OpenVPN Message Authenticate/Decrypt packet error

hello everybody,

now and then i get a about 25 messages in ipfire /var/log/messages like this:

Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #144311 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

the vpn connection (road warrior) seems to works fine and the windows 2019 host (client) can reach the ipfire as well the other windows 2019 server behind the ipfire.

i googled a lot, but honestly i do not understand whats going wrong. some says that message can be ignored, other says this might be a security issue… does anyone have a explanation or a solution tipp for me?

thanks

Hi @xiam

Another reason for this type of message that I have found in my searches is related to an incorrect MTU size.
Have you changed the default MTU value in the OpenVPN server?
Are you using UDP or TCP for the protocol?

Hi @bonnietwin

the MTU size is set to 1400 (default value). So no I do not have changed the MTU size. At client side ovpn config the MTU size is set to 1400 too.

I am using UDP as protocol.

Then the MTU is not the cause of the messages you are getting.

Sorry, I don’t have any other ideas.
Hopefully others will have more ideas.

@bonnietwin thanks anyway for your help. I hope others can give me a hint

Take a look at Setting correct MTU for OpenVPN | Magento Hosting by Sonassi

Mine seems to work at 1460