OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: camouflageX on May 04, 2020, 11:55:54 am

Title: OpenVPN packet loss while user authentication
Post by: camouflageX on May 04, 2020, 11:55:54 am

Hello OPNsense community,

I have a question regarding OpenVPN authentication and packet loss:

We have OPNsense 20.1.6 running on a not so powerful hardware, namely a PCEngine APU2C4 (4 x 1 GHz), but it should be sufficient for our needs.

We have an OpenVPN server with server mode "Remote Access (SSL/TLS + User Auth)". Now when a new user authenticates, we have packet loss (about 1 second) for all connections running the same OpenVPN server. Connections on other OpenVPN servers are not affected. Because there are VoIP calls running over the tunnels, the users hear silence for that period of time. This happens even when the average load is close to 0.

Is anyone experiencing the same issue? Is there anything we can configure to improve the packet loss?

Maybe it has some connection to this discussion:
https://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/20150730233727.GW3676%40type.home/#msg34333737


Our OpenVPN settings:
Protocol: UDP
Device mode: tun
TLS Authentication: Enabled
Peer Certificate Authority: Same device
Peer Certificate Revocation List: None
DH Parameters Length: 1024 bit
Encryption algorithm: AES-128-GCM
Auth Digest Algorithm: SHA1
Compression: Disabled
Disable IPv6: Enabled
Dynamic IP: Enabled
Address Pool: Enabled
Topology: Enabled
DNS servers: Enabled
Advanced configuration: None


Thanks for any suggestion.

Title: Re: OpenVPN packet loss while user authentication
Post by: mrjd1981 on November 29, 2020, 01:22:44 am

Ok, so I'm having the same issue, I thought it was a virtualization issue then i created a new system to rule it out.

Turns out that every time one of my openvpn clients attempts to auth it causes the WAN to drop packets. Which ends up causing even more problems because of the TLS auth errors. I verified it is indeed the OpenVPN Connections by using MTR and switching my servers on and off. It happens exactly as explained above.

One of my VPN servers is only 1 client, me. and i'm already connected. So leaving this one causes no PL.

Another server with only 2 users attempting to connect, causes about 8%.

Another server of mine with about 10-12 computers trying to connect at the same time causes 50-60% PL

Title: Re: OpenVPN packet loss while user authentication
Post by: mrjd1981 on November 29, 2020, 02:10:58 am

And.....................more info.

So putting the VPN on the Virtual IP seems to have something to do with it. I went back to my VM instance and going to add my secondary IP as an additional virtual card. and test.

I think something with trying to use the alias IP is causing this PL