Strange behavior with Non-Exit Relay and VPN on Same DSL Connection

Hi @All,

I’ve noticed some strange things happening with one of my relays lately.


I’ve been running a non-exit ehind a VDSL connection for a few years (With some interruptions over time.). The connection has a daily changing IP (until the end of January) and about 12 Mbps upload speed (still until the end of January, then ill change provider and speed). I use IPCop as Firewall with NAT, QoS (Tor traffic has lower priority than other traffic), and IDS/IPS (Snort). The relay has a bandwidth limit of 1 MB/s. This setup has been working, with decent traffic on the relay, although there’s usually a delay after the 24-hour forced disconnection at 5:00 am.

I also connect to my office using a Windows 10 laptop and a Watchguard VPN client 3-4 times a week, which has worked fine for years.

Problem: However, a few months ago, I started having issues with my work VPN. Connecting in the morning is okay, but in the afternoon, my VPN client can’t connect to the VPN gateway. The process gets stuck at “Detecting site Connection” until I disconnect and rebuild the DSL connection. After that, everything works until the connection is closed.

Initial Analysis:
Before realizing that reconnecting the VDSL connection helps, I talked to IT, but they said they weren’t receiving anything from my side.

I tried reducing the relay’s bandwidth limit to half (500 KB/s), but it didn’t change anything. Moving the relay (from a VM to a Docker container) and updating (0.4.7 → also didn’t help.

Disabling QoS or IDS/IPS on the firewall didn’t make a difference.

Unfortunately, I don’t have admin rights on the Windows PC, so I can’t install analysis tools or access many log files.I can provide firewall and relay logs if that would be helpful.

Whether it’s worth doing a more in-depth analysis is uncertain. While the situation seems strange, it’s not causing too much stress. I could potentially delay further investigation for two more months until my DSL access changes (new provider, 5x bandwidth, no forced disconnection).

First guess - your VPN gateway in the company blocks IPs which are associated with Tor. However the disconnect at 5:00 am gives you a new IP and it takes some time for the gateway to block you again. Might not be the VPN gateway itself but could also be a firewall or IDS/IPS with a feed of “threats” - in this case IPs related to Tor.

Interesting idea, I wouldn’t have thought of it. I can’t also really think of a way to confirm or deny it either.

Unless, of course, I meet the network guy at work one day. But somehow I still don’t think he’d understand. :disappointed: