[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] replay errors

  • Subject: Re: [Openvpn-users] replay errors
  • From: David <wizzardx@xxxxxxxxx>
  • Date: Thu, 5 Jul 2007 23:16:17 +0200

> Can someone explain to me what this means? Google search pulled up
> something about clocks being out of sync - is this really caused by a
> client connecting with their system clock set to the wrong time?

The man page does describe these options in some detail. In this reply
I'm mostly summarising the manpage.

Openvpn's outgoing packets get a series of ID values to help detect
replay attacks.


A few possibilities:

1) Someone was attempting a replay attack. Make sure your openvpn
config is hardened (setup HMAC secret file). Also check which IP the
packets were coming from.

2) Your UDP packets were re-ordered (or dropped) in transit. Try
adjusting the --replay-window option. This can be a problem on
connections with high bandwidth & latency, eg satellite.
OpenVPN mailing lists