pfSense OpenVPN slow to connect after upgrade

I have a client with a Netgate 6100, and it was at 23.09 and while working on some issues we rebooted and upgraded the netgate to 24.03. Ever since OpenVPN is slow to connect. I created a test user and connected and from the logs it sat for a whole minute.

2024-06-27 10:15:15 [XXXXXX-VPN] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
2024-06-27 10:16:10 open_tun

It’s not my computer, internet is fine. Just happened after upgrading it.

Jun 27 10:16:10 	openvpn 	99910 	Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Jun 27 10:16:10 	openvpn 	99910 	MULTI: primary virtual IP for test/XXX.XXX.XXX.XXX:16527: 10.59.8.6
Jun 27 10:16:10 	openvpn 	99910 	MULTI: Learn: 10.59.8.6 -> test/XXX.XXX.XXX.XXX:16527
Jun 27 10:15:17 	openvpn 	34240 	openvpn server 'ovpns1' user 'test' address 'XXX.XXX.XXX.XXX:16527' - connected
Jun 27 10:15:17 	openvpn 	99910 	OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_7e8a6f49a15a988135bfdca905f082e4.tmp 

I don’t know what it is doing in thaty intervening minute. Worked fine on 23.09

What version of OpenVPN client are you running ?

Maybe check for updates

Tested with both the latest we can get from OpenVPN 2.6.11 and the version from the pfSense client export 2.6.7-Ix001. Multiple computers, users and locations.

Latest Windows 11 Pro, all updates. Modern cpus. Including 13th gen Core i7 mobile cad machine.

Out of curiosity, what happens if you revert back to OpenVPN 2.5.x? I was having similar issues and after some deep digging on reddit, I found that Win 11 and OpenVPN 2.6.x were problematic. I wound up pinning my version in winget at 2.5.8 just to make sure it did not accidently get updated unless I explicitly push out the update/upgrade.

I realize that installing older versions is not recommended from a security standpoint. Worst case scenario if you try is that it does not change your connection issues and you uninstall and re-install the latest version. But if this does fix connection issues, you will be wiser as to a possible solution.

And again, I am not recommending you take the risks I did, I am just offering my own experiences for testing purposes in a secure environment. This should not be a production solution. I do plan to revisit and test further to see if any newer versions fix the connection issues at some point.