First, let me say I think this is a PEBKAC error. pfSense is a very tested and solid platform, so I have no illusions that it’s broken. Me, on the other hand, that’s a different story.
I had an old computer (Dual core I5 with 4GB RAM) and decided to make my first foray into pfSense. I popped in an old RTL8139 NIC and installed pfSense. Easy peasy.
Onboard NIC was WAN port with a 192.168.x.x address. RTL NIC was LAN with a 10.0.20.x address. I connected a Windows 10 PC to the LAN via a Netgear 5 port desktop switch and was instantly online. Did a speed test and got 630MB on my 500MB fiber connection. Happiness ensued.
I then watched Tom’s excellent video on setting up OpenVPN. I installed the Client Export plugin (wow is that awesome) and ran the wizard step by step with Tom’s video, setting the VPN tunnel network to 10.0.25.x. Client export was set to use the WAN IP. Installed the client on both another Win10 box (not on the pfSense LAN) and my Chromebook. Both of them connected easily and I brought up the pfSense admin page like lightening. I was stoked.
I decided that since this had worked so well I was going to expand it just a bit. I run an OpenMediaVault file server on an HP DL360 G7 and it has performed great for a couple years now. It has only used one of the ethernet ports on a 192.168.x.x address, so I configured another port for 10.0.20.x and plugged that into the switch on the pfSense LAN. The Win10 box on the PFS LAN used it with no issues. Worked great.
I then connected my other Win10 box and connected to the VPN. Brought up the pfSense admin page easily using the VPN IP of 10.0.20.x. I typed in the IP of the OMV box and got nothing. Hmm. I opened a command prompt and pinged the PFS IP. 4 returns <1ms. Pinged the OMV IP and got fail, fail, 6ms, fail. Ping again to get 5ms, fail, 10ms, fail. Very intermittent returns, and the ping times were longer than I thought they should be.
I thought that perhaps the old RTL8139 might be causing issues moving traffic across to the LAN, so got another NIC with an RTL8111 (?) chipset. Reassigned the LAN to this interface and tried again. LAN traffic routed to the internet fast and easy. Great performance, but the old card also had great performance doing this. Connected to the VPN again and same result. Almost nothing being routed to the LAN through the VPN.
Again thinking it might be a hardware thing, I decided to use another DL360 G7 (dual 12 core Xeon with 16GB RAM - overkill) I had and installed a fresh pfSense load. Ran through the config again (again, while watching the video) and got the exact same response. Obviously this is something I’m not setting properly.
The only think I’ve noticed is that Tom’s video was done in 2.4 and I have the current 2.5, so a few of the options were a bit different.
Does anyone have any insight into why the VPN traffic is so slow that it only aspires to be lethargic?