strange error in openvpn log

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
scorpoin
OpenVpn Newbie
Posts: 8
Joined: Thu Jan 03, 2019 8:27 am

strange error in openvpn log

Post by scorpoin » Tue Jun 02, 2020 11:07 am

Hello to Community,

I've configured openvpn on centos 8 . openvpn port is set to tcp protocol and port 443 . When I connect from client it does conencted with server . But I observer following message in my openvpn log file. I configure my client on linksys router.

Code: Select all

linksys/x.x.x.x.:20891 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Server config

port 443
proto tcp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
server 10.10.10.0 255.255.255.0
mode server
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
#client-config-dir /etc/openvpn/ccd # for fixed ip assigning for client
#ifconfig-pool-persist /etc/openvpn/ipp.txt #log previous ip of cliemt
tls-auth /etc/openvpn/server/ta.key 0 # This file is secret
auth SHA256
key-direction 0
#cipher AES-256-CBC
explicit-exit-notify 0
cipher AES-256-GCM
client-to-client
#duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 4
mute 20



Client config

client
dev tun
proto tcp
remote x.x.x.x 443 #This is serve IP
resolv-retry infinite
nobind
#duplicate-cn # it allows duplicate connections
persist-key
persist-tun
cipher AES-256-GCM
auth SHA256
remote-cert-tls server
key-direction 1
comp-lzo
auth-nocache
verb 3
tls-auth /etc/openvpn/grouter_client_ta.key 1
ca /etc/openvpn/grouter_client_ca.crt
cert/etc/openvpn/grouter_client_client.cert


How to fix this error message .

Regards
Scorpoin
Last edited by Pippin on Tue Jun 02, 2020 2:03 pm, edited 1 time in total.
Reason: Formatting

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7342
Joined: Fri Jun 03, 2016 1:17 pm

Re: strange error in openvpn log

Post by TinCanTech » Tue Jun 02, 2020 12:21 pm

Try adding this to your server config:

Code: Select all

tcp-queue-limit 256
For details see --tcp-queue-limit in the manual.

scorpoin
OpenVpn Newbie
Posts: 8
Joined: Thu Jan 03, 2019 8:27 am

Re: strange error in openvpn log

Post by scorpoin » Sat Jun 06, 2020 10:48 am

now I don't get that drop message but instead a new drop message

Code: Select all

linksys/x.x.x.x:55804 MBUF: mbuf packet dropped
linksys/x.x.x.x:55804 MBUF: mbuf packet dropped
linksys/103.205.176.217:55804 NOTE: --mute triggered...
now what could be the issue I've added tcp-queue-limit 256 in server.conf

Regards

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7342
Joined: Fri Jun 03, 2016 1:17 pm

Re: strange error in openvpn log

Post by TinCanTech » Sat Jun 06, 2020 11:18 am

Try setting --sndbuf and --rcvbuf .. see the manual for details.

scorpoin
OpenVpn Newbie
Posts: 8
Joined: Thu Jan 03, 2019 8:27 am

Re: strange error in openvpn log

Post by scorpoin » Tue Jun 09, 2020 6:54 am

Ive added followding into server.conf

Code: Select all

tcp-queue-limit 256
sndbuf 0
rcvbuf 0
tun-mtu 1400
mssfix 1360

Code: Select all

WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1527 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7342
Joined: Fri Jun 03, 2016 1:17 pm

Re: strange error in openvpn log

Post by TinCanTech » Tue Jun 09, 2020 11:08 am

scorpoin wrote:
Tue Jun 09, 2020 6:54 am
Ive added followding into server.conf
Why ?

scorpoin
OpenVpn Newbie
Posts: 8
Joined: Thu Jan 03, 2019 8:27 am

Re: strange error in openvpn log

Post by scorpoin » Thu Jun 11, 2020 9:23 am

TinCanTech wrote:
Tue Jun 09, 2020 11:08 am
scorpoin wrote:
Tue Jun 09, 2020 6:54 am
Ive added followding into server.conf
Why ?
To over come the of following

Code: Select all

linksys/x.x.x.x:55804 MBUF: mbuf packet dropped
linksys/x.x.x.x:55804 MBUF: mbuf packet dropped
linksys/103.205.176.217:55804 NOTE: --mute triggered...
But in logs I still see following warning

Code: Select all

WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1527 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Regards

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7342
Joined: Fri Jun 03, 2016 1:17 pm

Re: strange error in openvpn log

Post by TinCanTech » Thu Jun 11, 2020 11:47 am

Try this in your server config:

Code: Select all

tcp-queue-limit 256
sndbuf 327680
rcvbuf 327680
# tun-mtu 1400
# mssfix 1360
txqueuelen 256
socket-flags TCP_NODELAY
push "socket-flags TCP_NODELAY"

Post Reply