new problem(Replay-window backtrack occurred)

[nirmal.singhania2009 0]

hello! admin

from when i the new free premium trial service is started when i connect to any of the three available servers sometimes i got message auth failed but this error not occurs regularly

but when i got connected to any of the servers i got Replay-window backtrack occurred after sometime of establishment of connection and the connection suddenly stops

what is the cause of problem .please solve this problem.this problem occurs everytime i connect to any server

Sat Mar 26 15:03:54 2011 OpenVPN 2.2-beta5 i686-pc-mingw32 [sSL] [LZO2] [PKCS11] built on Nov 30 2010

Sat Mar 26 15:03:54 2011 NOTE: OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined scripts or executables

Sat Mar 26 15:03:54 2011 LZO compression initialized

Sat Mar 26 15:03:54 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Sat Mar 26 15:03:54 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]

Sat Mar 26 15:03:54 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Sat Mar 26 15:03:54 2011 Local Options hash (VER=V4): \'22188c5b\'

Sat Mar 26 15:03:54 2011 Expected Remote Options hash (VER=V4): \'a8f55717\'

Sat Mar 26 15:03:54 2011 UDPv4 link local: [undef]

Sat Mar 26 15:03:54 2011 UDPv4 link remote: 174.140.166.91:53

Sat Mar 26 15:03:55 2011 TLS: Initial packet from 174.140.166.91:53, sid=74f575d5 c24a7eb8

Sat Mar 26 15:04:07 2011 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Sat Mar 26 15:04:07 2011 VERIFY OK: nsCertType=SERVER

Sat Mar 26 15:04:07 2011 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Sat Mar 26 15:04:24 2011 Data Channel Encrypt: Cipher \'AES-256-CBC\' initialized with 256 bit key

Sat Mar 26 15:04:24 2011 Data Channel Encrypt: Using 160 bit message hash \'SHA1\' for HMAC authentication

Sat Mar 26 15:04:24 2011 Data Channel Decrypt: Cipher \'AES-256-CBC\' initialized with 256 bit key

Sat Mar 26 15:04:24 2011 Data Channel Decrypt: Using 160 bit message hash \'SHA1\' for HMAC authentication

Sat Mar 26 15:04:24 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sat Mar 26 15:04:24 2011 [server] Peer Connection Initiated with 174.140.166.91:53

Sat Mar 26 15:04:26 2011 SENT CONTROL [server]: \'PUSH_REQUEST\' (status=1)

Sat Mar 26 15:04:28 2011 PUSH: Received control message: \'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.8.0.1,comp-lzo no,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.42 10.8.0.41\'

Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: timers and/or timeouts modified

Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: LZO parms modified

Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: --ifconfig/up options modified

Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: route options modified

Sat Mar 26 15:04:28 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Sat Mar 26 15:04:28 2011 ROUTE default_gateway=14.195.103.120

Sat Mar 26 15:04:28 2011 TAP-WIN32 device [Local Area Connection 21] opened: \\\\.\\Global\\{CE620C85-F3A5-4A95-93CD-1154657CE0EC}.tap

Sat Mar 26 15:04:28 2011 TAP-Win32 Driver Version 9.7

Sat Mar 26 15:04:28 2011 TAP-Win32 MTU=1500

Sat Mar 26 15:04:28 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.42/255.255.255.252 on interface {CE620C85-F3A5-4A95-93CD-1154657CE0EC} [DHCP-serv: 10.8.0.41, lease-time: 31536000]

Sat Mar 26 15:04:28 2011 Successful ARP Flush on interface [2] {CE620C85-F3A5-4A95-93CD-1154657CE0EC}

Sat Mar 26 15:04:33 2011 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up

Sat Mar 26 15:04:33 2011 C:\\WINDOWS\\system32\\route.exe ADD 174.140.166.91 MASK 255.255.255.255 14.195.103.120

Sat Mar 26 15:04:33 2011 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=393220]

Sat Mar 26 15:04:33 2011 Route addition via IPAPI failed [adaptive]

Sat Mar 26 15:04:33 2011 Route addition fallback to route.exe

Sat Mar 26 15:04:33 2011 C:\\WINDOWS\\system32\\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.41

