Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mute replay warnings...

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeff3820
      last edited by

      When clients are connected to the OpenVPN servert in Pfsense 2.5.1 (issue was present in 2.5.0 as well) I get repetitive entries in the OpenVPN log file:

      jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #24 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      

      Apr 23 14:04:38 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:38 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #23 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #22 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #20 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #19 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:37 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #18 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:36 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:36 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #17 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:36 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:36 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #16 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:36 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:36 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #15 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:36 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:36 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #14 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #13 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #12 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #11 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #10 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #9 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:35 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #8 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:34 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:34 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #7 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:34 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:34 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #6 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:34 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:34 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #5 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:34 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:34 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:33 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:33 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:33 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:33 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Apr 23 14:04:33 openvpn 39451 jeffremote/174.192.136.202:11696 TLS Error: incoming packet authentication failed from [AF_INET]174.192.136.202:11696
      Apr 23 14:04:33 openvpn 39451 jeffremote/174.192.136.202:11696 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1619201100) 2021-04-23 13:05:00 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

      I've tried adding --mute-replay-warnings to the custom options in the OpenVPN server but the replay warnings persist.

      Any ideas??

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @jeff3820
        last edited by Gertjan

        @jeff3820

        You are using the latest client-export pfSense package ?
        You created an OpenVPN client config with it for your OpenVPN client ?
        What is your OpenVPN server version ? (2.5.2 ?)
        What is your OpenVPN Client version ? (2.5.2)

        The fasted path to the solution :
        Compare the OpenVPN client config and server config.
        The server config is here /var/etc/openvpn/server1/config.ovpn

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        J GertjanG 3 Replies Last reply Reply Quote 0
        • J
          jeff3820 @Gertjan
          last edited by

          @gertjan Sorry, not real familiar with FreeBSD commands or how to use diagnostics/command prompt to display file contents. Can you send more detailed instructions?

          J GertjanG 2 Replies Last reply Reply Quote 0
          • J
            jeff3820 @jeff3820
            last edited by

            @jeff3820 I figured it out...cat command

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @jeff3820
              last edited by

              @jeff3820 said in Mute replay warnings...:

              @gertjan Sorry, not real familiar with FreeBSD commands or how to use diagnostics/command prompt to display file contents. Can you send more detailed instructions?

              The console access (the console access is the real live saver - the SSH access is next best - the GUI access is only good for when everything is fine ^^ ) : use option 8.
              Then

              cd /var/etc/openvpn/server1/
              

              The command 'cd' works on any OS on planet earth.

              Then type "ls -al" which stands for "dir" on msdos.

              cat config.opvn
              

              is a good way to show content of file.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • J
                jeff3820 @Gertjan
                last edited by

                @gertjan well, nothing stands out comparing client and server configurations. Same settings on both. Clients see no drop in connectivity or performance. Seems to be some correlation with changing from cellular to WiFi networks but not always. I wonder if running TCP in lieu of UDP would be more robust.

                1 Reply Last reply Reply Quote 0
                • GertjanG
                  Gertjan @Gertjan
                  last edited by

                  @gertjan said in Mute replay warnings...:

                  You are using the latest client-export pfSense package ?
                  You created an OpenVPN client config with it for your OpenVPN client ?
                  What is your OpenVPN server version ? (2.5.2 ?)
                  What is your OpenVPN Client version ? (2.5.2)

                  ?

                  No "help me" PM's please. Use the forum, the community will thank you.
                  Edit : and where are the logs ??

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    jeff3820 @Gertjan
                    last edited by

                    @gertjan Yes to all. On latest version of PfSense, client export package. For the client, I use Passpartout as it automatically turns OpenVPN off when in range of trusted WiFi...like arriving at home or the office. OpenVPN Connect really needs to add that feature.

                    I might give OpenVPN Connect a try to see if any different.

                    1 Reply Last reply Reply Quote 0
                    • T
                      tank330
                      last edited by

                      what was the command you ran? sorry running into the same issue now. it doesn't affect the connection from what i have seen but it clutters the log, using the vpn with more than one client so id like to get this stuff off the log. sorry i am a bit of a pfsense noob

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        jeff3820 @tank330
                        last edited by

                        @tank330 Never resolved the issue..the mute-reply warnings are still there. Just clutters up the logs...

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.