tls problems (tls-crypt unwrap error: packet replay - bad packet ID - ...)

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
SAliB
OpenVpn Newbie
Posts: 1
Joined: Sat Jun 18, 2022 10:25 am

tls problems (tls-crypt unwrap error: packet replay - bad packet ID - ...)

Post by SAliB » Sat Jun 18, 2022 10:35 am

hello
my openvpn server isn't working.

Code: Select all

# uname -a
Linux srv192111 5.4.0-120-generic #136-Ubuntu SMP Fri Jun 10 13:40:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Server

server conf:
server
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_mpElALbDFIeqtYR8.crt
key server_mpElALbDFIeqtYR8.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 4
duplicate-cn


server network:

Code: Select all

# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 154.91.170.35  netmask 255.255.255.0  broadcast 154.91.170.255
        inet6 fe80::89e:e7ff:fef7:7e5b  prefixlen 64  scopeid 0x20<link>
        ether 0a:9e:e7:f7:7e:5b  txqueuelen 1000  (Ethernet)
        RX packets 24686  bytes 2626992 (2.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14718  bytes 2260641 (2.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 118  bytes 9807 (9.8 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 118  bytes 9807 (9.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.8.0.1  netmask 255.255.255.0  destination 10.8.0.1
        inet6 fe80::34f4:b066:a071:885d  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 384 (384.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
server log when I try to connect:

Code: Select all

# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
     Loaded: loaded (/etc/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-06-18 12:34:09 CEST; 31s ago
       Docs: man:openvpn(8)
             https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
             https://community.openvpn.net/openvpn/wiki/HOWTO
   Main PID: 4254 (openvpn)
     Status: "Initialization Sequence Completed"
      Tasks: 1 (limit: 1131)
     Memory: 1.4M
     CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
             └─4254 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid

Jun 18 12:34:32 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: packet replay
Jun 18 12:34:32 srv192111 ovpn-server[4254]: 2.191.186.160:62700 TLS Error: tls-crypt unwrapping failed from [AF_INET]2.191.186.160:62700
Jun 18 12:34:33 srv192111 ovpn-server[4254]: 2.191.186.160:62700 PID_ERR replay [0] [TLS_WRAP-0] [4] 1655548467:1 1655548467:1 t=1655548473[0] r=[-4,64,15,0,1] sl=[63,1,64,528]
Jun 18 12:34:33 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: bad packet ID (may be a replay): [ #1 / time = (1655548467) Sat Jun 18 12:34:27 2022 ] -- see the man page entry for --no-replay and --replay-windo>
Jun 18 12:34:33 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: packet replay
Jun 18 12:34:33 srv192111 ovpn-server[4254]: 2.191.186.160:62700 TLS Error: tls-crypt unwrapping failed from [AF_INET]2.191.186.160:62700
Jun 18 12:34:34 srv192111 ovpn-server[4254]: 2.191.186.160:62700 PID_ERR replay [0] [TLS_WRAP-0] [5] 1655548467:1 1655548467:1 t=1655548474[0] r=[0,64,15,0,1] sl=[63,1,64,528]
Jun 18 12:34:34 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: bad packet ID (may be a replay): [ #1 / time = (1655548467) Sat Jun 18 12:34:27 2022 ] -- see the man page entry for --no-replay and --replay-windo>
Jun 18 12:34:34 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: packet replay
Jun 18 12:34:34 srv192111 ovpn-server[4254]: 2.191.186.160:62700 TLS Error: tls-crypt unwrapping failed from [AF_INET]2.191.186.160:62700

Client

client conf:
client
client
proto udp
explicit-exit-notify
remote HIDE 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_mpElALbDFIeqtYR8 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
HIDE
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
HIDE
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
HIDE
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
HIDE
-----END OpenVPN Static key V1-----
</tls-crypt>


plz help me

Have you taken any steps towards solving your issue?
yes
searched a lot and nothing found
Tried reinstalling multiple times but get the same error

Post Reply