Replay Errors
-
Hello,
I have a new pfSense 2.5.2 OpenVPN implementation running on ESXi 6.7. I am seeing a steady flow (~1 per min) of Replay errors in the OpenVPN logs when hosting the service on UDP. This does not occur on TCP. It does not impact performance, I don't drop any packets, but it seems to happen with clients at all locations. If I connect locally (on the same LAN as the server) I still see the errors. Pcaps don't show any noticeable issues, but then again this is UDP and not TCP so I am not as adept at what to look for.
I have tried to adjust MTU and MSS settings based on some research but it does not seem to address the problem. I have also limited traffic to just the UDP tunnel traffic and still see the errors.
Currently the only way to clear the issue is by switching to TCP or by enabling the mute replay flag. However my hope is to understand why the errors are occurring and keep the UDP service in place. Let me know if you have any suggestions.
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #<removed> ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
-
Check out one of the many comparable issues on the OpenVPN Support Forum.
For example, here.Btw : pfSense 2.5.2 uses OpenVPN 2.5.2, which has many changes compared to the OpenVPN 2.4.x series.
Also check the time one both sides - accurate time is important.
-
@gertjan
Thanks for the reply. Yes, I searched the OpenVPN forums prior to posting but was unable to find a solution that has resolved the issue. I have also confirmed the time settings on both ends are correct according to the system time and log timestamps.
