Jump to content
Not connected, Your IP: 18.217.228.195
plainzwalker

HMAC authentication and bad packet id errors

Recommended Posts

So I have noticed recently that I have been getting a lot of bad packet id errors and at least that I have seen today HMAC authentication errors. I did some googling  for the HMAC and added tls-client to my .conf but it is still having this issue. For the replay errors I tried fixing this before with switching between different NL servers, but I seem to get them from all of them. Any suggestions on a fix for these?

 

OS:  Ubuntu 16.04.1 LTS (server so no GUI/network manager) with OpenVPN client

 

 

Thank you

 

 

Thu Oct 27 13:59:27 2016 Authenticate/Decrypt packet error: packet HMAC authentication failed

 

Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1133296 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1134474 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1135562 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1135984 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1135986 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1135988 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1135989 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1135992 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136001 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136008 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136011 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136012 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136013 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136014 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136018 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 27 13:59:19 2016 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1136020 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

OpenVPN conf:

jeff@behemuth:~$ cat /etc/openvpn/OpenVPNConfigFile.conf
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Wednesday 6th of January 2016 02:31:28 AM
# OpenVPN Client Configuration
# AirVPN_Netherlands_UDP-443
# --------------------------------------------------------

client
dev tun
proto udp
remote 213.152.161.9 443
resolv-retry infinite
nobind
persist-key
#persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
ca "ca.crt"
cert "user.crt"
key "user.key"
tls-auth "ta.key" 1
tls-client
keepalive 10 120
log-append /var/log/openvpn.log

Share this post


Link to post

You're not alone. I noticed many of the same errors on a UDP connection to a Los Angeles server. I'm using Tunnelblick 3.6.9b01 on OS X 10.11.

Share this post


Link to post

SWIM is having the same problem using Tunnelblick connecting directly to specific NL servers (ovpn config files with resolved hostnames - better not to request A records of VPN servers from ISP's DNS servers right?). Using standard port 443/udp.

 

Initially torrent runs ok for a few minutes then a flood of bad packet id (may be a replay) messages begins.

 

Is it correct to suggest to SWIM that this is either their ISP or some other monitoring body attempting to compromise their tunnel?

 

What SWIM is concerned about is the effect of these bad packets - is it possible for unknown agent to ascertain real public IP address this way?

 

Share this post


Link to post

Hello!

 

Those bad packet id errors can sometimes be resolved by switching to the TCP protocol, in case that wasn't evident .


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...