[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Good UDP config fails over TCP

  • Subject: Re: [Openvpn-users] Good UDP config fails over TCP
  • From: "Jed Sheckler" <jedsheckler@xxxxxxxxx>
  • Date: Wed, 6 Sep 2006 20:39:10 +0800

On 9/6/06, Roland Pope <rpope@xxxxxxxxxxxxx> wrote:

I posted something about this sort of error some time ago but have not been
able to find a solution.

In my situation, I see this error particularly when there is a lot of LAG on
the link (I noticed it particularly when connecting to a server in the UK
from New Zealand).
I have also seen it when the link was congested where the tunnel will take a
couple goes to get started and in the server error logs I see these HMAC
I have considered not using HMAC auth as a result, but it protects my
servers from DOS attacks, so I retained it for the sake of the few
occurences of this I have had.
The problem is definitely not the TLS auth keys being wrong as the tunnel
does work most of the time.
Perhaps TCP Fragmentation is the cause of this where the disasembly and
reassembly of fragmented packets somehow screws up the HMAC sig?
Is James Yonan watching this list? Perhaps he might have some suggestions as
to the circumstances that might cause this sot of problem.


I was hoping you'd chime in here Roland, as I found your previous post as I was searching the archives.  I'm thinking that your speculation may be correct, as I am also connecting over a link with a great deal of lag (over satellite from SE Asia to a server in NY).  I should have the opportunity in the next several days or so to test my configuration over a more reliable link.  I'll report back with the results.

Get stuff done quickly with pre-integrated technology to make your job easier
Openvpn-users mailing list