Oct 14 16:33:51 openvpn 98052 UDPv4 READ [117] from [AF_INET] P_CONTROL_V1 kid=0 sid=dcfec650 503a08a2 tls_hmac=5ddfe7e1 f063d62a eabfff86 533524bc dc63fcdd 5f665903 6c76af3d f671a535 pid=[ #6 / time = (1571085231) Mon Oct 14 16:33:51 2019 ] [ 2 sid=25d2887f 1a4b6725 ] pid=5 DATA 14030300 01011603 0300288c 7c90fd1d

6. OpenVPN 6.1 Introduction SSLVPN is common name for a VPN implementation based on the SSL/TLS protocol suite. An SSLVPN is implemented as a module executing in the ease-to-use user-space context instead of the kernel ring of the operating system. Just for the sake of completeness, this was neither a networking/firewall issue nor OpenVPN configuration. Just some of the clients (connected via prepaid 3G) did not have enough balance The twist is that the outgoing packets from the client could reach the server, but the incoming packets from the server could not reach the client. I also tried this with viscosity. pfsense logs: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1534446687) Thu Aug 16 15:11:27 2018 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings Aug 16 15:11:27 openvpn 83547 TLS Error: incoming packet TLS payload ciphertext (n bytes) (only for P_CONTROL_V1). Note that when –tls-auth is used, all message types are protected with an HMAC signature, even the initial packets of the TLS handshake. This makes it easy for OpenVPN to throw away bogus packets quickly, without wasting resources on attempting a TLS handshake which will ultimately fail. I can't make an OpenVPN server work with the new easy-rsa 3.0 setup. Worked flawlessly in the past with the bundled 2.0-branch. Tried it on two separate host providers (one with a working legacy config). # uname -a Linux server-asia 3.13

CVE-2017-7478: Proof of Concept Code for the OpenVPN Pre-Authentication DoS Vulnerability - dos_server.py

# OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). ca ca.crt cert server.crt key server.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh2048.pem 2048 dh dh2048.pem # Network topology # Should be subnet (addressing via IP) Michael Michael Lo schrieb: > Hi Erich, > > Thanks for you response. The problem could be due to a netgear router at > her home location. I've experienced the same problem when I had a netgear > router. > > This does not explain why when two openvpn users are traveling that the same > user with an issue cannot browse the Internet when she is connected to the > VPN, while another user can. Apr 11 12:14:24 client openvpn[10121]: TCPv4_CLIENT WRITE [114] to [AF_INET]xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100 Apr 11 12:14:24 client openvpn[10121]: ACK reliable_can_send active=4 current=0 : [16] 14 15 12 13 Apr 11 12:14:24 client openvpn[10121]: ACK output sequence broken: [16] 14 15 12 13

IPCop Firewall Linux firewall distribution geared towards home and SOHO users.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm in the middle of re-configuring my OpenVPN (which died due to a server crash). I have the Server configured and all the certs/keys built for my clients. I have successfully set up a tunnel between the server and my DD-WRT enabled router, a Linksys NSLU2 and also a VPS. Tue Apr 7 16:44:04 2020 us=988966 / UDPv4 READ [96] from [AF_INET]: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=6 DATA len=42 Tue Apr 7 16:44:04 2020 us=989052 / PUSH: Received control message: 'PUSH_REQUEST' Tue Apr 7 16:44:04 2020 us=989117 / SENT CONTROL []: 'PUSH_REPLY,route 172.16 Prepend a one-byte OpenVPN data channel P_DATA_V1 opcode to the packet. More void tls_prepend_opcode_v2 (const struct tls_multi *multi, struct buffer *buf) Prepend an OpenVPN data channel P_DATA_V2 header to the packet. More void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf) Perform some accounting for the key state used