--> Devnullius's Choices: A list of default programs to keep your PC running well!
0 Members and 1 Guest are viewing this topic.
Oh, Devvie, quick question, if I may dare to take advantage of your experience again... Have you ever got the "Authenticate/Decrypt packet error: bad packet ID (may be a replay)" error, but with tcp, not with udp? This is a bit odd and couldn't replicate it, so after digging a bit, all the cases seem to have been on udp, so it's a bit of a dead end. But still digging...Regards
P.S.I read, a lot of new stuff there, that we'll keep me and the customer busy for a while! He is in a university residence so tcp is the only open port he can use, he connects smoothly, he can browse, but the problem shows and he gets disconnected when downloading files. So I suspect the ISP packet fragmentation. For the rest of the questions, still waiting on the customer. I didn't know whether to jump in the forum or give you personally the info )
The logs show that either duplicate packets are being received or packets are arriving out of correct order. Seeing the last lines of the logs ("Replay-window backtrack occurred") the second option is more probable. If the problem was born only recently, maybe it is just a temporary peering issue between our servers and your ISP. Rarely it may also be a symptom of a defective Ethernet cable or network card, router issues or WiFi problems. Please try connections to VPN servers' TCP ports to mitigate the problem and also test different servers. Finally, just in case, if you have the chance, try to replace momentarily cable and router and if possible also the computer. Change only one item at a time to determine if the problem is in the hardware.
A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator (of course not in our case!!!) or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution. OpenVPN will reject correctly the fraudulent packets and no injection is possible. However the attack, if well organized, will slow down considerably your VPN connections. If your problem occurs on EVERY Air server, then it's extremely unlikely that you are the target of a replay attack, UNLESS your adversary has the ability to monitor your own ISP line.However, the "Authenticate/Decrypt packet error: bad packet ID (may be a replay)" log entries do really suggest a replay attack against you even before the connection to our servers. If this an attack, then the adversary is not attacking our servers in general, he/she is attacking you specifically.
Fix: Edit the config files.Launch OpenVPN. Do not connect to any server. Select a server and select edit config.Add the the following lines at the bottom:dhcp-option DISABLE-NBTdhcp-option DISABLE-NBTSAVE. Then now connect.That’s it!I also have experienced this problem, and now, I do not have any problem connecting to any VPN’s anymore. http://askhideki.com/fixing-vpn-on-globe-tattoo-broadband-connectivity-issues/
Change the settings to use Blowfish instead of AES and it will likely work fine. Routers use slightly different means to achieve AES from what the PIA servers expect. (The same is true of the normal OpenVPN client on a PC as opposed to the PIA client.)*Edit* And if you set your MTU to higher than 1500, set it to 1450 or so and see if that helps as well. Most systems cannot handle packets larger than 1500 and OpenVPN and several other things will expand packets beyond that quite often. The log says it is over 1500 so i should be changed anyway since this results in packet fragmentation that can and will break the connection.
oh man, plz help me understanding this, my routing knowledge is little to no... thx!p.s. when i finally got this, I want to address the constant "Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #961 ] " errors i get, already tried fragment 1300 mssfix but doesnt seem to help, although netalyzr said my mtu is 1376 and before that options it said that i cant send or receive fragmented packets. I suspect my provider messes with the udp packets..
I'd say it's Talktalk poisoning the link somehow. If PIA want help tracking it down, I'm more than happy to Wireshark it.
i tried to disable / enable internet connections while VPN is ON and it fixed the issue.I used this commandcmd /c wmic path win32_networkadapter where NetConnectionID="Local Area Connection" call disable && wmic path win32_networkadapter where NetConnectionID="Local Area Connection" call enable
It might be a faulty border gateway on the connection path, if so, it should be solved on its own. I dunno if his ISP has public info on the connection between different IXs. Here in Chile we can see some graphs because they are required by law.Last but not least, is the client behind NAT?
Still, if the user is behind NAT, it could be a NAT problem.
If your WAN IP is:10.x.x.x172.16.x.x => 172.32.x.x192.168.x.xThen you are NAT'd. This is private IP Address space, as defined in RFC 1918.
With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.
Terms of Use | Privacy Policy | Advertising