Jump to content
Not connected, Your IP: 3.144.84.175
AirVPN
Sign in to follow this  
Followers 0
Visentinel

ANSWERED lag cuases pfsense openvpn to loose it

By Visentinel, ... in Troubleshooting and Problems

Recommended Posts

Visentinel    13

Visentinel
Posted ...

Hey,

 

looking for a pfsense expert to analyse this weird issue.

 

Not sure when this started by i have not change any settings in pfsense

 

When lag occurs on my internet line, it causes pfsense to spike heavy CPU usage followed by the traffic dying, interestingly only the torrent seems to drop to 0k/sec for around 15 to 20 seconds but the pings to 10.6.0.1 or whatever keep going ok. the VPN itself doesn't drop out.

 

what's the go =S ?

Share this post

Link to post

Visentinel    13

Visentinel
Posted ...

Ok i figured it out and want to share what happen to me so others can benefit.

 

I dont have all the answers to the why's exactly but i fixed the underlying problem and its fixed.

 

The other day i changed configuration on my other pfsense (not the one running the VPN!) to secure things better, for example only allowing TCP/UDP instead of any protocol and locking down ICMP pings so i cant be pinged externally but can ping out. Heres the problem the pfsenseVPN instance could no longer ping the gateway IP which is the alias LAN ip of pfsenseinternet.

 

when you configure pfsense for the VPN you tell it to drop states on failed gateways, the monitor would cause assumed disconnections and drop all states causing the download to stop but pings continue because those where not relying on states. the high CPU usage was the firewall filter reloads.

 

Now the thing i dont understand is why the frequency at which the states where been dropped was inconsistent and why did it seem causing lag made it more prone for said state drops to occur, it had me on the rope so bad i was even thinking i had a ADSL modem SNR problem and raised my SNR thinking my line had a problem.

Share this post

Link to post

Visentinel    13

Visentinel
Posted ...

Ok guys here's the crazy explanation for this entire issue.

 

I had an issue where high cpu usage caused the vpn to seem to die, but it was more like just connections get dropped.

 

It was caused by lag ?

The apinger or gateway monitor was unable to reach the monitor ip of the wan upstream (it could reach the airvpn gw interface tho)

Ok here's the entire cause and effect

 

Lag causes apinger to raise a delay alarm which triggers a filter reload and if the gateway monitor ip can't be reached it will therefore also trigger a firewall state drop.

 

Lol and that's how you get a weird issue my friends.

Staff reacted to this

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...