Page 1 of 1

Can't connect to openvpn server from local client on LAN side

Posted: Mon Jan 14, 2019 6:17 pm
by cinergi2

I have an openvpn server running on my main Internet access router (a Ubiquiti Edgerouter). The VPN is configured in "tun" mode with its own private subnet ( separate from the LAN private subnet ( Connections from the public WAN side to the server's public IP address (which is also the router's address) work fine. However, I am unable to connect using the public IP address from the private LAN subnet. When I try, the openvpn server logs the following errors:

Code: Select all

Jan 13 18:25:05 edgerouter openvpn[1962]: TLS: Initial packet from [AF_INET], sid=fa90d598 b2db5c63
Jan 13 18:25:06 edgerouter openvpn[1962]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1547421905) Sun Jan 13 18:25:05 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 13 18:25:06 edgerouter openvpn[1962]: TLS Error: incoming packet authentication failed from [AF_INET]
At first I thought it might be a NAT loopback issue on my router, but pings to the server's public IP address work fine from the LAN side. Furthermore, the tls-auth packet is getting to the server, as shown by the above log. It seems that the TLS authentication doesn't like the packet for some reason.

Any ideas why this isn't working?