Advice on how to handle monitoring the VPN connection by router software

[Jamertol 0]

Hi

I have set up a software router in my home and added a VPN AirVPN connection. The connection seems solid and stable, using OpenVPN. But the problem is the monitoring of the connection. Apparently, AirVPN servers do not resond very well to the monitoring messages of the router and eventually a 20%+ rate of packet drops is detected and the router automatically drops the connection thinking that there is something wrong with it. But if I disconnect monitoring the connection does not drop and works perfectly, fully maxing my ISP bandwith, which I am guessing it could not do if the AirVPN connection was having 20%+ packet drop rate.

Has anyone been in this situation? If that is the case, what can I do to improve the monitoring connection to the AirVPN servers? Any advice welcomed.

[OpenSourcerer 1359]

What is this "software router"? How are you monitoring it? Give us some names at least.

[Jamertol 0]

On 3/25/2021 at 11:35 AM, OpenSourcerer said:

What is this "software router"? How are you monitoring it? Give us some names at least.

pfSense.

I have managed to solve the issue. I am posting it here in case someone who is doing this as a hobby like me has the same problem.

The default configuration of pfSense has the gateway send an IMCP packet every half second to check the stability of the connection. If you do not indicate a specific server, a gateway from a vpn interface sends the packet to the vpn server it is connecting to. Apparently the AirVPN servers did not like being probed so quick, every half second, and was droping some packets, giving the impression to my router that the connection was failing, when in reality the connection was stable, it was just the monitoring failing. The solution I found was to probe the AirVPN server less often. In this case I settled to probe it every 2 seconds, 4 times slower than the default. That means that I also had to increase other time parameters, like the time to average answer over. I basically multiplied every parameter per 4. I tried doing it x2, that means probing every one second, but, while better, it was still droping too much. Hope this helps someone.

[dIecbasC 38]

You can solve this by using N external server too such as 8.8.8.8 in the gateway monitor field. 
just be aware this will add a static route to the monitor address so best to use an address that you aren’t using for DNS resolution. 

[Jamertol 0]

Thanks for the advice, but I honestly prefer not to ping servers of Amazon, Cloudfare or Goolag like the example 8.8.8.8 that you gave (and others). This is for privacy reasons and also I do not want to depend on them. Too much of the Internet already depends on them when it should not.

I think reducing the speed of pings is a better compromise. The only downside of reducing the ping is that if the connection goes down for real, it takes a bit longer for the software to realize about it. At least in my case, that is not a big deal.

[Air4141841 23]

I had used air on pfsense for years and never experienced anything of what you are talking about.. the monitoring server is the default gateway/ gateway address of the Tunnel it’s connected too 

[Jamertol 0]

5 hours ago, Air4141841 said:

I had used air on pfsense for years and never experienced anything of what you are talking about.. the monitoring server is the default gateway/ gateway address of the Tunnel it’s connected too 

Then maybe it is something in my connection, although I can not think on what, maybe the server I am connecting to, maybe something between the two. I just though explaining what worked for me might help someone.