1301 0 Posted ... I always get this error in the log after connecting, is there anything I can do? Is this why my download is sometimes very slow? I'm using cable, I read that it's a provider problem so there's nothing I can do. . 2023.09.01 08:15:45 - Eddie version: 2.21.8 / windows_x64, System: Windows, Name: win 10 . 2023.09.01 08:15:45 - Command line arguments (1): path="home" . 2023.09.01 08:15:45 - Reading options from . 2023.09.01 08:15:46 - OpenVPN - Version: 2.5.5 - OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 . 2023.09.01 08:15:46 - SSH - Version: plink . 2023.09.01 08:15:46 - SSL - Version: stunnel I 2023.09.01 08:15:46 - Ready . 2023.09.01 08:15:47 - Collect information about AirVPN completed ! 2023.09.01 08:15:49 - Activation of Network Lock - Windows Filtering Platform . 2023.09.01 08:16:06 - Collect information about AirVPN completed I 2023.09.01 08:16:18 - Session starting. I 2023.09.01 08:16:19 - Checking authorization ... . 2023.09.01 08:16:20 - Added new network interface "Eddie", Wintun version 0.14 . 2023.09.01 08:16:20 - Using WinTun network interface "Eddie (Wintun Userspace Tunnel #2)" ! 2023.09.01 08:16:20 - Connecting to Melnick (Netherlands, Alblasserdam) . 2023.09.01 08:16:20 - Routes, add 134.19.179.165/32 for interface "Ethernet 2 (Intel(R) Ethernet Controller (3) )". . 2023.09.01 08:16:20 - Routes, add 134.19.179.165/32 for interface "Ethernet 2 (Intel(R) Ethernet Controller (3)", already exists. . 2023.09.01 08:16:20 - OpenVPN > OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021 . 2023.09.01 08:16:20 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit . 2023.09.01 08:16:20 - OpenVPN > library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 . 2023.09.01 08:16:20 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2023.09.01 08:16:20 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2023.09.01 08:16:20 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2023.09.01 08:16:20 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2023.09.01 08:16:20 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]134.19.179.165:443 . 2023.09.01 08:16:20 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2023.09.01 08:16:20 - OpenVPN > UDP link local: (not bound) . 2023.09.01 08:16:20 - OpenVPN > UDP link remote: [AF_INET]134.19.179.165:443 . 2023.09.01 08:16:20 - OpenVPN > TLS: Initial packet from [AF_INET]134.19.179.165:443, sid=08d02f35 88076c32 . 2023.09.01 08:16:20 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2023.09.01 08:16:20 - OpenVPN > VERIFY KU OK . 2023.09.01 08:16:20 - OpenVPN > Validating certificate extended key usage . 2023.09.01 08:16:20 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2023.09.01 08:16:20 - OpenVPN > VERIFY EKU OK . 2023.09.01 08:16:20 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Melnick, emailAddress=info@airvpn.org . 2023.09.01 08:16:20 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 . 2023.09.01 08:16:20 - OpenVPN > [Melnick] Peer Connection Initiated with [AF_INET]134.19.179.165:443 . 2023.09.01 08:16:20 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.34.6.1,dhcp-option DNS6 fde6:7a:7d20:1e06::1,tun-ipv6,route-gateway 10.34.6.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1e06::1053/64 fde6:7a:7d20:1e06::1,ifconfig 10.34.6.85 255.255.255.0,peer-id 8,cipher AES-256-GCM' . 2023.09.01 08:16:20 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2023.09.01 08:16:20 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.34.6.1' . 2023.09.01 08:16:20 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:1e06::1' . 2023.09.01 08:16:20 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2023.09.01 08:16:20 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2023.09.01 08:16:20 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2023.09.01 08:16:20 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2023.09.01 08:16:20 - OpenVPN > OPTIONS IMPORT: peer-id set . 2023.09.01 08:16:20 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2023.09.01 08:16:20 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2023.09.01 08:16:20 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2023.09.01 08:16:20 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2023.09.01 08:16:20 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2023.09.01 08:16:20 - OpenVPN > interactive service msg_channel=0 . 2023.09.01 08:16:20 - OpenVPN > open_tun . 2023.09.01 08:16:20 - OpenVPN > wintun device [Eddie] opened . 2023.09.01 08:16:20 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ip set address 20 static 10.34.6.85 255.255.255.0 . 2023.09.01 08:16:20 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ip delete dns 20 all . 