2.2 and 2.3 clients connect to the server and are completely happy.
2.4 clients connecting to the server get connected and... well. They have varying and intermittent issues. pings work pretty much universally the whole time, but ssh or web things will work/break/work/break and be frustratingly unreliable. Sometimes they will timeout in under a few minutes. Sometimes they will linger on without dying but be unusable. Almost all connections will become unusable within 30 minutes. Detuning to 2.3 and using the same config on the same client box removes all issues.
My question is, what is different about a 2.4 client that would have it behave this differently from a 2.3 client, with an identical config?
Things I've looked into:
- I'm aware of comp-lzo being deprecated, but it's still valid (and handled in my future 2.4 server)
- I turned the verbosity to 6, traffic appears to be passing whether an ssh command is working or failing.
- With verbosity at 6, the client parameters have some differences when I run it as 2.3 or 2.4, but nothing jumps out at me.
- There's no client firewall in play, and no drops/blocks observed on the server's iptables.
server 10.8.248.0 255.255.252.0
push "dhcp-option DNS 10.8.72.15"
push "dhcp-option DOMAIN company.com"
keepalive 10 120
tls-auth /etc/openvpn/udp/keys/ta.key 0
plugin /usr/lib/openvpn/plugins/duo_openvpn.so /usr/lib/openvpn/plugins/duo_openvpn.py
management /var/run/openvpn-udp.socket unix
remote vpn.company.com 1194 udp
tls-auth private/ta.key 1