Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn Client : Authenticate/Decrypt packet error: packet HMAC authentication f

    Français
    4
    12
    8.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tocks
      last edited by

      Je rajoute des info et pense avoir trouvé un soucis mais je ne sais pas le résoudre.

      Lorsque je test un ping de 8.8.8.8 avec l'interface du vpn, j'ai cela

      PING 8.8.8.8 (8.8.8.8) from 46.246.83.102: 56 data bytes

      –- 8.8.8.8 ping statistics ---
      3 packets transmitted, 0 packets received, 100.0% packet loss

      Donc si je comprends bien, mon vpn ce monte bien, mais il ne ping rien. Avez vous une idée ?

      Merci

      1 Reply Last reply Reply Quote 0
      • F
        fab_d
        last edited by

        Salut,

        Alors pour le problème de

        Authenticate/Decrypt packet error: packet HMAC authentication failed

        Je penche pour un "Encryption Algorithm" pas correcte, il doit être identique des 2 côtés (et supporté des 2 côtés) ;-)

        Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
        sans la configuration de cette partie, ça risque d'être dur :-)

        ++

        1 Reply Last reply Reply Quote 0
        • C
          chris4916
          last edited by

          @fab_d:

          Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
          sans la configuration de cette partie, ça risque d'être dur :-)

          "Redirect gateway" se configure coté serveur et permet de forcer les clients à utiliser le tunnel, autrement dit, de ne pas permettre à un client qui a activé le tunnel VPN de communiquer en dehors du tunnel.

          Coté client, il n'y a normalement rien à faire, AMHA  8)

          Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

          1 Reply Last reply Reply Quote 0
          • J
            jdh
            last edited by

            (tocks débute par une présentation impeccable de son problème : bravo ! Personne ne peut plus écrire que ce n'est pas possible d'utiliser le formulaire !)

            Je voudrais préciser un point de méthode :

            • en 1, pfSense doit être client OpenVPN,
            • en 2, le trafic doit être redirigé via ce tunnel OpenVPN.
              La bonne méthode est donc
            • en 1, s'assurer que le tunnel OpenVPN est correct
            • en 2, rediriger via OpenVPN.

            De mon point de vue,

            • le tunnel est incorrect : les erreurs HMAC sont liées au tunnel OpenVPN : cf https://openvpn.net/index.php/open-source/documentation/security-overview.html
            • la redirection du flux ne devrait pas reposer sur NAT outbound mais sur un choix de gateway (policy routing).

            Le fait qu'il y ait duplication de paquets (même ping = icmp request) est un indice que la redirection ne fonctionne pas.

            Albert EINSTEIN : Si vous ne pouvez pas l'exprimer simplement, c'est que vous ne le comprenez pas assez bien. (If you can’t explain it simply, you don’t understand it well enough.)

            1 Reply Last reply Reply Quote 0
            • F
              fab_d
              last edited by

              @chris4916:

              @fab_d:

              Après il manque de la configuration au niveau "IPv4 Tunnel Network" et "IPV4 local network" et cocher la case "Redirect Gateway"
              sans la configuration de cette partie, ça risque d'être dur :-)

              "Redirect gateway" se configure coté serveur et permet de forcer les clients à utiliser le tunnel, autrement dit, de ne pas permettre à un client qui a activé le tunnel VPN de communiquer en dehors du tunnel.

              Coté client, il n'y a normalement rien à faire, AMHA  8)

              oups, j'ai lu un peu trop vite entre les lignes hier et ne me suis pas rendu compte qu'il était mode "client"
              désolé pour l'erreur ! et merci à chris4916 de m'avoir repris sur cette erreur :)

              1 Reply Last reply Reply Quote 0
              • C
                chris4916
                last edited by

                @jdh:

                (tocks débute par une présentation impeccable de son problème : bravo ! Personne ne peut plus écrire que ce n'est pas possible d'utiliser le formulaire !)

                je ne crois pas que quiconque ait jamais écrit que c'était impossible  ::)

                • la redirection du flux ne devrait pas reposer sur NAT outbound mais sur un choix de gateway (policy routing).

                je le pense aussi mais ce n'est utile, dans ma compréhension, que pour dire "si le tunnel tombe, je ne veux pas avoir d'accès internet" car le type de service VPN choisi est justement configuré, au niveau du serveur, pour forcer la default gateway du client, et donc tout le flux sortant, vers le tunnel.

                Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                1 Reply Last reply Reply Quote 0
                • T
                  tocks
                  last edited by

                  Merci pour tous vos retours.

                  J'ai donc bien avancé grâce à vous, nous avons deja trouvé un problème de configuration sur le vpn client.

                  Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA384'
Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Jun 17 10:26:35 	openvpn 	8509 	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1585'

                  J'ai donc modifier pour que les cryptage soit en concordance.