Sat Mar 26 15:04:33 2011 Route addition via IPAPI succeeded [adaptive]

Sat Mar 26 15:04:33 2011 C:\\WINDOWS\\system32\\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.41

Sat Mar 26 15:04:33 2011 Route addition via IPAPI succeeded [adaptive]

Sat Mar 26 15:04:33 2011 C:\\WINDOWS\\system32\\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.41

Sat Mar 26 15:04:33 2011 Route addition via IPAPI succeeded [adaptive]

Sat Mar 26 15:04:33 2011 Initialization Sequence Completed

Sat Mar 26 15:09:06 2011 Replay-window backtrack occurred [1]

Sat Mar 26 15:09:06 2011 Replay-window backtrack occurred [3]

Sat Mar 26 15:10:33 2011 Replay-window backtrack occurred [11]

[Staff 9972]

Hello!

The problem may be caused by high latency or elevated packets loss. Try to connect on a TCP port instead of UDP.

Kind regards

AirVPN admins

[nirmal.singhania2009 0]

hello admin

i have a problem i am required to use only udp port. so i cant try tcp port.

please give any solution to get rid of this problem on udp.

earlier on free service i never got this type of error .even on udp port

[Staff 9972]

nirmal.singhania2009 wrote:

hello admin

i have a problem i am required to use only udp port. so i cant try tcp port.

please give any solution to get rid of this problem on udp.

earlier on free service i never got this type of error .even on udp port

Hello!

It depends on the quality line of your ISP, there\'s not much we can do if you can\'t use TCP. Try changing connection server and see if it gets better. Each server is on a different datacenter, so it\'s worth to give them all a try.

Kind regards

AirVPN admins

[nirmal.singhania2009 0]

is there no solution to this problem except changing to tcp

[Staff 9972]

nirmal.singhania2009 wrote:

is there no solution to this problem except changing to tcp

Hello!

The other solution would be to get a better connection line. The problem is caused by loss of packets which can\'t be corrected by UDP, as it is designed specifically NOT to handle at all this problem. If you are under a freedom of expression hostile regime, feel free to contact Telecomix to discuss and use tools against censorship and to improve your security.

Kind regards

Paolo

AirVPN

[nirmal.singhania2009 0]

my isp blocked tcp port and many websites .am i under a freedom of expression hostile regime.

how to contact telecomix

[Staff 9972]

nirmal.singhania2009 wrote:

my isp blocked tcp port and many websites .am i under a freedom of expression hostile regime.

how to contact telecomix

Hello!

If your ISP follows this behaviour under government orders, the answer is yes. To contact Telecomix please read the following post:

'>https://airvpn.org/index.php?option=com_kunena&Itemid=55&func=view&catid=3&id=459#459>

However, if your ISP blocked all TCP ports, you could not have an Internet access, so there\'s something strange in your description.

Kind regards

AirVPN admins

[nikhil1994 0]

use this hotfix.it will surely help you.use this for windows 7

Windows6.1-KB925681-x86.msu - 202.2 Kb

use this if you are having windows xp

1298449584-nikhil1994-WindowsXP-KB925681-x86-ENU_exe.exe - 490.3 Kb

without this hotfix there is always chance of backtrack error.that\'s why it\'s important to enable automatic updates.with this hotfix no disconnections.

[nirmal.singhania2009 0]

hey nikhil bro after installing the hotfix i am getting the same error Replay-window backtrack occurred

plz provide any other solution

[rinaldo_wouterson 0]

To anyone stumbling upon this page:

 

You can update an .ovpn file (in case of UDP only) by including "replay-window 512 15" without quotes.

 

According to the OpenVPN Manual:

 

--replay-window n [t] ==> By default n  (the window size) is 64 (which is the IPSec default) and t is 15 seconds.

 

I personally check 512 packets in the same default time, which according to Cisco "has no impact on throughput and security. The impact on memory is insignificant because only an extra 128 bytes per incoming IPsec SA is needed to store the sequence number on the decryptor".

[OpenSourcerer 1435]

"increasing the replay window may be a very bad idea if it is a real replay attack"

 

And please note that Cisco is talking about IPsec, not OpenVPN.