Jump to content
Not connected, Your IP: 18.222.121.24
Lee47

AEAD Decrypt error: bad packet ID errors when torrenting

Recommended Posts

Hi I currently get these errors in my openvpn logs, researching this problem I spotted numerous threads around the net and some pointed back here:
 
And here:
 
I just wanted to know reports on the internet are conflicting, some say ignore these errors its just the way how udp and openvpn work and then others say try the MSS fix.

I am still playing around with my mss fix in my openvpn config and have improved it but still get 100s of errors during torrenting, is the MSS fix suppose to get rid of the errors 100% or will I always get some ?
 

Share this post


Link to post

Hello!

mssfix n directive tells OpenVPN to fragment TCP packets larger than n bytes inside the UDP tunnel  If the bad packets problems is caused by an MTU size (it could be smaller than 1500 bytes), mssfix will fix the problem totally, assuming that you find the correct size. You can empirically go down, by setting lower and lower n, at little steps, for example 25 bytes at a time. Start from 1450, then try 1425 if necessary, then 1400 and so on if necessary.

mssfix directive makes sense only on connections over UDP.

Note that the smaller the maximum size "n", the lower the throughput, so it is essential to find a correct balance and the highest possible value.

If mssfix does not resolve the issue, then the cause is probably different. Can you tell us your Operating System exact version?

Kind regards
 

Share this post


Link to post
1 hour ago, Staff said:

Hello!

mssfix n directive tells OpenVPN to fragment TCP packets larger than n bytes inside the UDP tunnel  If the bad packets problems is caused by an MTU size (it could be smaller than 1500 bytes), mssfix will fix the problem totally, assuming that you find the correct size. You can empirically go down, by setting lower and lower n, at little steps, for example 25 bytes at a time. Start from 1450, then try 1425 if necessary, then 1400 and so on if necessary.

mssfix directive makes sense only on connections over UDP.

Note that the smaller the maximum size "n", the lower the throughput, so it is essential to find a correct balance and the highest possible value.

If mssfix does not resolve the issue, then the cause is probably different. Can you tell us your Operating System exact version?

Kind regards
 


Thanks for the information, its good to know it can fix the issue. I am using Windows 10 latest build and full updates, default windows firewall/av. But I am currently using pfsense and using pfsense_fans air guide.

I did manage to solve most of my speed cap issues in torrents by disabling uTP and switching to TCP only but I spotted those bad packet errors during the logs but it does not appear to be limiting my speed totally or causing too much issue, I will try to reduce and play around with mss amounts and see if I have success, thx.



 

Share this post


Link to post

Hello!

If you connect in TCP mssfix is irrelevant because it refers to TCP packets in UDP tunnels only.

Kind regards
 

Share this post


Link to post
36 minutes ago, Staff said:

Hello!

If you connect in TCP mssfix is irrelevant because it refers to TCP packets in UDP tunnels only.

Kind regards
 


Hi, I forgot to add TCP setting is only in qbittorent app setting but in pfsense I connect via udp for better performance.

If I do however connect to tcp via pfsense and closest air server while torrenting no bad packets, I will try other mss fix settings though to hopefully find one that works.

Share this post


Link to post

In my case changing UDP port to 53 stopped the errors. With UDP 443 I get instantly dozens/hundreds of them as soon as I download something (even Speedtest.net test is enough to produce them). I'm using Openvpn from commandline and AirVPN's own auto-generated configs which I have not changed..

I have a feeling these errors started coming once I changed my router's firmware to Openwrt (for clarification: I have not installed VPN on the router), so there might be less than optimal settings somewhere? Or is it an ISP issue?

I tried mssfix values between 1400-1500 (10 increments), it didn't help, I didn't go lower since ended up trying the different port instead.

Share this post


Link to post
30 minutes ago, db-001 said:

In my case changing UDP port to 53 stopped the errors. With UDP 443 I get instantly dozens/hundreds of them as soon as I download something (even Speedtest.net test is enough to produce them). I'm using Openvpn from commandline and AirVPN's own auto-generated configs which I have not changed..

I have a feeling these errors started coming once I changed my router's firmware to Openwrt (for clarification: I have not installed VPN on the router), so there might be less than optimal settings somewhere? Or is it an ISP issue?

I tried mssfix values between 1400-1500 (10 increments), it didn't help, I didn't go lower since ended up trying the different port instead.


That is interesting the switch to UDP port 53, I also ran through every single port but no luck. Yes I too found speedtest and similar speedtest sites can trigger bad packets but queing up 20-30 torrents is the easiest way to trigger the bad packets, even 3 latest ubuntu torrents can do it for me. I also tried by 10 from 1500 down to 1200, took me few days of testing but no luck, each time I figured I found a good MSS setting on the 8th - 12th Torrent test the bad packet errors would pop up.

The reason I needed mss fix to work since I experience an 80-90% speed drop due to the bad packets and sometimes it wiggles free other times not, switching to IPsec or WireGuard (not recommended for now due to privacy issues imo) do however fix my bad packets and 90% connection drop.

Maybe as a test you could try connecting your Router directly to the PC and running eddie and seeing if eddie logs shows the same errors?, this way for sure you know it's not the Openwrt or firmware, I found my bad packets came from the ISP router directly, using pfsense or Asus router the bad packets still existed however.

Just out of interest are you on a Cable modem with Cable ISP ? I am with Virgin Media ISP with cable modem

 

Share this post


Link to post
5 hours ago, Flx said:
On 2/23/2020 at 1:25 PM, Lee47 said:

That is interesting the switch to UDP port 53, I also ran through every single port but no luck.

Use port 41185 see if that works?

cheers did give it a shot with port 41185 but bad packets on first ubuntu torrent download attempt, I did run through every udp port a few weeks ago, only TCP and WireGuard/IPsec are the real fixes I had any success with to fix bad packets.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...