Openvpn[50203]: Authenticate/Decrypt packet error ?



  • Hi I have just noticed this error mulitple times in my openvpn system logs:

    Jan 15 05:27:02 openvpn[50203]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3179030 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 15 05:32:02 openvpn[50203]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3507028 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 15 05:42:02 openvpn[50203]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #227671 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

    It actually repeats non stop, I followed a pfsense VPN guide but I am unsure how to go about fixing this error ?

    Any advice is welcome cheers


  • Rebel Alliance Developer Netgate

    That can be a few different things but usually it boils down to one of two:

    1. The clock is off on one or both sides
    2. The internet connection is bad between the two, causing packets to arrive out of order or multiple times.



  • Some outside services are injecting packets to the stream to get a bounce containing info on the download. It's just a way to see what's the content of the stream by a thrd party.



  • Wow! Resurrecting a 2 year thread.

    In my case, I switched from UDP to TCP and the messages stopped.



  • @gjaltemba:

    Wow! Resurrecting a 2 year thread.

    In my case, I switched from UDP to TCP and the messages stopped.

    I second that, same config, but install set to use TCP, connects instantly (instead of waiting, then timing out).



  • I got this error on a UDP too where I have a mis match in cipher, server was none and client was AES-128-CBC and a mismatch in the comp-lzo, server said no and client was comp-lzo.