                  Maintenant un pc du lan passe bien par le vpn client : testé ip avec site monip.com

                  Mais maintenant le log openvpn est toujours très verbeux

                  Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #86 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #85 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #84 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #83 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:26 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #82 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:23 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #81 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #80 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #79 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:20 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #78 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:17 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #77 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:14 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #76 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: Client disconnected
Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: CMD 'status 2'
Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: CMD 'state 1'
Jun 17 14:19:13 	openvpn 	7387 	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Jun 17 14:19:11 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #75 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:09 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #74 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #73 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #72 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:08 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #71 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #70 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #69 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #68 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #67 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #66 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:07 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #65 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #64 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #63 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #62 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #61 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #60 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #59 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #58 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #57 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:05 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #56 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #55 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #54 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #53 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:04 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #52 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #51 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #50 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #49 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #48 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #47 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #46 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #45 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #44 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #43 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #42 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #41 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #40 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #39 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #38 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:02 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #37 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #36 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #35 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #34 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #33 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #32 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #31 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #30 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #29 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #28 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #27 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #26 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #25 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:19:01 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #24 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:59 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #23 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:56 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #22 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:53 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:50 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #20 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:47 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #19 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:44 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #18 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:41 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #17 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:37 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #16 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:34 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #15 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:31 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #14 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:28 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #13 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:25 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #12 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:22 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:19 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #10 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:16 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #9 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:13 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #8 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:10 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:06 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #6 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:03 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #5 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:18:00 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:17:59 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:17:57 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:17:54 	openvpn 	7387 	Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jun 17 14:17:54 	openvpn 	7387 	Initialization Sequence Completed
Jun 17 14:17:54 	openvpn 	7387 	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1585 46.246.83.111 255.255.255.224 init
Jun 17 14:17:54 	openvpn 	7387 	/sbin/ifconfig ovpnc1 inet6 2a00:1a28:1558:11::100d/64
Jun 17 14:17:54 	openvpn 	7387 	/sbin/route add -net 46.246.83.96 46.246.83.111 255.255.255.224
Jun 17 14:17:54 	openvpn 	7387 	/sbin/ifconfig ovpnc1 46.246.83.111 46.246.83.97 mtu 1500 netmask 255.255.255.224 up
Jun 17 14:17:54 	openvpn 	7387 	do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Jun 17 14:17:54 	openvpn 	7387 	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Jun 17 14:17:54 	openvpn 	7387 	TUN/TAP device /dev/tun1 opened
Jun 17 14:17:54 	openvpn 	7387 	TUN/TAP device ovpnc1 exists previously, keep at program end
Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: route-related options modified
Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: --ifconfig/up options modified
Jun 17 14:17:54 	openvpn 	7387 	OPTIONS IMPORT: timers and/or timeouts modified
Jun 17 14:17:54 	openvpn 	7387 	Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.3.11)
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'route-ipv6' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jun 17 14:17:54 	openvpn 	7387 	PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a00:1a28:1558:11::100d/64 2a00:1a28:1558:11::1,dhcp-option DNS 46.246.83.97,redirect-gateway def1,redirect-gateway ipv6,redirect-gateway def1,route-ipv6 2000::/3,block-outside-dns,tun-ipv6,route-gateway 46.246.83.97,topology subnet,ping 10,ping-restart 160,ifconfig 46.246.83.111 255.255.255.224'
Jun 17 14:17:54 	openvpn 	7387 	SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Jun 17 14:17:52 	openvpn 	7387 	[server] Peer Connection Initiated with [AF_INET]178.73.195.106:1205
Jun 17 14:17:52 	openvpn 	7387 	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jun 17 14:17:52 	openvpn 	7387 	Data Channel Decrypt: Using 384 bit message hash 'SHA384' for HMAC authentication
Jun 17 14:17:52 	openvpn 	7387 	Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jun 17 14:17:52 	openvpn 	7387 	Data Channel Encrypt: Using 384 bit message hash 'SHA384' for HMAC authentication
Jun 17 14:17:52 	openvpn 	7387 	Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: depth=0, C=SE, ST=QQ, L=FrootTown, O=FrootOrg, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: nsCertType=SERVER
Jun 17 14:17:51 	openvpn 	7387 	VERIFY OK: depth=1, C=SE, ST=QQ, L=FrootTown, O=FrootOrg, OU=changeme, CN=changeme, name=changeme, emailAddress=mail@host.domain
Jun 17 14:17:51 	openvpn 	7387 	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jun 17 14:17:51 	openvpn 	7387 	TLS: Initial packet from [AF_INET]178.73.195.106:1205, sid=4c635913 030101ec
Jun 17 14:17:51 	openvpn 	7387 	UDPv4 link remote: [AF_INET]178.73.195.106:1205
Jun 17 14:17:51 	openvpn 	7387 	UDPv4 link local (bound): [AF_INET]192.168.0.15
Jun 17 14:17:44 	openvpn 	7387 	Socket Buffers: R=[42080->42080] S=[57344->57344]
Jun 17 14:17:44 	openvpn 	7387 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jun 17 14:17:44 	openvpn 	7387 	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
Jun 17 14:17:44 	openvpn 	6716 	WARNING: file '/etc/frootvpn-password.txt' is group or others accessible
Jun 17 14:17:44 	openvpn 	6716 	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Jun 17 14:17:44 	openvpn 	6716 	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016

                  Je pense que comme vous me l'avez dit, je doit m’assurer que le VPN ce monte bien avant d’allée plus loin.

