FortiEDR breaks UDP upload

OpenVPN / ovpn-dco-win

OpenVPN Data Channel Offload driver for Windows

MIT License

47 stars 22 forks source link

FortiEDR breaks UDP upload #46

Closed lstipakov closed 11 months ago

lstipakov commented 11 months ago

When FortiEDR filter driver FortiEDRIotDriver_5.0.3.962.sys is installed, UDP upload over VPN when using DCO driver is essentially broken.

dco_udp

The problem is specific to DCO driver and UDP upload. Download speed is fine, also the speed over TCP is fine. Tap-windows6 driver is not affected.

Uninstallation of FortiEDR fixes the problem.

cron2 commented 11 months ago

Hi,

On Thu, Aug 17, 2023 at 02:58:38AM -0700, Lev Stipakov wrote:

When FortiEDR filter driver FortiEDRIotDriver_5.0.3.962.sys is installed, UDP upload over VPN when using DCO driver is essentially broken.

Sounds like some sort of anti-ddos protection shenanigan... ("no sane client will produce so much UDP"), though I wonder why tap6 is not affected...

Of course fortinet's own SSL VPN only does TCP, so they would never notice.

lstipakov commented 11 months ago

The problem has gone away after upgrading FortiEDR to 5.2.0.454. I will close the ticket and if we get details what has been fixed in their driver I'll post it here.