2023.09.01 08:16:20 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ip delete wins 20 all . 2023.09.01 08:16:20 - OpenVPN > IPv4 MTU set to 1500 on interface 20 using SetIpInterfaceEntry() . 2023.09.01 08:16:20 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set address 20------------------- store=active . 2023.09.01 08:16:20 - OpenVPN > add_route_ipv6(fde6:7a:7d20:1e06::/64 -> ----------------- metric 0) dev Eddie . 2023.09.01 08:16:20 - OpenVPN > C:\WINDOWS\system32\netsh.exe interface ipv6 add route f.------------------- store=active . 2023.09.01 08:16:20 - OpenVPN > env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem . 2023.09.01 08:16:20 - OpenVPN > NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 delete dns 20 all . 2023.09.01 08:16:20 - OpenVPN > IPv6 MTU set to 1500 on interface 20 using SetIpInterfaceEntry() . 2023.09.01 08:16:20 - OpenVPN > Initialization Sequence Completed . 2023.09.01 08:16:20 - Interface Eddie metric changed from Automatic to 3, layer IPv4 . 2023.09.01 08:16:20 - Interface Eddie metric changed from Automatic to 3, layer IPv6 . 2023.09.01 08:16:20 - DNS leak protection with packet filtering enabled. . 2023.09.01 08:16:21 - DNS IPv4 of a network adapter forced (Eddie, from automatic to ----------------------- . 2023.09.01 08:16:21 - DNS IPv6 of a network adapter forced (Eddie, from automatic to ----------------- . 2023.09.01 08:16:21 - DNS IPv4 of a network adapter forced (Ethernet 2, from manual (46.227.67.134, 192.165.9.158) to ------------) . 2023.09.01 08:16:21 - DNS IPv6 of a network adapter forced (Ethernet 2, from automatic to -------------------- . 2023.09.01 08:16:21 - Routes, add 0.0.0.0/1 for interface "Eddie (Wintun Userspace Tunnel #2)". . 2023.09.01 08:16:21 - Routes, add 128.0.0.0/1 for interface "Eddie (Wintun Userspace Tunnel #2)". . 2023.09.01 08:16:21 - Routes, add ::/1 for interface "Eddie (Wintun Userspace Tunnel #2)". . 2023.09.01 08:16:21 - Routes, add 8000::/1 for interface "Eddie (Wintun Userspace Tunnel #2)". . 2023.09.01 08:16:21 - Routes, add 134.19.179.163/32 for interface "Eddie (Wintun Userspace Tunnel #2)". . 2023.09.01 08:16:21 - Routes, add 2a00:1678:2470:eeee:2259:2a8b:386:4b98/128 for interface "Eddie (Wintun Userspace Tunnel #2)". . 2023.09.01 08:16:21 - Flushing DNS I 2023.09.01 08:16:21 - Checking route IPv4 I 2023.09.01 08:16:24 - Checking route IPv6 I 2023.09.01 08:16:25 - Checking DNS ! 2023.09.01 08:16:25 - Connected. . 2023.09.01 08:17:02 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #63523 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2023.09.01 08:17:02 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #63528 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2023.09.01 08:17:02 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #63529 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings Quote Share this post Link to post
OpenSourcerer 1361 Posted ... I've had this with DOCSIS on Vodafone Kabel Deutschland, too. Yes, this is the principal reason why it's slowing down. Packets are too far out of order, so OpenVPN assumes this might be a replay attack and drops those packets. One can calibrate the replay window to suit the connection better. The default is a window of 64 packets in 15 seconds which works for most but not all connection technologies. To calibrate this window, the verbosity can temporarily be increased to 4 (In Eddie, one can enter this in Preferences > OVPN directives): verb 4 When you connect and let it run for a bit while using the connection, you will see replay window backtrack occured [x] kind of messages when such an AEAD Decrypt error occurs. x indicates how far out of order a received packet is. Look at what its max value is over time, then set the replay window to that max plus maybe 5 or 10 (or round it to the next 10, or base 2, or whatever; basically, make it slightly higher than the max): replay-window x . 1 Stalinium reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
go558a83nk 352 Posted ... I think this can also be caused by MTU problems? Quote Share this post Link to post
OpenSourcerer 1361 Posted ... 2 minutes ago, go558a83nk said: I think this can also be caused by MTU problems? Wouldn't we have seen this with all packets, then? Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
