Jump to content


Photo

Getting continuous Authenticate/Decrypt spam in system log for ovpn-AirVPN


  • Please log in to reply
8 replies to this topic

#1 Zxurian

Zxurian

    Member

  • Members
  • PipPip
  • 16 posts

Posted 26 January 2014 - 03:26 AM

I get these continuously in my logs when airVPN is running off of My Linux Box

 

Jan 25 22:24:08 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3581996 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:08 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3583458 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3583851 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584118 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584803 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3584804 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585226 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585321 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585492 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:09 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3585850 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:10 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3586431 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:11 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3589445 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:12 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3590928 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:12 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3591293 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:13 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3593456 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3595875 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3596932 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:14 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3596951 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:15 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3599047 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:17 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3603267 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 25 22:24:19 xbmc ovpn-AirVPN[1289]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3607338 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
 
How can I stop this from happening as I think it's causing other issues due to the large amount of log file buildup.


#2 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 28 January 2014 - 12:15 PM

silence this warning with --mute-replay-warnings

 

This option should be there somewhere.

Or try another server, port or protocol.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#3 Zxurian

Zxurian

    Member

  • Members
  • PipPip
  • 16 posts

Posted 07 February 2014 - 06:04 PM

muting the warnings doesn't really solve the problem, just keeps it from showing up.

 

Do you know what's causing the issue?



#4 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 07 February 2014 - 10:15 PM

No, I'm unable to tell you what the problem is. Never had that one before but maybe TCP can solve this.

You could also try increasing the replay window.

--replay-window 64 20
(default is 64 15; if not working try 64 30)

(seen here)


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#5 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7792 posts

Posted 08 February 2014 - 01:14 AM

No, I'm unable to tell you what the problem is. Never had that one before but maybe TCP can solve this.
You could also try increasing the replay window.

--replay-window 64 20
(default is 64 15; if not working try 64 30)
(seen here)

Hello,

increasing the replay window may be a very bad idea if it is a real replay attack. Please see here https://airvpn.org/topic/3773-pls-help-strange-logs/#entry3784

Kind regards

#6 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 08 February 2014 - 01:39 PM

Hello,

increasing the replay window may be a very bad idea if it is a real replay attack. Please see here https://airvpn.org/topic/3773-pls-help-strange-logs/#entry3784

Kind regards

 

"The best solution to a problem is usually the easiest one."  - GLaDOS

And the easiest solution is changing the server, the port or the protocol, aye? It mustn't be a replay attack...

 

So, Mr. Zxurian, would you please just try out another server? Easiest things first.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#7 Zxurian

Zxurian

    Member

  • Members
  • PipPip
  • 16 posts

Posted 10 February 2014 - 12:17 AM

so I'm going through testing the various American servers.

 

so far, both Alkaid, & Andromedae both experience similar logs

Alkaid - http://pastebin.com/VBHizrZR

Andromedae - http://pastebin.com/RmqudLYt

 

granted, this is only from today for a few hours, but it doesn't look like it's specifically related to a particular server.



#8 giganerd

giganerd

    I shall have no title

  • Members2
  • PipPipPip
  • 2687 posts
  • LocationGermany

Posted 10 February 2014 - 11:30 AM

Are you using some sort of high latency internet connection such as Satellite? Or are you using WiFi to connect to the router? Both in connection with UDP can cause this.

 

Or maybe your ISP is doing something with the UDP traffic, something similar to a replay attack..


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#9 Zxurian

Zxurian

    Member

  • Members
  • PipPip
  • 16 posts

Posted 20 February 2014 - 03:21 PM

Nope.

 

Comcast connection (50d/15u supposedly)

Everything is connected wired

Modem -> Router -> Switch -> Box running OpenVPN

 

If Comcast is doing something with a replay attack (as I wouldn't put it past them), is there anyway that I can prove it so I can call them on it?

 

Are you using some sort of high latency internet connection such as Satellite? Or are you using WiFi to connect to the router? Both in connection with UDP can cause this.

 

Or maybe your ISP is doing something with the UDP traffic, something similar to a replay attack..







Similar Topics Collapse

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 15491 - BW: 66498 Mbit/sYour IP: 18.206.175.155Guest Access.