                  J'ai donc désactivé les rules et le nat, histoire de partir sur de bonnes bases:

                  Maintenant, je test un pin a partir du wan, et la j'ai direct des DUP

                  Il y a donc un problème sur le WAN. Mais je ne sais pas quoi …

                  Après test d'un ping en passant par le VPN :

                  Pas de soucis.

                  Avez vous des idées, pour ces deux problèmes : Authenticate/Decrypt packet error: bad packet ID et les DUP sur l'interface WAN ?

                  Merci encore pour le temps que vous me consacrez

                  1 Reply Last reply Reply Quote 0
                  • T
                    tocks
                    last edited by

                    Je vais rajouter des information car plus d'info vaut mieux que pas assez.

                    Les logs que je vous ais posté viennent de ma plateforme de dev

                    virtualbox, avec la carte wan en pont a pont

                    Je viens de monter pfsense sur mon esxi qui lui seras ma prod.

                    Et bien je n'ai pas les erreurs dans les log openvpn et je n'ai pas de dup lorsque je ping du WAN ou du VPN.

                    Pensez vous que cela peut venir de virtualbox ?

                    Et pensez vous que tu coup je peux laisser ces erreurs de coté sachant que c'est ma dev et que sur la prod je ne les ais pas ?

                    1 Reply Last reply Reply Quote 0
                    • C
                      chris4916
                      last edited by

                      @tocks:

                      Les logs que je vous ais posté viennent de ma plateforme de dev
                      virtualbox, avec la carte wan en pont a pont
                      Je viens de monter pfsense sur mon esxi qui lui seras ma prod.
                      Et bien je n'ai pas les erreurs dans les log openvpn et je n'ai pas de dup lorsque je ping du WAN ou du VPN.
                      Pensez vous que cela peut venir de virtualbox ?
                      Et pensez vous que tu coup je peux laisser ces erreurs de coté sachant que c'est ma dev et que sur la prod je ne les ais pas ?

                      Comme quoi même en faisant un topic initial avec tout plein d'informations, on passe parfois à coté de choses potentiellement importantes.

                      Je n'ai pas d'avis sur l'aspect VM, désolé.
                      C'est souvent trop compliqué pour moi  ;)

                      Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jdh
                        last edited by

                        Le fait de préciser 'pfSense est une VM' est essentiel ! (devrait être toujours indiqué dès le formulaire)

                        Mais ici, c'est bien pfSense qui envoie ou reçoit 2 paquets (DUP).
                        Je suspecte d'abord de mauvais réglages d'Outbound NAT …

                        Albert EINSTEIN : Si vous ne pouvez pas l'exprimer simplement, c'est que vous ne le comprenez pas assez bien. (If you can’t explain it simply, you don’t understand it well enough.)

                        1 Reply Last reply Reply Quote 0
                        • T
                          tocks
                          last edited by

                          Merci pour tous vos retour. Je n'ai pas de soucis de DUP sur ma production. Je vais donc configurer directement sur ma production qui est sur un esxi.

                          Pour l'instant tous le trafic qui sort du LAN passe bien par mon client VPN.

                          Je vous propose donc de refaire le point sur ma configuration actuel

                          subnet WAN : 192.168.0.0 /24
                          subnet LAN : 192.168.1.0/24
                          Ip pfsense dans le lan : 192.168.0.77
                          Ip pfsense dans le wan 192.168.1.254

                          Configuration du NAT :

                          Configuration des rules :

                          1. cela vous semble t'il correct pour continuer la configuration de pfsense ? Vous me proposez plutôt d'utiliser des routes static au lieu de nat outbound, mais je ne sais pas comment le configurer.

                          2. Cela fait plusieurs jours que je lis de la documentation sur pfsense, et tous n'est pas très claire poour moi. On est bien d'accord que pfsense applique le NAT Avant les Rules ? Ne vaut il donc pas lausser tous passer dans les rules pour être sur qu ele NAT est bien configurer et après remettre le blocage sur les RULES et affiner ?  Car la je passe mon temps a essayer de chôses des deux coté et je pense que c'est pas la bonne technique.

                          Après pour les rules, Elle sont appliqué de haut en bas ou de bas en haut. J'ai trouvé les deux réponses sur le net ?

                          1. J'ai essayé de configurer les rules pour pouvoir accéder à l'interface de configuration de pfsense du WAN, mais sans y arriver. Cela serait quand même beaucoup plus pratique pour moi.

                          2. Je souhaite que le LAN puisse accéder a toutes les machines du WAN, j'ai également essayer plusieurs règles sans succès ?

                          3. Je souhaite que le WAN puisse accéder a toutes les machines du LAN.

                          Merci pour votre aide

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.