nirmal.singhania2009 0 Posted ... hello! admin from when i the new free premium trial service is started when i connect to any of the three available servers sometimes i got message auth failed but this error not occurs regularly but when i got connected to any of the servers i got Replay-window backtrack occurred after sometime of establishment of connection and the connection suddenly stops what is the cause of problem .please solve this problem.this problem occurs everytime i connect to any server Sat Mar 26 15:03:54 2011 OpenVPN 2.2-beta5 i686-pc-mingw32 [sSL] [LZO2] [PKCS11] built on Nov 30 2010 Sat Mar 26 15:03:54 2011 NOTE: OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined scripts or executables Sat Mar 26 15:03:54 2011 LZO compression initialized Sat Mar 26 15:03:54 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Mar 26 15:03:54 2011 Socket Buffers: R=[8192->8192] S=[8192->8192] Sat Mar 26 15:03:54 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ] Sat Mar 26 15:03:54 2011 Local Options hash (VER=V4): \'22188c5b\' Sat Mar 26 15:03:54 2011 Expected Remote Options hash (VER=V4): \'a8f55717\' Sat Mar 26 15:03:54 2011 UDPv4 link local: [undef] Sat Mar 26 15:03:54 2011 UDPv4 link remote: 174.140.166.91:53 Sat Mar 26 15:03:55 2011 TLS: Initial packet from 174.140.166.91:53, sid=74f575d5 c24a7eb8 Sat Mar 26 15:04:07 2011 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org Sat Mar 26 15:04:07 2011 VERIFY OK: nsCertType=SERVER Sat Mar 26 15:04:07 2011 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org Sat Mar 26 15:04:24 2011 Data Channel Encrypt: Cipher \'AES-256-CBC\' initialized with 256 bit key Sat Mar 26 15:04:24 2011 Data Channel Encrypt: Using 160 bit message hash \'SHA1\' for HMAC authentication Sat Mar 26 15:04:24 2011 Data Channel Decrypt: Cipher \'AES-256-CBC\' initialized with 256 bit key Sat Mar 26 15:04:24 2011 Data Channel Decrypt: Using 160 bit message hash \'SHA1\' for HMAC authentication Sat Mar 26 15:04:24 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Sat Mar 26 15:04:24 2011 [server] Peer Connection Initiated with 174.140.166.91:53 Sat Mar 26 15:04:26 2011 SENT CONTROL [server]: \'PUSH_REQUEST\' (status=1) Sat Mar 26 15:04:28 2011 PUSH: Received control message: \'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.0.1,comp-lzo no,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.42 10.8.0.41\' Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: timers and/or timeouts modified Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: LZO parms modified Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: --ifconfig/up options modified Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: route options modified Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sat Mar 26 15:04:28 2011 ROUTE default_gateway=14.195.103.120 Sat Mar 26 15:04:28 2011 TAP-WIN32 device [Local Area Connection 21] opened: \\\\.\\Global\\{CE620C85-F3A5-4A95-93CD-1154657CE0EC}.tap Sat Mar 26 15:04:28 2011 TAP-Win32 Driver Version 9.7 Sat Mar 26 15:04:28 2011 TAP-Win32 MTU=1500 Sat Mar 26 15:04:28 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.42/255.255.255.252 on interface {CE620C85-F3A5-4A95-93CD-1154657CE0EC} [DHCP-serv: 10.8.0.41, lease-time: 31536000] Sat Mar 26 15:04:28 2011 Successful ARP Flush on interface [2] {CE620C85-F3A5-4A95-93CD-1154657CE0EC} Sat Mar 26 15:04:33 2011 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up Sat Mar 26 15:04:33 2011 C:\\WINDOWS\\system32\\route.exe ADD 174.140.166.91 MASK 255.255.255.255 14.195.103.120 Sat Mar 26 15:04:33 2011 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=393220] Sat Mar 26 15:04:33 2011 Route addition via IPAPI failed [adaptive] Sat Mar 26 15:04:33 2011 Route addition fallback to route.exe Sat Mar 26 15:04:33 2011 C:\\WINDOWS\\system32\\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.41 Sat Mar 26 15:04:33 2011 Route addition via IPAPI succeeded [adaptive] Sat Mar 26 15:04:33 2011 C:\\WINDOWS\\system32\\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.41 Sat Mar 26 15:04:33 2011 Route addition via IPAPI succeeded [adaptive] Sat Mar 26 15:04:33 2011 C:\\WINDOWS\\system32\\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.41 Sat Mar 26 15:04:33 2011 Route addition via IPAPI succeeded [adaptive] Sat Mar 26 15:04:33 2011 Initialization Sequence Completed Sat Mar 26 15:09:06 2011 Replay-window backtrack occurred [1] Sat Mar 26 15:09:06 2011 Replay-window backtrack occurred [3] Sat Mar 26 15:10:33 2011 Replay-window backtrack occurred [11] Quote Share this post Link to post
