pfSense Gold Subscription

Author Topic: Connectivity Problems  (Read 231 times)

0 Members and 1 Guest are viewing this topic.

Offline Booch

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Connectivity Problems
« on: November 23, 2017, 09:57:30 pm »
Good evening everyone.  I've been having a problem where I can't connect to websites, streams, etc. when utilizing the OpenVPN connection to PIA(also tested with IPVanish).  Rarely I'll get a webpage to load on the first try.  Most frequently I'll have to refresh the page 2+ times and finally it will load or if I walk away and come back the page may or may not have loaded on its own.  This happens for kodi streams, browsers, anything I connect with.  Now once I have established a connection I have full speeds with no issue, torrents d/l as fast as they can, streams are 1080p.  If I route traffic out the WAN I do not have the connectivity issue.  Likewise if I have pfSense set to use WAN and I then use PIA's(or IPVanish) custom software I do not have the connectivity issue.  I've compared logs of IPVanish and OpenVPN and they appear to be nearly identical (ports, encryption, etc. are all correct).  While I am a novice in pfSense and networking I have had a functional setup using pfSense and OpenVPN for years.  I've used this setup in Hyper-V and on real hardware.  I would say I've had this connection problem for a couple years and have tried troubleshooting off and on the whole time.  I'm finally tired of it and need some help.  I'll post any specs, pics, configs anything you guys need just let me know.  My current setup is as follows:

Lenovo ThinkCentre i5-3550
8GB RAM
pfSense 2.4.2
AES-NI enabled (I had the problem before and during having this enabled)
xfinity cable internet
Dual Intel Nic (I can't remember model, server class though running igb firmware in pfsense)
Manual outbound NAT is configured and functional along with various firewall rules (again I've been functional for years)
I have DNS servers in general setup for PIA, IPVanish - DNS override and forwarder are not checked. DNS Resolver is enabled in services.
UDP connection to VPNs
My MTU is 1500 and confirmed in logs (although IPVanish wants to override to 1625 in both OpenVPN and client software)

Advanced config in VPN client:
ifconfig-nowarn;
resolv-retry infinite;
persist-key;
persist-tun;
persist-remote-ip;
remote-cert-tls server;
verb 3;
auth-nocache


Over the years I've played with roadwarrior setups, snort, squid.  I've monkey'd with things, followed tons of guides for an equal amount of installs on different platforms and have always had this issue.  Quite frankly the last time I think I had a fully functional VPN was back when pfSense was still using legacy drivers for VMs.

Offline Booch

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Connectivity Problems
« Reply #1 on: November 27, 2017, 02:48:19 pm »
No help here?  Not a soul has any idea as to what could be wrong?  Am I missing something people need to troubleshoot?  I'm trying to figure out why there are 75 views but not a single response.  Someone has to have some random off-shoot idea. :(

Offline dsp3

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Connectivity Problems
« Reply #2 on: November 28, 2017, 12:07:00 pm »
I'm trying to figure out why there are 75 views but not a single response.
Maybe post something which we can help you with? Maybe some openvpn connections logs?

Offline dsp3

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Connectivity Problems
« Reply #3 on: November 29, 2017, 09:32:07 am »
From your pfsense openvpn log
Quote
ERROR: FreeBSD route add command failed: external program exited with error status: 1
Overlapping subnets I would guess. You need to check this.

Offline Booch

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Connectivity Problems
« Reply #4 on: December 02, 2017, 12:09:48 pm »
From your pfsense openvpn log
Quote
ERROR: FreeBSD route add command failed: external program exited with error status: 1
Overlapping subnets I would guess. You need to check this.

Thank you for tossing an idea my way.  I started diving into that error and researching errors with route pulling/pushing.  After a bunch of research I remembered I hadn't looked at the PIA openvpn log to see if it too had the error you mentioned and it did not.  I've done some further research regarding the PIA side of things and I'm no further than I was before.  I've attached the PIA log from openvpn for review and the only thing that I can see as an issue is the link-mtu/cipher/auth/keysize get the "used incorrectly" error (I've seen a ton of people have that issue with PIA and none of them talk about the issues I'm having) but I'm open to suggestions on that front.  I don't see any other errors in that log but maybe my eyes are missing something.  Any thoughts from here?