Repeated warnings in OpenVPN log



  • I have repeated warnings in my OpenVPN logs:

    xxx.xxx.xxx.xxx:61586 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1575 – please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart…]

    These seem to be present even when no client is connected to my pfSense OpenVPN server (although the pfSense box is still connected as an OpenVPN client to another OpenVPN server).

    What is causing these entries?  And is there a setting I can alter to prevent the problem (if in fact there is a problem)?



  • (bump)

    Anyone?


  • Rebel Alliance Developer Netgate

    It could be junk packets hitting the port. Non-OpenVPN traffic attempting to talk to it, like a port scanner.



  • That makes sense.  I notice, however, that some of the warnings have a source IP that is internal to my network.  How would one explain that?