Project

General

Profile

Bug #3493

mute-replay-warnings doesn't appear to work

Added by B. Derman over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
02/27/2014
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.1
Affected Architecture:
i386

Description

Have the lines

mute-replay-warnings;
verb 1;

as entries in the OpenVPN Advanced Configuration box, but am still getting lots of messages like the following (only IPv4 in use)

Feb 25 13:50:34 openvpn61934: 209.121.225.198:8877 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1393365006) Tue Feb 25 13:50:06 2014 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

I believe the messages are actually due to the fact that neither iOS 7.0.6 nor 7.1b5 handle VPN on-demand processing properly when transitioning from WiFi to cellular. After multiple seconds worth of such failures, the server resets the connection and a successful connection follows. <sigh>

History

#1 Updated by Chris Buechler over 6 years ago

B. Derman - could you please update your email address to something that doesn't bounce? I get a slew of bounces from attempts to send to your email address. Can update it here:
https://redmine.pfsense.org/my/account

also FYI, the contact page on your website isn't usable as the captcha is broken.

#2 Updated by Chris Buechler over 6 years ago

  • Status changed from New to Feedback

mute-replay-warnings should work fine in general, if it doesn't, it's an issue in OpenVPN itself. I'm not aware of anything that can override that setting, if it's there, it should never log replay warnings. It's always worked when I've used it. Probably something you'll need to bring up on the OpenVPN forum to see if someone has an idea as to why that wouldn't work.

#3 Updated by B. Derman over 6 years ago

Re: ... please update your email address...
---
Done.

Re: ... the contact page on your website isn't usable as the captcha is broken.
---
Unless you happened to hit it one day when I was seeing what would happen if I made it even more aggressive (wasn't readable/usable), don't know what the issue would be as it gets lots of successful usage. If you have more detail, I'd be interested.

#4 Updated by Chris Buechler over 6 years ago

Thanks. The captcha image was only showing as a broken image when I tried, now it loads fine.

#5 Updated by Chris Buechler about 6 years ago

  • Status changed from Feedback to Closed

this does work, and any issues where it doesn't would be within OpenVPN itself.

Also available in: Atom PDF