PID_ERR replay / Authenticate/Decrypt packet error / AEAD Decrypt error

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
melodon-mann
OpenVpn Newbie
Posts: 1
Joined: Thu Sep 02, 2021 1:11 pm

PID_ERR replay / Authenticate/Decrypt packet error / AEAD Decrypt error

Post by melodon-mann » Thu Sep 02, 2021 1:20 pm

He Guys,

i am a bit frustrated by now.

These following errors appear randomly inside the OpenVPN Log
Not always the same Certificate not always the same time.
Thu Sep 2 15:08:46 2021 us=397438 Timo_Ziomkowski/217.229.186.192:47075 MULTI: bad source address from client [192.168.2.107], packet dropped
Thu Sep 2 15:06:58 2021 us=406801 185.66.195.54:52494 PID_ERR replay [1] [TLS_WRAP-0] [>>] 1630588000:2 1630588000:1 t=1630588018[0] r=[-1,64,15,1,1] sl=[62,2,64,528]
Thu Sep 2 15:06:58 2021 us=406896 185.66.195.54:52494 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1630588000) Thu Sep 2 15:06:40 2021 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Sep 2 15:06:53 2021 us=381305 185.66.195.54:52494 PID_ERR replay [1] [TLS_WRAP-0] [57] 1630588000:2 1630588000:1 t=1630588013[0] r=[-2,64,15,1,1] sl=[62,2,64,528]

Server Config:
local 10.30.0.5
port 48526
proto udp4
dev tun
ca ***
cert ***
key ***
extra-certs ***
dh ***
server 10.39.128.0 255.255.192.0 nopool
ifconfig-pool 10.39.129.0 10.39.191.250
ifconfig-pool-persist /var/log/openvpn/ipp.txt
keepalive 10 120
tls-auth ***
cipher AES-256-GCM
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
up /etc/openvpn/scripts/networking.sh
management localhost 6666
crl-verify /etc/openvpn/crl/crl.pem
auth-user-pass-verify "/etc/openvpn/scripts/openvpn_manager.py" via-file
script-security 2
tmp-dir /dev/shm
client-config-dir /etc/openvpn/client-config
client-connect "/etc/openvpn/scripts/openvpn_manager.py User_Login"
client-disconnect "/etc/openvpn/scripts/openvpn_manager.py User_Logout"
push "dhcp-option DNS 10.32.144.6"
push "dhcp-option DNS 10.32.144.5"
push "dhcp-option DOMAIN luedenscheid.de"
push "redirect-gateway def1 bypass-dhcp"
reneg-sec 43200
replay-persist replay_persist
tls-version-min 1.2
tls-cert-profile preferred
status-version 2
tun-mtu 1470
mssfix 1430
push "tun-mtu 1470"
push "mssfix 1430"
Client Config
client
dev tun
proto udp
remote **
remote ***
remote ***
port 48526
pull
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth-user-pass
auth-nocache
cipher AES-256-GCM
verb 3
reneg-sec 43200
key-direction 1
<tls-auth>
.
.
.
</key>

I dont know what to change and i cant get rid of this errors.

Greetings from Germany
Michel

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: PID_ERR replay / Authenticate/Decrypt packet error / AEAD Decrypt error

Post by TinCanTech » Thu Sep 02, 2021 3:14 pm

You can ignore them all .. you probably cannot fix any of them.

Post Reply