AEAD Decrypt error:

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
scorpoin
OpenVpn Newbie
Posts: 17
Joined: Thu Jan 03, 2019 8:27 am

AEAD Decrypt error:

Post by scorpoin » Mon Oct 19, 2020 8:14 am

Hello to Community,

I observed some strange error messages while connected to my VPN server from windows 10,

Code: Select all

Mon Oct 19 12:35:38 2020 AEAD Decrypt error: bad packet ID (may be a replay): [ #6014 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
after that above error message client unable to brower any thing then I had to disconnect and reconnect the client . I'm using VPN tunnel as udp mode .

Regards

Scorpoin
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: AEAD Decrypt error:

Post by TinCanTech » Mon Oct 19, 2020 2:34 pm

Generally, you can ignore this message, if it only happens once in a while.

If you get a lot of problems with it then it usually indicates some network problem.
You can use --replay-window to adjust OpenVPN replay protection.
Top
scorpoin
OpenVpn Newbie
Posts: 17
Joined: Thu Jan 03, 2019 8:27 am

Re: AEAD Decrypt error:

Post by scorpoin » Wed Oct 21, 2020 4:52 am

Thanks @TinCatTech , do I need to apply this parameter in server.conf and client.conf file ?

Regards
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: AEAD Decrypt error:

Post by TinCanTech » Wed Oct 21, 2020 1:14 pm

scorpoin wrote:
Wed Oct 21, 2020 4:52 am
 do I need to apply this parameter in server.conf and client.conf file ?
Probably required at both ends ..
Top
pzi123
OpenVpn Newbie
Posts: 4
Joined: Tue Apr 04, 2017 6:01 pm

Re: AEAD Decrypt error:

Post by pzi123 » Fri Jan 31, 2025 1:01 am

What would be "some underlying network problem"? Out of the blue two nanopi arm64 openwrt 23.05.05 routers - quiet so far - pump this in `logread -f`- I hope this is not a CCP snooping :-): (BTW: the IPs below are fake for CCP)

Code: Select all

Thu Jan 30 17:55:06 2025 daemon.err openvpn(pzi3_2_pzi_net_server)[3939]: rt1.pzi3-1.pzi.net/74.56.70.250:44063 AEAD Decrypt error: bad packet ID (may be a replay): [ #747524 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Jan 30 17:55:06 2025 daemon.err openvpn(pzi3_2_pzi_net_server)[3939]: rt1.pzi3-1.pzi.net/74.56.70.250:44063 AEAD Decrypt error: bad packet ID (may be a replay): [ #747525 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Jan 30 17:55:06 2025 daemon.err openvpn(pzi3_2_pzi_net_server)[3939]: rt1.pzi3-1.pzi.net/74.56.70.250:44063 AEAD Decrypt error: bad packet ID (may be a replay): [ #747526 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Platform details:

Code: Select all

root@rt1:~$ uname -a
Linux rt1.pzi3-2.pzi.net 6.1.57 #1 SMP Mon Nov 11 17:11:56 MST 2024 aarch64 GNU/Linux
root@rt1:~$ cat /etc/os-release
NAME="OpenWrt"
VERSION="23.05.5"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt 23.05.5"
VERSION_ID="23.05.5"
HOME_URL="https://openwrt.org/"
BUG_URL="https://bugs.openwrt.org/"
SUPPORT_URL="https://forum.openwrt.org/"
BUILD_ID="r24106-10cc5fcd00"
OPENWRT_BOARD="rockchip/armv8"
OPENWRT_ARCH="aarch64_generic"
OPENWRT_TAINTS="busybox"
OPENWRT_DEVICE_MANUFACTURER="OpenWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="OpenWrt 23.05.5 r24106-10cc5fcd00"
Top
Post Reply

Return to “Configuration”