any idea of what I did wrong ?

Thanks in advance
Last edited by Pippin on Fri Mar 20, 2020 1:16 pm, edited 1 time in total.
Reason: Formatting

Post Reply