Yes, while OpenVPN waits for client-connect script to exit all the traffic is stalled. You can: 1. Exit the script immediately, spawn new process and do all the job in the background if you use it just for information purposes and don't really need to authorize or modify client options. 2. Apply fknittel's patches to use client-connect in async way (https://github.com/fknittel/openvpn/tree/feat_deferred_client-connect, also https://github.com/ValdikSS/openvpn-with-patches) 3. Write you own plugin for tls-verify and use it in async way (it seems you can't use async --tls-verify in scripts).
On 09.11.2015 23:14, Vinicius Mello wrote: > Hi, > > I have several OpenVPN dedicated hardware servers on different > datacenters with hundreds of users connected to each. Recently I've > changed the client-connect and client-disconnect scripts to point to new > scripts that can take up to 2 seconds more to run than the previous ones > took (the previous script ran in about 500 miliseconds). > > After that, a handful of the users started complaining about packet loss > (too much breaking on voip calls, lag on ssh connections, etc) on > different servers (different countries, different ISPs). I can see > indeed the counters of UDP packet receive errors with: # netstat -csu > (the network cards are good, no bad frames) > > Is it possible that the time the client-connect and client-disconnect > scripts take to run can affect the packet loss of OpenVPN? > > Is there any known bad practice of what not to do when writing > client-connect scripts? > > Are there other internal causes on OpenVPN can cause packet drops? > > > Users connect through UDP, I'm running OpenVPN > openvpn-2.3.6-1.el6.x86_64 on CentOS 6. > > > Thanks in advance, > > -- > Vinicius Mello > > ------------------------------------------------------------------------------ > Presto, an open source distributed SQL query engine for big data, initially > developed by Facebook, enables you to easily query your data on Hadoop in a > more interactive manner. Teradata is also now providing full enterprise > support for Presto. Download a free open source copy now. > http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Presto, an open source distributed SQL query engine for big data, initially developed by Facebook, enables you to easily query your data on Hadoop in a more interactive manner. Teradata is also now providing full enterprise support for Presto. Download a free open source copy now. http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users