1301 0 Posted ... (edited) On 9/1/2023 at 11:56 AM, OpenSourcerer said: I've had this with DOCSIS on Vodafone Kabel Deutschland, too. Yes, this is the principal reason why it's slowing down. Packets are too far out of order, so OpenVPN assumes this might be a replay attack and drops those packets. One can calibrate the replay window to suit the connection better. The default is a window of 64 packets in 15 seconds which works for most but not all connection technologies. To calibrate this window, the verbosity can temporarily be increased to 4 (In Eddie, one can enter this in Preferences > OVPN directives): verb 4 When you connect and let it run for a bit while using the connection, you will see replay window backtrack occured [x] kind of messages when such an AEAD Decrypt error occurs. x indicates how far out of order a received packet is. Look at what its max value is over time, then set the replay window to that max plus maybe 5 or 10 (or round it to the next 10, or base 2, or whatever; basically, make it slightly higher than the max): replay-window x . Well I set it to 30, 50, 100 it didn't change anything? I don't see any replay window backtrack occurred messages either. . 2023.09.22 11:47:04 - OpenVPN > Timers: ping 10, ping-restart 60 . 2023.09.22 11:47:04 - OpenVPN > Protocol options: explicit-exit-notify 5 . 2023.09.22 11:50:43 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #633650 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2023.09.22 11:50:43 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #633653 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2023.09.22 11:50:46 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #645985 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2023.09.22 11:56:21 - Above log line repeated 196 times more . 2023.09.22 11:56:21 - Collect information about AirVPN completed . 2023.09.22 11:56:29 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #1770836 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2023.09.22 11:56:29 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #1770837 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings . 2023.09.22 11:56:29 - OpenVPN > AEAD Decrypt error: bad packet ID (may be a replay): [ #1770838 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings The Problem is still sometimes i get the full download speed of 200 with the VPN but otherwise it's limited to around 50 Mbps, which I don't understand why. It's not related to the servers. My provider has every low Upload right now, around 5 Mbps. Could this somehow slow the download when the VPN is active? I mean I always get the full download of over 200Mbps if the VPN is disabled. I'm no expert so I honestly have no idea what the problem is here. Or if this VPN is just broken. Edited ... by 1301 Quote Share this post Link to post
Staff 9764 Posted ... Hello!@1301 It might be a virtual network interface MTU size related problem, try with the custom directive mssfix 1280, or switch to WireGuard and set MTU to 1280 bytes. In Eddie, you can set custom OpenVPN directives in "Preferences" > "OVPN Directive" window. Type "mssfix 1280" in the custom directives field, click "Save", and re-start a connection to apply the change. You might like to test a connection over WireGuard as well. If you run Eddie 2.23.x you can also set WireGuard's MTU size in "Preferences" > "WireGuard" window. Also make sure that both your router firmware and your physical network interface driver are up to date. A sustained UDP flow causes problems on some old network interface drivers as well as old router firmwares. Quote Wouldn't we have seen this with all packets, then? Possible, but it's not necessarily so, as some datagrams may fit in the frame other ones may not. Anyway from the log it's not clear whether all the packets had to be re-sent or not. Shrinking the MTU size is well worth a test. The following, however, makes the MTU size problem less likely, but not impossible anyway: Quote Problem is still sometimes i get the full download speed of 200 with the VPN but otherwise it's limited to around 50 Mbps, Kind regards Quote Share this post Link to post
OpenSourcerer 1361 Posted ... 8 hours ago, 1301 said: Well I set it to 30, 50, 100 it didn't change anything? I don't see any replay window backtrack occurred messages either. Indicating that the verbosity is not 4, otherwise there'd always be one additional log line per bad packet ID error. Please check whether you entered it correctly. Also indicating that 100 is too low a setting. You probably need 256 or even 512. Be advised, the default is 64, so 30 and 50 will make the problem, well, more of a problem. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Air4141841 23 Posted ... Been having this for a long time on opnsense with udp, entry point 3 tls crypt connections 3 Options error: Unrecognized option or missing or extra parameter(s) in /var/etc/openvpn/client3.conf:43: mssfix (2.6.5) is what I get when I try the suggested Quote Share this post Link to post
Not connected, Your IP: 18.220.1.239
Online: 23884 users - 298980 Mbit/s total BW