I have done some fresh searching on this issue and also read through the replay sections of the openvpn man page.
Every time a packet is sent by the tls-auth process that authenticates the openvpn control channel a unique ID is assigned to that packet.
If OpenVPN receives a packet with the same ID as one already received then it drops the new packet as it considers that that packet is being replayed and this could be due to a MITM (Man In The Middle) attack.
So the messages are indicating that those replayed packets have been dropped. So from that point of view security is maintained because if a MITM attack is being attempted then those attempts are just dropped.
Any MITM attack via the tls-auth, even if it was successful, would then need to find a way to decrypt the data channel traffic.
According to the OpenVPN man page replay warnings are also a common false alarm on wifi networks.
Apparently some router systems on the internet do not follow the requirements of not resending any packet that has been received by the next hop. so those systems can end up resending packets that have already been received and if those are openvpn tls-auth packets then the ID will be duplicated and will trigger the action to drop the packet and give you the log message.
I suspect that this was what you experienced.
When you tried with your neighbours connection then the route was a different one and not using systems that resend already received packets.
When you rebooted your IPFire then the connection with your ISP will have been re-made and any existing routing tables they had cached would have been renewed and now not using systems on the internet that resend already received packets.
I can’t be 100% certain of the above but the two reasons I found for getting those messages are
- MITM attack being attempted but all attempts dropped by openvpn
- Poorly configured Routers on the internet resending packets that have already been received.
which are covered by the above.
The positive thin g is that the messages are telling you that you have been protected because the duplicate packets have been dropped.