[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Very strange replay problem

  • Subject: [Openvpn-users] Very strange replay problem
  • From: Jon Nelson <jnelson-openvpn@xxxxxxxxxxx>
  • Date: Wed, 2 Jun 2004 08:47:32 -0500 (CDT)

I'm running 1.6.0-2 (Debian) and 1.6.0-0.1 (build myself for SuSE).

I had a very strange problem about a week ago.

I did some hardware futzing on the SuSE machine and rebooted it.
When it came up, none of the network stuff worked.
A few reboots later, I determined the cause to be OpenVPN - it was
seemingly working fine on the SuSE machine, but on the Debian machine
the OpenVPN daemon was complaining thusly:

Wed May 26 23:36:41 2004 151[0]: Authenticate/Decrypt packet error: bad
packet ID (may be a replay): [ #92688 /
time = (1085632475) Wed May 26 23:34:35 2004 ] -- see the man page entry
for --no-replay and --replay-window for more info

Over and over again.  Over the course of 45 minutes, the SuSE box
couldn't initiate a connection to the Debian box (the SuSE box is the
client, forgot to mention that).

The configs are very simple. I'm using a pre-shared static key, tun,
float (stupid NAT'ing router between the two boxes) and not much else.
As it turns out, I had to remove the state file (replay-persist file)
and restart the Debian's daemon.  I tried restarting both daemons
several times with no luck.

Initially, the client side had a 'ping 5' option, but I moved that up to
'ping 15' and then later 'ping 30' just in case the the pings were
causing some strange interaction with the replay file sliding window.

What went wrong?

Life's short and hard, kind of like a bodybuilding elf.

Jon Nelson <jnelson-openvpn@xxxxxxxxxxx>

Openvpn-users mailing list