OpenVPN server and duplicate packets

I try to setup OpenVPN server at RB1100AHx2 with RouterOS v 6.32.1 (with public IPv4 address). I followed the wiki tutorial, but it still disconnects the client - on the other side, there is Synology NAS RS812. Certificates imported, trusted and all the stuff, but RB keep dropping the connection because of duplicate packets…

Any ideas, where is the problem?

Sep/14/2015 10:50:21 ovpn,info TCP connection established from <ip_hidden>
Sep/14/2015 10:50:21 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=a09ef5e2cdb2f6 pid=0 DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=14b65c26dabdb693 pid=0 DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_ACK kid=0 sid=a09ef5e2cdb2f6 [0 sid=14b65c26dabdb693] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=14b65c26dabdb693 [0 sid=a09ef5e2cdb2f6] pid=0 DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,error,debug,l2tp,warning,firewall,debug duplicate packet, dropping
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=14b65c26dabdb693 pid=1 DATA len=100
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_ACK kid=0 sid=a09ef5e2cdb2f6 [1 sid=14b65c26dabdb693] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=14b65c26dabdb693 pid=2 DATA len=100
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_ACK kid=0 sid=a09ef5e2cdb2f6 [2 sid=14b65c26dabdb693] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=14b65c26dabdb693 pid=3 DATA len=1
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_ACK kid=0 sid=a09ef5e2cdb2f6 [3 sid=14b65c26dabdb693] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_CONTROL kid=0 sid=a09ef5e2cdb2f6 pid=1 DATA len=1400
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_CONTROL kid=0 sid=a09ef5e2cdb2f6 pid=2 DATA len=1400
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_CONTROL kid=0 sid=a09ef5e2cdb2f6 pid=3 DATA len=547
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_ACK kid=0 sid=14b65c26dabdb693 [1 sid=a09ef5e2cdb2f6] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_ACK kid=0 sid=14b65c26dabdb693 [2 sid=a09ef5e2cdb2f6] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug <ip_hidden>: disconnected

I’ve got same problem, may be someone has a solution?

I got Open VPN working

Couple things just to double check.

1. LZO compression off

2. tls-cipher DEFAULT option had to be set for my android clients

Nope, it doesn’t help. Funny thing is it absolutely workable on android, but when i use same config file in windows 8.1 (just change tun/tap adapter type) is not working. May be some other ideas?

After days of testing… I made it working!

The problem was not in the MikroTIK configuration, but on the Synology NAS … and the “duplicate packet” error was not the blocking issue. So how to find out what’s wrong…

Enabled SSH on Synology
logging in as a user root (with tha same password as admin) - I used WinSCP for this
navigate to OpenVPN config file in /usr/syno/etc/synovpnclient/openvpn directory
open config file “client_o*******” (stars stands for numbes that may vary)
adding “log openvpn.log” to the end of this file

after failed attempt to connect, there was an error line:

VERIFY ERROR: self signed certificate in certificate chain

Certificates issued by company CA, which use 3 tier PKI, so not only the OpenVPN server certificate need to be trusted but also the others in the trust chain - imported server certificate is trusted automatically and that’s the reason why self-signed certificates works in this case, but certificates from multiple tier PKI are in trouble.

So… how to import those if there is no GUI for that in NAS? Fortunately, there is a way, which I had to use few weeks ago, when configuring VMware vCenter server certificates: all certificates need to be in a single file you import, so they are marked as trusted.

Synology uses Base64 encoded x.509 certificates by default. If you open the server/authority .cer file with certificate, you see:

-----BEGIN CERTIFICATE-----
(encoded certificate data)
-----END CERTIFICATE-----

I had three of those files: Root CA, Intermediate/Issuing CA and OpenVPN server certificates. The trick is that the engine will process all the certificates in one file, so just copy all the files into one and you have:

-----BEGIN CERTIFICATE-----
(encoded Root CA certificate data)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(encoded Intermediate/Issuing CA certificate data)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(encoded OpenVPN server certificate data)
-----END CERTIFICATE-----

Once imported into Synology NAS in OpenVPN client configuration, the verification error vanished from Synology openvpn.log and the OpenVPN client connects to MikroTIK router, even if the “duplicate packet dropping” error still stays in the log.

I want connect D-Link NAS to Mikrotik routerboard.
If you’re technical team provide any solution or any link to a tutorial
that will help this problem it would be very helpful.
Thank You!

The OpenVPN settings for MikroTik is described on wiki page. It’s not exactly easy to understand all steps, but in fact the settings itself is not that complicated.

IMHO the biggest problem with OpenVPN settings is handling keys and certificates, because the concept of this is often misunderstood.

I had the same duplicate packet I figured out that is due to I have the same active connection in ovpn server. When I dropped it I was successfully connected to ovpn.

Hope it helps.