Staff 9973 Posted ... Hello! The problem may be caused by high latency or elevated packets loss. Try to connect on a TCP port instead of UDP. Kind regards AirVPN admins Quote Share this post Link to post
nirmal.singhania2009 0 Posted ... hello admin i have a problem i am required to use only udp port. so i cant try tcp port. please give any solution to get rid of this problem on udp. earlier on free service i never got this type of error .even on udp port Quote Share this post Link to post
Staff 9973 Posted ... nirmal.singhania2009 wrote:hello admin i have a problem i am required to use only udp port. so i cant try tcp port. please give any solution to get rid of this problem on udp.earlier on free service i never got this type of error .even on udp portHello!It depends on the quality line of your ISP, there\'s not much we can do if you can\'t use TCP. Try changing connection server and see if it gets better. Each server is on a different datacenter, so it\'s worth to give them all a try.Kind regardsAirVPN admins Quote Share this post Link to post
nirmal.singhania2009 0 Posted ... is there no solution to this problem except changing to tcp Quote Share this post Link to post
Staff 9973 Posted ... nirmal.singhania2009 wrote:is there no solution to this problem except changing to tcpHello!The other solution would be to get a better connection line. The problem is caused by loss of packets which can\'t be corrected by UDP, as it is designed specifically NOT to handle at all this problem. If you are under a freedom of expression hostile regime, feel free to contact Telecomix to discuss and use tools against censorship and to improve your security.Kind regardsPaoloAirVPN Quote Share this post Link to post
nirmal.singhania2009 0 Posted ... my isp blocked tcp port and many websites .am i under a freedom of expression hostile regime. how to contact telecomix Quote Share this post Link to post
Staff 9973 Posted ... nirmal.singhania2009 wrote:my isp blocked tcp port and many websites .am i under a freedom of expression hostile regime.how to contact telecomixHello!If your ISP follows this behaviour under government orders, the answer is yes. To contact Telecomix please read the following post:'>https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=3&id=459#459>However, if your ISP blocked all TCP ports, you could not have an Internet access, so there\'s something strange in your description.Kind regardsAirVPN admins Quote Share this post Link to post
nikhil1994 0 Posted ... use this hotfix.it will surely help you.use this for windows 7 Windows6.1-KB925681-x86.msu - 202.2 Kb use this if you are having windows xp 1298449584-nikhil1994-WindowsXP-KB925681-x86-ENU_exe.exe - 490.3 Kb without this hotfix there is always chance of backtrack error.that\'s why it\'s important to enable automatic updates.with this hotfix no disconnections. Quote Share this post Link to post
nirmal.singhania2009 0 Posted ... hey nikhil bro after installing the hotfix i am getting the same error Replay-window backtrack occurred plz provide any other solution Quote Share this post Link to post
rinaldo_wouterson 0 Posted ... To anyone stumbling upon this page: You can update an .ovpn file (in case of UDP only) by including "replay-window 512 15" without quotes. According to the OpenVPN Manual: --replay-window n [t] ==> By default n (the window size) is 64 (which is the IPSec default) and t is 15 seconds. I personally check 512 packets in the same default time, which according to Cisco "has no impact on throughput and security. The impact on memory is insignificant because only an extra 128 bytes per incoming IPsec SA is needed to store the sequence number on the decryptor". Quote Share this post Link to post
OpenSourcerer 1435 Posted ... "increasing the replay window may be a very bad idea if it is a real replay attack" And please note that Cisco is talking about IPsec, not OpenVPN. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post