AEAD Decrypt Error since 2.4.3



  • Hi everyone,
    anyone also realized about problems with openvpn in PFSense 2.4.3?
    Until i upgraded, my VPN Configuration to Cyberghost always worked properly, without any problems or crashes. But since the Update, especially on high-traffic-load, i get following failure:

    "AEAD Decrypt error: bad packet ID (may be a replay): [ #794958 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings".

    Sometimes also the connection is breaking down completely and then i cannot ping any adress anymore, until i restart the OpenVPN Service.
    Unfortunately i yet couldn`t find for this any information / evidence in the logs, what could cause this. Just the AEAD decrypt-error is flooding my logs.

    Until then it was never a problem on UDP with exactly the same configuration.



  • Hi,

    As said somewhat earlier, it could be this, or, as proposed elsewhere, according Google, you have experiment a bit with "mssfix 1300".



  • @Gertjan:

    Hi,

    As said somewhat earlier, it could be this, or, as proposed elsewhere, according Google, you have experiment a bit with "mssfix 1300".

    Hi,
    thank you for your reply.
    I already tried to play with the mssfix, but yet no success.
    I also read in another thread, that maybe the time on my machine or the VPN-Server might be out of time - so i changed the NTP Servers, but no success.