Communication over OpenVPN interupted (TCP errors over UDP)

[cacamille3]

Hi,

I am using an OpenVPN 2.5.7 on Windows Server 2016.
My Client is using OpenVPN 2.5.7 on a Windows 10 Pro.
I am having some network issue when a lot of traffic appears on the OpenVPN interface.
In order to reproduce, I used iperf3 and did some tests.
Quite often the transfer litterally stop on the vpn interface.
I can see a lot of TCP errors (TCP DUP ACK, TCP Fast Retransmission, TCP Out-Of-Order) on the VPN interface.
Errors actually happen not only during the interval where the transfer stop but during the whole 20 seconds...

What could cause the transfer to stop ? Any idea how to resolve this issue ?

On the Server I started iperf3 with the the following command: iperf3 -s

Here are the result I obtain on the client.

Code: Select all

C:\iperf-3.1.3-win64>iperf3 -c xxx.xxx.xxx.xxx -p 5201 -t 20
Connecting to host xxx.xxx.xxx.xxx, port 5201
[  4] local xxx.xxx.xxx.xxx port 1041 connected to xxx.xxx.xxx.xxx port 5201
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-1.00   sec  7.25 MBytes  60.6 Mbits/sec
[  4]   1.00-2.00   sec  9.75 MBytes  81.7 Mbits/sec
[  4]   2.00-3.01   sec  10.9 MBytes  91.1 Mbits/sec
[  4]   3.01-4.00   sec  10.1 MBytes  85.2 Mbits/sec
[  4]   4.00-5.01   sec  4.50 MBytes  37.4 Mbits/sec
[  4]   5.01-6.01   sec  0.00 Bytes  0.00 bits/sec
[  4]   6.01-7.00   sec  9.12 MBytes  77.3 Mbits/sec
[  4]   7.00-8.01   sec  2.25 MBytes  18.7 Mbits/sec
[  4]   8.01-9.01   sec  0.00 Bytes  0.00 bits/sec
[  4]   9.01-10.01  sec  8.12 MBytes  68.6 Mbits/sec
[  4]  10.01-11.00  sec  6.50 MBytes  54.9 Mbits/sec
[  4]  11.00-12.00  sec  9.12 MBytes  76.5 Mbits/sec
[  4]  12.00-13.00  sec  9.12 MBytes  76.3 Mbits/sec
[  4]  13.00-14.01  sec  9.62 MBytes  80.0 Mbits/sec
[  4]  14.01-15.00  sec  9.00 MBytes  76.1 Mbits/sec
[  4]  15.00-16.00  sec  9.88 MBytes  82.9 Mbits/sec
[  4]  16.00-17.00  sec  10.6 MBytes  89.1 Mbits/sec
[  4]  17.00-18.01  sec  10.5 MBytes  87.8 Mbits/sec
[  4]  18.01-19.00  sec  10.2 MBytes  86.5 Mbits/sec
[  4]  19.00-20.00  sec  5.88 MBytes  49.3 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bandwidth
[  4]   0.00-20.00  sec   152 MBytes  64.0 Mbits/sec                  sender
[  4]   0.00-20.00  sec   152 MBytes  63.9 Mbits/sec                  receiver

Server Config:

Code: Select all

proto udp
port 1194
dev tun
server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
keepalive 10 120
reneg-sec 86400
client-to-client
data-ciphers AES-256-GCM
verb 3
suppress-timestamps
explicit-exit-notify 2
push "explicit-exit-notify 2"
persist-key
persist-tun
max-clients 510
topology subnet
remote-cert-tls client
script-security 2
client-connect "[...]\\client_connect_script.bat"
ifconfig-pool-persist "[...]\\client_ips.txt" 0
crl-verify "[...]\\crl.crl"
ca "[...]\\ca.crt"
cert "[...]\\server.crt"
key "[...]\\server.key"
dh "[...]\\dh.pem"
tls-auth "[...]\\ta.key" 0
client-config-dir "[...]\\ccd"

Client Config:

Code: Select all

client
server-poll-timeout 4
nobind
remote xxxxxxxxxxxxxxx 1194 udp
dev tun
cipher AES-256-CBC
remote-cert-tls server
connect-retry 10 90
reneg-sec 604800
auth-nocache
verb 3
setenv PUSH_PEER_INFO
key-direction 1
ca "[...]\\ca.crt"
cert "[...]\\client.crt"
key "[...]\\client.key"
tls-auth "[...]\\ta.key"

[TinCanTech]

I used a Win7 virtual machine server and have no such issues:

Code: Select all

Connecting to host 10.7.0.1, port 5201
[  5] local 10.7.0.2 port 44406 connected to 10.7.0.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  13.5 MBytes   113 Mbits/sec  264   9.20 KBytes       
[  5]   1.00-2.00   sec  13.6 MBytes   114 Mbits/sec  290   7.89 KBytes       
[  5]   2.00-3.00   sec  14.5 MBytes   122 Mbits/sec  315   9.20 KBytes       
[  5]   3.00-4.00   sec  14.0 MBytes   117 Mbits/sec  254   15.8 KBytes       
[  5]   4.00-5.00   sec  14.4 MBytes   121 Mbits/sec  266   7.89 KBytes       
[  5]   5.00-6.00   sec  13.9 MBytes   117 Mbits/sec  313   9.20 KBytes       
[  5]   6.00-7.00   sec  14.4 MBytes   121 Mbits/sec  239   13.1 KBytes       
[  5]   7.00-8.00   sec  13.5 MBytes   113 Mbits/sec  318   14.5 KBytes       
[  5]   8.00-9.00   sec  14.0 MBytes   117 Mbits/sec  264   15.8 KBytes       
[  5]   9.00-10.00  sec  14.2 MBytes   119 Mbits/sec  192   11.8 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec   140 MBytes   118 Mbits/sec  2715             sender
[  5]   0.00-10.00  sec   140 MBytes   117 Mbits/sec                  receiver

iperf Done.

You could try the wintun driver: --windows-driver wintun

[cacamille3]

Yes I tried it, on Server side, Client or both.
Still the same issue...

I forgot to mention that I have quite a lot of clients (around 150) also connected to the server but they are silent or not transferring significant amount of data during the test (<10kbps)

[TinCanTech]

I have quite a lot of clients (around 150)

openvpn.exe is single-threaded and blocks during every client re/connection.

[genitek]

I have the same error, but I start to have packet lost, ping timeout after only 2 users, and vpn become unusable with near 5 users connected..!

[TinCanTech]

@ genitek me2 posters do not help. Please see viewtopic.php?t=22603