Jump to content
Not connected, Your IP: 18.208.159.25
Zxurian

Getting continuous Authenticate/Decrypt spam in system log for ovpn-AirVPN

Recommended Posts

I get these continuously in my logs when airVPN is running off of My Linux Box

 

Jan 25 22:24:08 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3581996 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:08 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3583458 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3583851 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584118 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584803 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584804 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585226 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585321 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585492 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585850 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:10 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3586431 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:11 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3589445 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:12 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3590928 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:12 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3591293 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:13 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3593456 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3595875 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3596932 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3596951 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:15 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3599047 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:17 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3603267 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:19 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3607338 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
 
How can I stop this from happening as I think it's causing other issues due to the large amount of log file buildup.

Share this post


Link to post

silence this warning with --mute-replay-warnings

 

This option should be there somewhere.

Or try another server, port or protocol.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

muting the warnings doesn't really solve the problem, just keeps it from showing up.

 

Do you know what's causing the issue?

Share this post


Link to post

No, I'm unable to tell you what the problem is. Never had that one before but maybe TCP can solve this.

You could also try increasing the replay window.

--replay-window 64 20
(default is 64 15; if not working try 64 30)

(seen here)


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

No, I'm unable to tell you what the problem is. Never had that one before but maybe TCP can solve this.

You could also try increasing the replay window.

--replay-window 64 20
(default is 64 15; if not working try 64 30)
(seen here)

 

Hello,

 

increasing the replay window may be a very bad idea if it is a real replay attack. Please see here https://airvpn.org/topic/3773-pls-help-strange-logs/?do=findComment&comment=3784

 

Kind regards

Share this post


Link to post

Hello,

 

increasing the replay window may be a very bad idea if it is a real replay attack. Please see here https://airvpn.org/topic/3773-pls-help-strange-logs/?do=findComment&comment=3784

 

Kind regards

 

"The best solution to a problem is usually the easiest one."  - GLaDOS

And the easiest solution is changing the server, the port or the protocol, aye? It mustn't be a replay attack...

 

So, Mr. Zxurian, would you please just try out another server? Easiest things first.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Are you using some sort of high latency internet connection such as Satellite? Or are you using WiFi to connect to the router? Both in connection with UDP can cause this.

 

Or maybe your ISP is doing something with the UDP traffic, something similar to a replay attack..


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Nope.

 

Comcast connection (50d/15u supposedly)

Everything is connected wired

Modem -> Router -> Switch -> Box running OpenVPN

 

If Comcast is doing something with a replay attack (as I wouldn't put it past them), is there anyway that I can prove it so I can call them on it?

 

Are you using some sort of high latency internet connection such as Satellite? Or are you using WiFi to connect to the router? Both in connection with UDP can cause this.

 

Or maybe your ISP is doing something with the UDP traffic, something similar to a replay attack..

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...