Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Static route with high packet loss
« previous
next »
Print
Pages: [
1
]
Author
Topic: Static route with high packet loss (Read 468 times)
philipb232
Newbie
Posts: 5
Karma: 0
Static route with high packet loss
«
on:
July 08, 2024, 04:13:14 pm »
Hi,
I have a VPN-Gateway in my LAN Network and I want all clients to be able to use the network behind that VPN Gateway.
So I added a Gateway and a static route in my opnsense firewall.
Ping works fine but I have a huge problem with TCP traffic. It seems that they are a lot of lost packages / re transmissions.
The thing is, when I apply the same static route on a client pc it works flawlessly.
LAN IP OPNsense: 10.10.50.254
IP VPN-Gateway: 10.10.50.200
Subnet behind VPN Gateway: 10.20.0.0/16
Route I use: 10.20.0.0/16 10.10.50.200 LAN
One thing I noticed in the Firewall -> Log Files -> Live View is that there is allowed traffic but also sometimes blocked traffic. Same source local network IP, same destination VPN IP, same ports, same protocol.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Static route with high packet loss
«
Reply #1 on:
July 08, 2024, 07:33:24 pm »
Do you habe upstream gateway in the interface set? Sounds like packets are sent to the wrong gateway
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
philipb232
Newbie
Posts: 5
Karma: 0
Re: Static route with high packet loss
«
Reply #2 on:
July 09, 2024, 11:02:21 am »
I tested some more things and I'm some what sure that it must have something to do with the way opnsense handles TCP sessions.
The problem only occurs at clients in the same subnet as the the VPN Getaway. Clients in other subnets (VLANS) are working fine.
So I think opnsense has problems keeping track of the TCP sessions because it only sees the outgoing traffic but not the incoming. (Because the VPN Getaway is in the same subnet and answers clients directly)
I already tried setting "State Type" to none in my firewall policy but the problem is still present.
Also one thing why I think it has something to do with the TCP sessions is, that the first page load succeeds and if I immediately reload the page it ends with lots of timeouts, but if I wait a minute the page reloads perfectly.
«
Last Edit: July 09, 2024, 11:04:07 am by philipb232
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Static route with high packet loss