OpenVPN Error with 23.05 Plus+

I’ve had this error over the last week for my AirVPN client on PfSense Plus 23.05, my previous version 2.5.2 was rock solid with no issues. The VPN providers servers are ok, when I connect to them over OpenVPN on my laptop the speeds fine via my network I get speeds of 1-5% of line speed.

I’ve migrated from pfSense 2.5.2 to 23.05 over the last few weeks, the main solution I can find is to use a TCP connection instead of UDP, this gives around 50-60% of line speed.

I’ve tried some of the settings under System > Advanced > Firewall & NAT > VPN Packet Processing but I didn’t notice much difference.

Does anyone know what the cause and solution is for this error message ?

Are you using the same encryption suite as the previous version of pfsense?

Yes, I’ve been running 2.5.2 for ages, no problems. I’ve done a config restore onto 22.05, pretty sure the openvpn client config is ok but probably some setting needs to be adjusted for 2.6 or higher that I have missed.

So I’ve now rolled back to 2.5.2, that same error comes up but my speeds are about 95% of line speed. Not too sure what to make of this.

Maybe it might be worth looking at current bug tickets or at least interfacing with netgate to help with diagnosing the issue.

You might be right, this error isn’t anything new, a few posts on the Netgate forum but the solutions don’t seem to fit. Will post there too.

Just for completeness, I’ve been having issues with both 2.5.2 and 23.05 for my VPN connections. To the point where I have lost sight of the changes I have made to my base config.

However, I think I have moved from my PPPoE to Fiber connection and identified the missing step:

On my PPPoE build the Hardware Checksum Offloading was unchecked, now checked I can set UDP on my VPN connections to get max speed. If I uncheck and set TCP on the VPN connection I get close to max speed.

This might help someone else who makes the same change. This works perfectly for 2.5.2 I have yet to confirm this for 23.05 but I’m guessing it will work.

Having now upgrade to 23.05.1 my vpn connections are stable over UDP, after 24hrs.
The latency is low and speeds are 98% of line speed running with limiters.

I’m still none the wiser as to the original fault, my suspicions are that perhaps the fixes made to unbound in this release was probably a major factor.