pfSense OpenVPN slow to connect after upgrade

PhlMke · June 27, 2024, 2:30pm

I have a client with a Netgate 6100, and it was at 23.09 and while working on some issues we rebooted and upgraded the netgate to 24.03. Ever since OpenVPN is slow to connect. I created a test user and connected and from the logs it sat for a whole minute.

2024-06-27 10:15:15 [XXXXXX-VPN] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
2024-06-27 10:16:10 open_tun

It’s not my computer, internet is fine. Just happened after upgrading it.

Jun 27 10:16:10 	openvpn 	99910 	Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Jun 27 10:16:10 	openvpn 	99910 	MULTI: primary virtual IP for test/XXX.XXX.XXX.XXX:16527: 10.59.8.6
Jun 27 10:16:10 	openvpn 	99910 	MULTI: Learn: 10.59.8.6 -> test/XXX.XXX.XXX.XXX:16527
Jun 27 10:15:17 	openvpn 	34240 	openvpn server 'ovpns1' user 'test' address 'XXX.XXX.XXX.XXX:16527' - connected
Jun 27 10:15:17 	openvpn 	99910 	OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_7e8a6f49a15a988135bfdca905f082e4.tmp

I don’t know what it is doing in thaty intervening minute. Worked fine on 23.09

Paul · June 27, 2024, 3:21pm

What version of OpenVPN client are you running ?

Maybe check for updates

PhlMke · June 27, 2024, 3:25pm

Tested with both the latest we can get from OpenVPN 2.6.11 and the version from the pfSense client export 2.6.7-Ix001. Multiple computers, users and locations.

Latest Windows 11 Pro, all updates. Modern cpus. Including 13th gen Core i7 mobile cad machine.

freeedog96150 · June 29, 2024, 12:35am

Out of curiosity, what happens if you revert back to OpenVPN 2.5.x? I was having similar issues and after some deep digging on reddit, I found that Win 11 and OpenVPN 2.6.x were problematic. I wound up pinning my version in winget at 2.5.8 just to make sure it did not accidently get updated unless I explicitly push out the update/upgrade.

I realize that installing older versions is not recommended from a security standpoint. Worst case scenario if you try is that it does not change your connection issues and you uninstall and re-install the latest version. But if this does fix connection issues, you will be wiser as to a possible solution.

And again, I am not recommending you take the risks I did, I am just offering my own experiences for testing purposes in a secure environment. This should not be a production solution. I do plan to revisit and test further to see if any newer versions fix the connection issues at some point.