On Fri, 2015-02-20 at 06:03 +0000, Chuck Mariotti wrote: > >You could try TCP for the OpenVPN if the phones will support it. The vast > >majority of your traffic will be UDP so you wont get the joy of TCP in TCP > >exponential standoffs. > > > >Cheers > >Jon > > The phones do support TCP (an option on a per line basis offers UDP/TCP). > Could you clarify what you mean by this exactly? A little bit confused... > > It seems the OpenVPN connections are up/down... so you are suggesting to > switch the OpenVPN connection to TCP instead of UDP? > Keep the phone UDP? > > The standoffs you suggest, are they the OpenVPN or the Phone data screwing > up? Or both? > > Chuck > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold
Chuck TCP, for example, an RDP session or ssh within a TCP tunnel *can* show horrible performance because TCP has a built in standoff mechanism (can't remember the name). If you have TCP within TCP then the effect of both trying to fix up a dodgy connection can quickly cause an exponential standoff. This will manifest itself as the tunnel seeming to freeze for 5-20 seconds and then carrying on. As you would be putting UDP traffic which is "fire and forget" through a TCP OpenVPN the above effect wont happen. However because OVPN would use TCP then it will cause the NAT session to be held open, which may fix the problem that you are having. So, change the OpenVPN server to listen on TCP (same port if you like). Also change the firewall rule on WAN for TCP and change the phones to connect using TCP. Cheers Jon _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold