I have an openvpn server running on my main Internet access router (a Ubiquiti Edgerouter). The VPN is configured in "tun" mode with its own private subnet (10.10.66.0/24) separate from the LAN private subnet (10.10.65.0/24). Connections from the public WAN side to the server's public IP address (which is also the router's address) work fine. However, I am unable to connect using the public IP address from the private LAN subnet. When I try, the openvpn server logs the following errors:
At first I thought it might be a NAT loopback issue on my router, but pings to the server's public IP address work fine from the LAN side. Furthermore, the tls-auth packet is getting to the server, as shown by the above log. It seems that the TLS authentication doesn't like the packet for some reason.
Code: Select all
Jan 13 18:25:05 edgerouter openvpn: 10.10.65.142:54492 TLS: Initial packet from [AF_INET]10.10.65.142:54492, sid=fa90d598 b2db5c63 Jan 13 18:25:06 edgerouter openvpn: 10.10.65.142:54492 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1547421905) Sun Jan 13 18:25:05 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings Jan 13 18:25:06 edgerouter openvpn: 10.10.65.142:54492 TLS Error: incoming packet authentication failed from [AF_INET]10.10.65.142:54492
Any ideas why this isn't working?