MULTI: Outgoing TUN queue full, dropped packet len=x

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mo_need_help
OpenVpn Newbie
Posts: 2
Joined: Sun Jun 21, 2020 5:11 pm

MULTI: Outgoing TUN queue full, dropped packet len=x

Post by mo_need_help » Mon Jun 22, 2020 12:14 pm

Hi
have two Windows 2012R2 Server (client/server) with OpenVPN latest Version. I connect to my client and build up a kind of side to side VPN.
Since 2-3 week there is paket lost/droped. When i make a perm ping sometimes it break away. In log file there is a error like "MULTI: Outgoing TUN queue full, dropped packet len=x" and the connection freez.
Some other moments the connection freez for 3-4sek and then run again. Here my conf files. Any idea what the problem can be?

Server Conf
port 443
proto tcp4-server
dev tun
server 172.22.0.0 255.255.0.0
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\crt.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\key.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh4096.pem"
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0
client-config-dir C:\\Temp\\OpenVPN_Client_Config
route 10.1.0.0 255.255.0.0
route 192.168.0.0 255.255.0.0
push "route 10.1.0.0 255.255.0.0"
push "route 192.168.0.0 255.255.0.0"
ifconfig-pool-persist ipp.txt
client-to-client
auth SHA512
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
tls-version-min 1.2
remote-cert-tls client
comp-lzo
keepalive 10 120
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 4
management 127.0.0.1 7505
tcp-queue-limit 256
sndbuf 327680
rcvbuf 327680
socket-flags TCP_NODELAY
push "socket-flags TCP_NODELAY"


Client
dev tun
remote publicIP
port 443
proto tcp4-client
tls-client
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\crt.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\key.key"
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 1
pull
cipher AES-256-CBC
keepalive 10 120
comp-lzo
verb 3
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
remote-cert-tls server
verify-x509-name Zert name
tcp-queue-limit 256

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7342
Joined: Fri Jun 03, 2016 1:17 pm

Re: MULTI: Outgoing TUN queue full, dropped packet len=x

Post by TinCanTech » Mon Jun 22, 2020 12:34 pm

mo_need_help wrote:
Mon Jun 22, 2020 12:14 pm
tcp-queue-limit 256
Try a higher value.
mo_need_help wrote:
Mon Jun 22, 2020 12:14 pm
auth SHA512
This is a bad idea, comment it out in both server and client.
(It slows your computer down and does not add any true security)

mo_need_help
OpenVpn Newbie
Posts: 2
Joined: Sun Jun 21, 2020 5:11 pm

Re: MULTI: Outgoing TUN queue full, dropped packet len=x

Post by mo_need_help » Mon Jun 22, 2020 12:52 pm

What kind of higher value? What is max?

Why? I thought it would be good for security?!

Post Reply