Jump to content
Not connected, Your IP: 18.207.108.182
AirVPN
Zxurian

Getting continuous Authenticate/Decrypt spam in system log for ovpn-AirVPN

By Zxurian, ... in Troubleshooting and Problems

Recommended Posts

Zxurian    3

Zxurian
Posted ...

I get these continuously in my logs when airVPN is running off of My Linux Box

 

Jan 25 22:24:08 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3581996 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:08 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3583458 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3583851 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584118 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584803 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584804 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585226 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585321 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585492 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585850 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:10 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3586431 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:11 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3589445 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:12 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3590928 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:12 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3591293 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:13 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3593456 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3595875 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3596932 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3596951 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:15 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3599047 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:17 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3603267 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:19 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3607338 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
 
How can I stop this from happening as I think it's causing other issues due to the large amount of log file buildup.

Share this post

Link to post

OpenSourcerer    940

OpenSourcerer
Posted ...

silence this warning with --mute-replay-warnings

 

This option should be there somewhere.

Or try another server, port or protocol.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post

Link to post

Zxurian    3

Zxurian
Posted ...

muting the warnings doesn't really solve the problem, just keeps it from showing up.

 

Do you know what's causing the issue?

Share this post

Link to post

OpenSourcerer    940

OpenSourcerer
Posted ...

No, I'm unable to tell you what the problem is. Never had that one before but maybe TCP can solve this.

You could also try increasing the replay window.

--replay-window 64 20
(default is 64 15; if not working try 64 30)

(seen here)

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post

Link to post

Staff    8653

Staff
Posted ...

No, I'm unable to tell you what the problem is. Never had that one before but maybe TCP can solve this.

You could also try increasing the replay window.

--replay-window 64 20
(default is 64 15; if not working try 64 30)
(seen here)

 

Hello,

 

increasing the replay window may be a very bad idea if it is a real replay attack. Please see here https://airvpn.org/topic/3773-pls-help-strange-logs/?do=findComment&comment=3784

 

Kind regards

Share this post

Link to post

OpenSourcerer    940

OpenSourcerer
Posted ...

Hello,

 

increasing the replay window may be a very bad idea if it is a real replay attack. Please see here https://airvpn.org/topic/3773-pls-help-strange-logs/?do=findComment&comment=3784

 

Kind regards

 

"The best solution to a problem is usually the easiest one."  - GLaDOS

And the easiest solution is changing the server, the port or the protocol, aye? It mustn't be a replay attack...

 

So, Mr. Zxurian, would you please just try out another server? Easiest things first.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post

Link to post

OpenSourcerer    940

OpenSourcerer
Posted ...

Are you using some sort of high latency internet connection such as Satellite? Or are you using WiFi to connect to the router? Both in connection with UDP can cause this.

 

Or maybe your ISP is doing something with the UDP traffic, something similar to a replay attack..

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post

Link to post

Zxurian    3

Zxurian
Posted ...

Nope.

 

Comcast connection (50d/15u supposedly)

Everything is connected wired

Modem -> Router -> Switch -> Box running OpenVPN

 

If Comcast is doing something with a replay attack (as I wouldn't put it past them), is there anyway that I can prove it so I can call them on it?

 

Are you using some sort of high latency internet connection such as Satellite? Or are you using WiFi to connect to the router? Both in connection with UDP can cause this.

 

Or maybe your ISP is doing something with the UDP traffic, something similar to a replay attack..

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...