Spotty WAN connection when Site-to-Site VPN enabled

Networking & Firewalls
1

Hi Everyone,

Strange issue here. My wife noticed her Zoom Meetings were cutting in and out and asked me to do some investigating. I started a ping to google.com and watched it. I noticed about every 25 pings there would be a request timeout. I rebooted everything and even replaced our Spectrum cable modem. When I plug directly into my modem, and do the ping test to google.com, I see no issues. The response time is about 18ms. When I plug everything back in and route through pfSense, I see the issue again. I will note ping responses go up to about 32ms.

I’m not sure which log I should look at to try to hunt this down. I did find that when I turned off the site-to-site OpenVPN connection to my parent’s home the issue is drastically reduced, although not completely gone. Everyone once in a while I see a ping response at around 100ms and very rarely now I still do see the time out.

Should I be seeing a response time jump from 18ms when a computer is directly connected to the cable modem vs. a response time of 32ms when I am behind pfSense? Is this normal?

Thanks in advance for any suggestions.
Sean

ping responses
ping responses1502×1168 587 KB

2

The capture above was prior to disabling the site-to-site OpenVPN connection.

3

I’m noticing Request timeouts for ICMP is now at about every 200 responses.

4

You might have a dodgy ethernet cable (more likely) or even ports (less likely).

Perhaps traffic prioritisation / limiters might help with the zoom issue.

1 Like
5

Thanks Neo.

I will swap out the Ethernet cables. I have tried setting up traffic schedulers in the past, following Tom’s tutorials, without much success. I guess I could give that another shot as well.

Sean

6

Ping more that just Google, try Cloudflares 1.1.1.1 and the first hop/gateway provided by your ISP for comparison. Also ping by IP address just in case DNS resolution is an issue.

7

+1 for check cables.
Use 1 device connect directly to cable modem prove good cable
Use same device but different cable
use those two cables to connect pfSense and testing device and CM together

+1 for ping more than just google although if it works when directly connected then that’s probably not going to help. Run a ping to the pfsense LAN interface IP and see if there are any time variances there.

-1 for it being DNS, does ping re-check DNS result mid run?

What is pfSense running on? Virtual, Physical hardware, Netgate box?