[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] replay errors


  • Subject: Re: [Openvpn-users] replay errors
  • From: David <wizzardx@xxxxxxxxx>
  • Date: Thu, 5 Jul 2007 23:16:17 +0200

> Can someone explain to me what this means? Google search pulled up
> something about clocks being out of sync - is this really caused by a
> client connecting with their system clock set to the wrong time?
>

The man page does describe these options in some detail. In this reply
I'm mostly summarising the manpage.

Openvpn's outgoing packets get a series of ID values to help detect
replay attacks.

http://en.wikipedia.org/wiki/Replay_attack

A few possibilities:

1) Someone was attempting a replay attack. Make sure your openvpn
config is hardened (setup HMAC secret file). Also check which IP the
packets were coming from.

2) Your UDP packets were re-ordered (or dropped) in transit. Try
adjusting the --replay-window option. This can be a problem on
connections with high bandwidth & latency, eg satellite.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users