[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Strange replay packets


  • Subject: [Openvpn-users] Strange replay packets
  • From: "Michael Breu" <Michael.Breu@xxxxxxxxx>
  • Date: Tue, 23 Oct 2007 21:21:13 +0200

Hello,

I'm running a server (2.0.9)/client(2.0.8) configuration of openvpn:

In principle it works fine, however running cifs over the VPN with large
filetransfers is not stable. Openvpn restarts the connections every now and
then.

To find out what goes wrong, I tried to strip down the configuration to a
very
basic setting (see below).

The connection works, I can exchange data, but somehow the ping does not
work. The client restarts the connection after some time.

What puzzles me even more are the replay warnings in the server logfile
every 10 seconds in the beginning, after two minutes the messages are coming
every 15 seconds (which might correspond with the predefined ping interval).

RMon Oct 22 22:29:19 2007 us=402425 Authenticate/Decrypt packet error: bad
packet ID (may be a replay): [ #0 / time = (4197062779) Thu Nov 24 21:18:03
1966 ] -- see the man page entry for --no-replay and --replay-window for
more info or silence this warning with --mute-replay-warnings
RMon Oct 22 22:29:29 2007 us=82937 Authenticate/Decrypt packet error: bad
packet ID (may be a replay): [ #0 / time = (4196958004) Wed Nov 23 16:11:48
1966 ] -- see the man page entry for --no-replay and --replay-window for
more info or silence this warning with --mute-replay-warnings
RMon Oct 22 22:29:39 2007 us=763036 Authenticate/Decrypt packet error: bad
packet ID (may be a replay): [ #0 / time = (4196958004) Wed Nov 23 16:11:48
1966 ] -- see the man page entry for --no-replay and --replay-window for
more info or silence this warning with --mute-replay-warnings
RMon Oct 22 22:29:50 2007 us=58871 Authenticate/Decrypt packet error: bad
packet ID (may be a replay): [ #0 / time = (4196958004) Wed Nov 23 16:11:48
1966 ] -- see the man page entry for --no-replay and --replay-window for
more info or silence this warning with --mute-replay-warnings
RMon Oct 22 22:30:00 2007 us=939054 Authenticate/Decrypt packet error: bad
packet ID (may be a replay): [ #0 / time = (4196958004) Wed Nov 23 16:11:48
1966 ] -- see the man page entry for --no-replay and --replay-window for
more info or silence this warning with --mute-replay-warnings
...

Note that the packet number is always 0, and the date is very strange.

Between client and server is a Suse-Firewall (which shouldn't interfere with
outgoing connections).

Does somebody have any idea what is wrong. Could it be a strange version
conflict between 2.0.9 and 2.0.8?

Best regards

Michael


----------------------- server config
cipher BF-CBC
log /tmp/openvpn.log
auth SHA1
ping-timer-rem
lport 54321
secret /etc/openvpn/XXX.secret
;proto tcp-server
proto udp
verb 5
resolv-retry infinite
writepid /var/run/openvpn/vpnXXX/pid
persist-key
persist-tun
persist-local-ip
mlock
;remote-random
user nobody
group nogroup
status /var/run/openvpn/vpnXXX/status 15
status-version 1
mtu-disc yes
management 127.0.0.1 0
management-log-cache 100
management-writeport /var/run/openvpn/vpnXXX/mport
;rport 1194
;remote server.arctis.at
float
comp-lzo
fast-io
chroot /var/run/openvpn/vpnXXX/chroot
fragment 1000
mssfix
tun-mtu 1100
ping 15
ping-restart 180
dev tun
ifconfig 172.16.3.1 172.16.3.2
up /usr/bin/openvpn_fwrules-helper-up
down-pre
plugin openvpn-down-root.so "/usr/bin/openvpn_fwrules-helper-down"
---------------------- client config
log-append /var/log/openvpn.log
dev tun
proto udp
remote XXX.dyndns.org 54321
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
secret keys/XXX.secret
cipher BF-CBC
comp-lzo
verb 4
fragment 1300
route 172.16.2.0 255.255.255.0
ifconfig 172.16.3.2 172.16.3.1
daemon
ping 15
ping-restart 600
ping-timer-rem
mssfix 1300
tun-mtu 1500
port 1194
no-replay

Attachment: smime.p7s
Description: S/MIME cryptographic signature