[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Authenticate/Decrypt packet error


  • Subject: [Openvpn-users] Authenticate/Decrypt packet error
  • From: "Roland Pope" <rpope@xxxxxxxxxxxxx>
  • Date: Wed, 10 May 2006 22:02:53 +1200

Hi All,

I am running OpenVPN 2.0.5 as a server under Linux (CentOS 3) with Clients
under Win2k and XP using OpenVPN GUI 1.0.3.
I have several OpenVPN servers scattered around the world, configured up in
pretty much the same way to provide clients with several different
accesspoints depending on where they are geographically.
In the last few weeks, I have been getting errors when I try to connect to a
couple of servers in the UK from New Zealand.
I mention the location because I think the distance and the subsequent lag,
and number of  hops, may be a factor.
I can connect fine to a server located nearby, like Australia or New
Zealand, but when connecting to both the UK based servers (They are in
seperate locations on seperate Internet feeds), from certain Internet
connections, I get the following errors:

<snip>
May 10 21:26:41 ukserver1 openvpn[18082]: 218.101.94.105:1506 CRL CHECK OK:
/C=NZ/ST=Canterbury/L=Christchurch/O=Jade_Software_Corporation_Limited/OU=Ja
deCare24/CN=Jade_Software_Corporation_OpenVPN_Client_CA
May 10 21:26:41 ukserver1 openvpn[18082]: 218.101.94.105:1506 VERIFY OK:
depth=1,
/C=NZ/ST=Canterbury/L=Christchurch/O=Jade_Software_Corporation_Limited/OU=Ja
deCare24/CN=Jade_Software_Corporation_OpenVPN_Client_CA
May 10 21:26:41 ukserver1 openvpn[18082]: 218.101.94.105:1506 CRL CHECK OK:
/C=NZ/L=Christchurch/ST=Canterbury/O=Jade_Software_Corporation_Limited/OU=Ja
deCare24/CN=Roland_Pope
May 10 21:26:41 ukserver1 openvpn[18082]: 218.101.94.105:1506 VERIFY OK:
depth=0,
/C=NZ/L=Christchurch/ST=Canterbury/O=Jade_Software_Corporation_Limited/OU=Ja
deCare24/CN=Roland_Pope
May 10 21:26:42 ukserver1 openvpn[18082]: 218.101.94.105:1506
Authenticate/Decrypt packet error: packet HMAC authentication failed
May 10 21:26:42 ukserver1 openvpn[18082]: 218.101.94.105:1506 TLS Error:
incoming packet authentication failed from 218.101.94.105:1506
May 10 21:26:42 ukserver1 openvpn[18082]: 218.101.94.105:1506 Fatal TLS
error (check_tls_errors_co), restarting
May 10 21:26:42 ukserver1 openvpn[18082]: 218.101.94.105:1506
SIGUSR1[soft,tls-error] received, client-instance restarting
May 10 21:26:42 ukserver1 openvpn[18082]: TCP/UDP: Closing socket
</snip>

The odd thing, is that I seem to be able to connect fine using exactly the
same Client Config and cert from a machine behind an ADSL connection, but
when I try and connect over a dialup and a 3G Wireless AirCard, it fails. I
have fiddled a little with reducing MTU sizes, with varying results.
I'm not sure if this is coincedental or not.

I am using TCP and routing mode, not bridging.

Does anyone have any ideas what might be causing this sort of authentication
error? Packet fragmentation maybe?

Thanks
Roland


______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users