high traffic usage using TAP mode - cellular iot clients
Posted: Tue Oct 18, 2022 8:54 am
Hi there
we have an issue with our deployment. There are 300 clients deployed with uplink via cellular modems and our
our pay-per-use data costs are much higher than they should be.
our use-case for using openVPN is that we can remote connect to the systems from time to time. We don't need all the clients to access each other, only a few selected clients to access all the other clients.
we notice that in openVPN monitor tool, and in ntop as well, the RX traffic is pretty much identical to the TX traffic. and that inactive devices are still getting lots of RX traffic.
we are using TAP mode and client-to-client is enabled
# openvpn server
cd /etc/openvpn/server
daemon
dev tap
proto udp
#local ipaddr to bind. Change it with Server IP.
local XXXXX
port 1194
server-bridge 10.0.8.1 255.255.255.0 10.0.8.11 10.0.8.254
ifconfig-pool-persist ip_pool.txt
up interface-up.sh
client-to-client
keepalive 10 120
comp-lzo
user root
group root
persist-key
persist-tun
ca /etc/openvpn/easyrsa/pki/ca.crt
cert /etc/openvpn/easyrsa/pki/issued/server.crt
key /etc/openvpn/easyrsa/pki/private/server.key
dh /etc/openvpn/easyrsa/pki/dh.pem
crl-verify /etc/openvpn/easyrsa/pki/crl.pem
status /var/log/openvpn-status-server.log
log /var/log/openvpn-server.log
verb 3
script-security 2
management 127.0.0.1 5555
management 0.0.0.0 5555
#saturas
dev tap
client
remote xxxxx 1194
proto udp
nobind
resolv-retry infinite
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
# copy from openvpn-server /etc/openvpn/easyrsa/pki/ca.crt
when I disabled client-to-client, the traffic dropped to the normal/expected usage rates.
So I guess this is the issue, although i don't understand it.
any help would be much appreciated
we have an issue with our deployment. There are 300 clients deployed with uplink via cellular modems and our
our pay-per-use data costs are much higher than they should be.
our use-case for using openVPN is that we can remote connect to the systems from time to time. We don't need all the clients to access each other, only a few selected clients to access all the other clients.
we notice that in openVPN monitor tool, and in ntop as well, the RX traffic is pretty much identical to the TX traffic. and that inactive devices are still getting lots of RX traffic.
we are using TAP mode and client-to-client is enabled
server
# openvpn server
cd /etc/openvpn/server
daemon
dev tap
proto udp
#local ipaddr to bind. Change it with Server IP.
local XXXXX
port 1194
server-bridge 10.0.8.1 255.255.255.0 10.0.8.11 10.0.8.254
ifconfig-pool-persist ip_pool.txt
up interface-up.sh
client-to-client
keepalive 10 120
comp-lzo
user root
group root
persist-key
persist-tun
ca /etc/openvpn/easyrsa/pki/ca.crt
cert /etc/openvpn/easyrsa/pki/issued/server.crt
key /etc/openvpn/easyrsa/pki/private/server.key
dh /etc/openvpn/easyrsa/pki/dh.pem
crl-verify /etc/openvpn/easyrsa/pki/crl.pem
status /var/log/openvpn-status-server.log
log /var/log/openvpn-server.log
verb 3
script-security 2
management 127.0.0.1 5555
management 0.0.0.0 5555
client
#saturas
dev tap
client
remote xxxxx 1194
proto udp
nobind
resolv-retry infinite
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
# copy from openvpn-server /etc/openvpn/easyrsa/pki/ca.crt
when I disabled client-to-client, the traffic dropped to the normal/expected usage rates.
So I guess this is the issue, although i don't understand it.
any help would be much appreciated