3
1
When I am connected to a paid VPN my internet connection drops when I send any kind of request to the network.
I recorded a 1min video where you can see the pings stop answering after I do a simple tracepath why?
https://www.youtube.com/watch?v=IfxtEUVuhEI
I don't really know where to start.
*edit: I have added a second 1min long video showing a bit more details using the mtr tool. As soon as I open the browser the internet drops...
Joe
Posted 2017-02-23T23:58:38.100
Reputation: 523
1
You have a complex situation, due to the superposition of two distinct issues: OpenVPN and NetworkManager. It is not clear to me where exactly the problem lies, so I suggest you activate OpenVPN directly, without passing thru Network-Manager:
sudo openvpn --config /path/to/your/file.conf
If this this works, then we can be sure that the fault lies squarely with Network-Manager, while if it does not, error messages will be provided (either in /etc/openvpn or in /var/log/openvpn.log, depending on how you set this up).
I never pass thru Network-manager because I have had problems with it in the past. Since you are a fellow Archer, one might think that we may have experienced a similar problem, but I think this unlikely. I have never managed to pinpoint it, but I found that a reduction of the mtu helps: say, use mssfix or even mtu-test in the configuration file. However, these options only make sense for OpenVPN over UDP (my case), but if I read your comments right, you are using OpenVPN over TCP, so no dice there.
At any rate, I have resorted to connecting to OpenVPN directly, as per the command above. Hope this helps, cheers.
MariusMatutiae
Posted 2017-02-23T23:58:38.100
Reputation: 41 321
Thank you. In fact OpenVPN worked just fine without networkmanager . The symptoms were really odd and I never thought networkmanager could be the issue. Thanks again. – Joe – 2017-03-12T03:52:20.120
0
I don't think your Internet connection is dropping per sey, rather I think that Internet is being rerouted through the VPN connection and is not finding a reverse path.
In order to diagnose the problem, I'd suggest using more powerful tools like Mtr/WinMTR or similar to show the path the packet is taken, and also keep an eye on what happens to the routing table - I suspect that the default route is changed.
One thing to look out for (although this is unlikely to be the issue - it would seem more likely to be a VPN configuration setting somewhere) is that when the VPN comes up, a static route should be created through your gateway machine so that your computer can reach the VPN endpoint and route traffic through it.
davidgo
Posted 2017-02-23T23:58:38.100
Reputation: 49 152
Hey @davidgo I have updated my question using mtr. – Joe – 2017-03-02T23:59:08.667
I've not seen this before - it seems like the routing issues are triggering when a page is loaded, I didn't know this could be done (without jumping through hoops). – davidgo – 2017-03-03T00:46:59.510
Do you think it can be caused by the Network Manager? you could see when the connection resets.. – Joe – 2017-03-03T00:59:23.770
I do, but I'm just guessing. – davidgo – 2017-03-03T01:10:30.030
0
Maybe your VPN provider doesn't allow UDP traffic (streaming video or voice calls ...etc). And since traceroute is using UDP, this could be an issue.
Could you try tcptraceroute (that uses TCP instead of UDP) and see how it goes ?
Algeriassic
Posted 2017-02-23T23:58:38.100
Reputation: 723
If you could, please check out the second video I posted. I also drops as soon as I open my browser (creating some traffic). – Joe – 2017-03-10T01:00:49.477
Yes, I did watch that video. Traceroute (mtr) traffic is using UDP traffic to diagnose. That's why I suggested using tcptraceroute (uses TCP) instead to see if UDP is the culprit. – Algeriassic – 2017-03-10T15:00:45.100
0
I had a similar issue. My problem was the name server was changing from the default one to the one being provided by the VPN service. Bottom line being DNS didn't work properly. Of coarse, your mileage may vary. Maybe my issue. Just a thought.
rwilcher
Posted 2017-02-23T23:58:38.100
Reputation: 11
I am using the IP address directly if you check the videos. Thanks. – Joe – 2017-03-10T01:02:12.970
Is your VPN host booting you off because they have a policy against sending specific types of traffic? – Dave Lucre – 2017-02-24T00:09:47.197
I would say no. I have been using them without problems. They even allow P2P traffic. – Joe – 2017-02-24T00:14:14.773
Do you see an interruption of traffic or are ping replies your only indication? The destination you sent pings to had a very high latency. Internet facing devices often lower the priority of ICMP echo reply traffic. – TDurden – 2017-02-27T23:18:06.547
Hey @TDurden I have recorded a new video using mtr tool. There is a interruption of traffic. https://youtu.be/-SI7K92kiv8
– Joe – 2017-03-03T00:11:02.183Is it possible your ISP or work administrator (depending upon whether you were at home or at work when you recorded these videos) is preventing you from using a VPN? If so, the simplest is to change the OpenVPN server to listen on port 443TCP because most nasty firewalls must allow connection to safe sites, and these are automatically encrypted. Also, you should try connecting outside the network manager. Can you try these two things? – MariusMatutiae – 2017-03-03T07:36:26.170
I think the Internet freezes because it's very busy doing DNS requests that have no results. On Windows I would advice to untick in the VPN properties the option of "Use default gateway on remote network", but I don't know the equivalent operation on your VPN. I would also advice using "route add" to add a default route toward your normal ISP, so only requests mentioning the VPN are directed to it. – harrymc – 2017-03-03T17:42:46.127
Thank you @MariusMatutiae I am connected using the port 443. I will try to connect directly from OpenVPN and add some logs. I will get back to you. +harrymc I am using DNScrypt so I am not using their DNS server, but if you see I am pinging the IP address directly anyway. Adding my ISP as a route wouldn't defeat a VPN propose? – Joe – 2017-03-04T10:26:53.357
Adding such a route is sometimes called split tunneling (useful link). I don't know DNScrypt, but it seems to only be a protocol, not a server. I can't think of anything else that would be freezing the connection than DNS. I would suggest simplifying everything to the limit, such as not using DNScrypt, just in case something drives mad the VPN's DNS server (if there is one).
– harrymc – 2017-03-04T20:01:26.780@MariusMatutiae so, using openvpn directly seems to work perfectly. I am now sure there is a networkmanager problem. I have posted this into archlinux forums since it looks like it can be a bug link Is there anything I can check to solve this? +harrymc Thank you for the link, it was very interesting. I will have a look.
– Joe – 2017-03-10T03:05:46.030@MariusMatutiae would you like to type your answer so I can give you the bounty offered? – Joe – 2017-03-11T01:46:53.247