Jump to content
Not connected, Your IP: 3.235.75.229
dalesd

Packet loss regardless of server, using PfSense

Recommended Posts

I have chronic packet loss on the VPN.  It's 2-10% and enough to cause problems with voice chat over discord.  

 

DgI0tW6.png

 

I get a solid 0% packet loss on the WAN Gateway.  

 

FMfbGz4.png

 

How do I go about troubleshooting and fixing this?  

 

It seems to persist regardless of the US server I try.  

Share this post


Link to post

Are you using any kind of traffic shaper in pfSense on your VPN interfaces?  I was using CODELQ to try to reduce buffer bloat and ended up with similar packet loss (though only on my backup VPN server).  Once I turned that off, the packet loss disappeared.  Might be a red herring, but I thought I'd pass it along.

Share this post


Link to post

I have pfsense and no problem with pfsense.  Point, airvpn is affected by snort, squid, or firewall.  Make sure all of the executables in airvpn folder are not being blocked.  Also you can change the ip of the gateway if needed.  But I forgotten to mention pfblocker.  Can you post your log files from eddie client?

Share this post


Link to post

I've just been dealing with a similar issue after an ISP swap - except my loss % was significantly higher! This is how I've fixed it.

 

On pfSense, 1st make sure you have no MTU or MSS related settings in the OpenVPN Advanced Config / Custom Options. Then jump into Diagnostics -> Command Prompt and Execute Shell Command:

 

ping -D -v -s 1472 -c 1 example.com

 

If you're too big, it'll report something like:

36 bytes from localhost (127.0.0.1): frag needed and DF set (MTU 1500)

 

If you're sweet something like:

1480 bytes from 112.xxx.xxx.70: icmp_seq=0 ttl=54 time=55.066 ms

 

1472 was my magic number... subtract 40 from that. Then under Advanced Config / Custom Options add:

 

mssfix 1432;

 

 

With luck it'll work for you...

 

Share this post


Link to post

I've just been dealing with a similar issue after an ISP swap - except my loss % was significantly higher! This is how I've fixed it.

 

On pfSense, 1st make sure you have no MTU or MSS related settings in the OpenVPN Advanced Config / Custom Options. Then jump into Diagnostics -> Command Prompt and Execute Shell Command:

 

ping -D -v -s 1472 -c 1 example.com

 

If you're too big, it'll report something like:

36 bytes from localhost (127.0.0.1): frag needed and DF set (MTU 1500)

 

If you're sweet something like:

>>

1480 bytes from 112.xxx.xxx.70: icmp_seq=0 ttl=54 time=55.066 ms

 

1472 was my magic number... subtract 40 from that. Then under Advanced Config / Custom Options add:

 

mssfix 1432;

 

 

With luck it'll work for you...

 

 

 

A possible problem with this is that by default openvpn uses an mssfix of 1450.  Perhaps your test should be done with mssfix 0 in the custom options?

 

Another possible problem is that a ping sent from that web GUI interface probably just goes out the WAN and not the VPN tunnel.

Share this post


Link to post

A possible problem with this is that by default openvpn uses an mssfix of 1450.  Perhaps your test should be done with mssfix 0 in the custom options?

 

 

Another possible problem is that a ping sent from that web GUI interface probably just goes out the WAN and not the VPN tunnel.

 

Interesting regarding the 1450 default. The outcome however was the same for me and yes, the ping test was performed outside the tunnel.

 

End result in my case though is 0% loss and a return to stability for the VPN connection (particularly in the case of large file transfers, which were previously unworkable). Perhaps it could be done differently by defining a smaller link-mtu instead, I may try this over the coming days if there is any issue due to the mssfix specification.

Share this post


Link to post

I have pfsense and no problem with pfsense.  Point, airvpn is affected by snort, squid, or firewall.  Make sure all of the executables in airvpn folder are not being blocked.  Also you can change the ip of the gateway if needed.  But I forgotten to mention pfblocker.  Can you post your log files from eddie client?

 

 

What's an eddie client?  

Share this post


Link to post

I have pfsense and no problem with pfsense.  Point, airvpn is affected by snort, squid, or firewall.  Make sure all of the executables in airvpn folder are not being blocked.  Also you can change the ip of the gateway if needed.  But I forgotten to mention pfblocker.  Can you post your log files from eddie client?

 

I don't use snort or squid or pfblocker. 

I don't know what you mean about "executables in airvpn folder are not being blocked"  

I don't use the eddie client.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...