|
|
Hi All, I am running OpenVPN 2.0.5 as a server under Linux (CentOS 3) with Clients under Win2k and XP using OpenVPN GUI 1.0.3. I have several OpenVPN servers scattered around the world, configured up in pretty much the same way to provide clients with several different accesspoints depending on where they are geographically. In the last few weeks, I have been getting errors when I try to connect to a couple of servers in the UK from New Zealand. I mention the location because I think the distance and the subsequent lag, and number of hops, may be a factor. I can connect fine to a server located nearby, like Australia or New Zealand, but when connecting to both the UK based servers (They are in seperate locations on seperate Internet feeds), from certain Internet connections, I get the following errors: <snip> May 10 21:26:41 ukserver1 openvpn[18082]: 218.101.94.105:1506 CRL CHECK OK: /C=NZ/ST=Canterbury/L=Christchurch/O=Jade_Software_Corporation_Limited/OU=Ja deCare24/CN=Jade_Software_Corporation_OpenVPN_Client_CA May 10 21:26:41 ukserver1 openvpn[18082]: 218.101.94.105:1506 VERIFY OK: depth=1, /C=NZ/ST=Canterbury/L=Christchurch/O=Jade_Software_Corporation_Limited/OU=Ja deCare24/CN=Jade_Software_Corporation_OpenVPN_Client_CA May 10 21:26:41 ukserver1 openvpn[18082]: 218.101.94.105:1506 CRL CHECK OK: /C=NZ/L=Christchurch/ST=Canterbury/O=Jade_Software_Corporation_Limited/OU=Ja deCare24/CN=Roland_Pope May 10 21:26:41 ukserver1 openvpn[18082]: 218.101.94.105:1506 VERIFY OK: depth=0, /C=NZ/L=Christchurch/ST=Canterbury/O=Jade_Software_Corporation_Limited/OU=Ja deCare24/CN=Roland_Pope May 10 21:26:42 ukserver1 openvpn[18082]: 218.101.94.105:1506 Authenticate/Decrypt packet error: packet HMAC authentication failed May 10 21:26:42 ukserver1 openvpn[18082]: 218.101.94.105:1506 TLS Error: incoming packet authentication failed from 218.101.94.105:1506 May 10 21:26:42 ukserver1 openvpn[18082]: 218.101.94.105:1506 Fatal TLS error (check_tls_errors_co), restarting May 10 21:26:42 ukserver1 openvpn[18082]: 218.101.94.105:1506 SIGUSR1[soft,tls-error] received, client-instance restarting May 10 21:26:42 ukserver1 openvpn[18082]: TCP/UDP: Closing socket </snip> The odd thing, is that I seem to be able to connect fine using exactly the same Client Config and cert from a machine behind an ADSL connection, but when I try and connect over a dialup and a 3G Wireless AirCard, it fails. I have fiddled a little with reducing MTU sizes, with varying results. I'm not sure if this is coincedental or not. I am using TCP and routing mode, not bridging. Does anyone have any ideas what might be causing this sort of authentication error? Packet fragmentation maybe? Thanks Roland ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |