1
20.1 Legacy Series / OpenVPN packet loss while user authentication
« on: May 04, 2020, 11:55:54 am »
Hello OPNsense community,
I have a question regarding OpenVPN authentication and packet loss:
We have OPNsense 20.1.6 running on a not so powerful hardware, namely a PCEngine APU2C4 (4 x 1 GHz), but it should be sufficient for our needs.
We have an OpenVPN server with server mode "Remote Access (SSL/TLS + User Auth)". Now when a new user authenticates, we have packet loss (about 1 second) for all connections running the same OpenVPN server. Connections on other OpenVPN servers are not affected. Because there are VoIP calls running over the tunnels, the users hear silence for that period of time. This happens even when the average load is close to 0.
Is anyone experiencing the same issue? Is there anything we can configure to improve the packet loss?
Maybe it has some connection to this discussion:
https://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/20150730233727.GW3676%40type.home/#msg34333737
Our OpenVPN settings:
Protocol: UDP
Device mode: tun
TLS Authentication: Enabled
Peer Certificate Authority: Same device
Peer Certificate Revocation List: None
DH Parameters Length: 1024 bit
Encryption algorithm: AES-128-GCM
Auth Digest Algorithm: SHA1
Compression: Disabled
Disable IPv6: Enabled
Dynamic IP: Enabled
Address Pool: Enabled
Topology: Enabled
DNS servers: Enabled
Advanced configuration: None
Thanks for any suggestion.
I have a question regarding OpenVPN authentication and packet loss:
We have OPNsense 20.1.6 running on a not so powerful hardware, namely a PCEngine APU2C4 (4 x 1 GHz), but it should be sufficient for our needs.
We have an OpenVPN server with server mode "Remote Access (SSL/TLS + User Auth)". Now when a new user authenticates, we have packet loss (about 1 second) for all connections running the same OpenVPN server. Connections on other OpenVPN servers are not affected. Because there are VoIP calls running over the tunnels, the users hear silence for that period of time. This happens even when the average load is close to 0.
Is anyone experiencing the same issue? Is there anything we can configure to improve the packet loss?
Maybe it has some connection to this discussion:
https://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/20150730233727.GW3676%40type.home/#msg34333737
Our OpenVPN settings:
Protocol: UDP
Device mode: tun
TLS Authentication: Enabled
Peer Certificate Authority: Same device
Peer Certificate Revocation List: None
DH Parameters Length: 1024 bit
Encryption algorithm: AES-128-GCM
Auth Digest Algorithm: SHA1
Compression: Disabled
Disable IPv6: Enabled
Dynamic IP: Enabled
Address Pool: Enabled
Topology: Enabled
DNS servers: Enabled
Advanced configuration: None
Thanks for any suggestion.