We are using openVPN several years ago with a growing number of clients. Right now, around ~30-40 clients.
We want to transfer to UDP protocol, we were only using TCP mode because our major vendor (Mikrotik) did not support UDP mode before.
I have configured a second openvpn server instance on different port, different subnet, changed it to udp mode. Clients can connect and traffic is basically working.
In the logs I can see a lot of warning about bad packet ID:
Code: Select all
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3939 ]
However, randomly 1-2 hour one of the clients (not one, but always 1 of all the clients, randomly) starts to spam the same log message rapidly:
Code: Select all
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #3939 ]
Also, right now the TCP VPN client is configured on some clients as well (next to the UDP client, with different settings / subnet) and it still works even the UDP client is not reachable.
Server config:
Server config
1
port 8194
2
proto udp
3
dev tun
4
ca ca.crt
5
cert vps-m02.crt
6
key vps-m02.key
7
dh dh.pem
8
topology subnet
9
server 172.16.8.0 255.255.248.0 nopool
10
management 0.0.0.0 7506
11
ifconfig-pool 172.16.15.1 172.16.15.254
12
ifconfig-pool-persist /var/log/openvpn/ipp.txt
13
client-config-dir ccd
14
route 10.0.0.0 255.255.0.0
15
route 10.1.0.0 255.255.255.252
16
push "route 10.0.0.0 255.255.0.0 172.16.8.1 10"
17
push "route 10.1.0.2 255.255.255.255 172.16.8.3"
18
keepalive 10 60
19
data-ciphers AES-256-CBC
20
auth SHA1
21
max-clients 100
22
user nobody
23
group nogroup
24
persist-key
25
persist-tun
26
status /var/log/openvpn/openvpn-status.log
27
log-append /var/log/openvpn/openvpn-udp.log
28
verb 1
29
explicit-exit-notify 0