We have CCR1016, after upgrade from 6.29 to 6.33.3 we have this error:

16:43:26 ovpn,info TCP connection established from xx.xx.xxx.x 
16:43:26 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=0b7ef2d0ca5a23d
0 pid=0 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=c9f147fa5b02c86
 pid=0 DATA len=0 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [0 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=c9f147fa5b02c86
 [0 sid=0b7ef2d0ca5a23d0] pid=0 DATA len=0 
[color=#FF0000]16:43:27 ovpn,debug,error duplicate packet, dropping[/color] 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=1 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [1 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=2 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [2 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=3 DATA len=93 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [3 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=1 DATA len=1400
 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=2 DATA len=1116
 
16:43:27 ovpn,debug,packet rcvd P_ACK kid=0 sid=c9f147fa5b02c86 [1 sid=0b7ef2d0ca5a23d0]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 [2 sid=0b7ef2d0ca5a2
3d0] pid=4 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [4 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=5 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [5 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=6 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [6 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=7 DATA len=18 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [7 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=3 DATA len=51 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 [3 sid=0b7ef2d0ca5a2
3d0] pid=8 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [8 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=9 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [9 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=10 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [10 sid=c9f147fa5b02c86
] DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=11 DATA len=76 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [11 sid=c9f147fa5b02c86
] DATA len=0 
16:43:27 ovpn,info : using encoding - AES-256-CBC/SHA1 
16:43:27 ovpn,info,account X@X logged in, 192.168.83.50 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=4 DATA len=227 
16:43:27 ovpn,debug,packet rcvd P_ACK kid=0 sid=c9f147fa5b02c86 [4 sid=0b7ef2d0ca5a23d0]
 DATA len=0 
16:43:27 ovpn,info <X@X>: connected

we dont see any trouble in ovpn, but we have a lot of this “ovpn,debug,error duplicate packet, dropping” in log.

Any idea?

Hi all.

OpenVPN Error:
ovpn,debug,error,l2tp,info,debug,critical,warning: duplicate packet, dropping

V 6.33.5

and openvpn client shows only:

Sun Jan 17 01:39:38 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan 4 2016
Sun Jan 17 01:39:38 2016 Windows version 6.1 (Windows 7)
Sun Jan 17 01:39:38 2016 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Enter Management Password:
Sun Jan 17 01:39:38 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jan 17 01:39:38 2016 Need hold release from management interface, waiting…
Sun Jan 17 01:39:38 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jan 17 01:39:38 2016 MANAGEMENT: CMD ‘state on’
Sun Jan 17 01:39:38 2016 MANAGEMENT: CMD ‘log all on’
Sun Jan 17 01:39:38 2016 MANAGEMENT: CMD ‘hold off’
Sun Jan 17 01:39:38 2016 MANAGEMENT: CMD ‘hold release’
Sun Jan 17 01:39:38 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:39:38 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:39:38 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:39:38 2016 MANAGEMENT: >STATE:1452987578,TCP_CONNECT,
Sun Jan 17 01:39:39 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:39 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:39:39 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:39 2016 MANAGEMENT: >STATE:1452987579,WAIT,
Sun Jan 17 01:39:39 2016 MANAGEMENT: >STATE:1452987579,AUTH,
Sun Jan 17 01:39:39 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=6c910a9b 3d91168d
Sun Jan 17 01:39:45 2016 Connection reset, restarting [0]
Sun Jan 17 01:39:45 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:39:45 2016 MANAGEMENT: >STATE:1452987585,RECONNECTING,connection-reset,
Sun Jan 17 01:39:45 2016 Restart pause, 5 second(s)
Sun Jan 17 01:39:50 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:39:50 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:39:50 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:39:50 2016 MANAGEMENT: >STATE:1452987590,TCP_CONNECT,
Sun Jan 17 01:39:51 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:51 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:39:51 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:51 2016 MANAGEMENT: >STATE:1452987591,WAIT,
Sun Jan 17 01:39:51 2016 MANAGEMENT: >STATE:1452987591,AUTH,
Sun Jan 17 01:39:51 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=3158d1da 23fa6449
Sun Jan 17 01:39:51 2016 Connection reset, restarting [0]
Sun Jan 17 01:39:51 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:39:51 2016 MANAGEMENT: >STATE:1452987591,RECONNECTING,connection-reset,
Sun Jan 17 01:39:51 2016 Restart pause, 5 second(s)
Sun Jan 17 01:39:56 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:39:56 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:39:56 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:39:56 2016 MANAGEMENT: >STATE:1452987596,TCP_CONNECT,
Sun Jan 17 01:39:57 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:57 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:39:57 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:57 2016 MANAGEMENT: >STATE:1452987597,WAIT,
Sun Jan 17 01:39:57 2016 MANAGEMENT: >STATE:1452987597,AUTH,
Sun Jan 17 01:39:57 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=6ed3308f 8d22dedb
Sun Jan 17 01:39:58 2016 Connection reset, restarting [0]
Sun Jan 17 01:39:58 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:39:58 2016 MANAGEMENT: >STATE:1452987598,RECONNECTING,connection-reset,
Sun Jan 17 01:39:58 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:03 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:03 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:03 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:03 2016 MANAGEMENT: >STATE:1452987603,TCP_CONNECT,
Sun Jan 17 01:40:04 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:04 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:04 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:04 2016 MANAGEMENT: >STATE:1452987604,WAIT,
Sun Jan 17 01:40:04 2016 MANAGEMENT: >STATE:1452987604,AUTH,
Sun Jan 17 01:40:05 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=849563e1 27d2ab93
Sun Jan 17 01:40:05 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:05 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:05 2016 MANAGEMENT: >STATE:1452987605,RECONNECTING,connection-reset,
Sun Jan 17 01:40:05 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:10 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:10 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:10 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:10 2016 MANAGEMENT: >STATE:1452987610,TCP_CONNECT,
Sun Jan 17 01:40:11 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:11 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:11 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:11 2016 MANAGEMENT: >STATE:1452987611,WAIT,
Sun Jan 17 01:40:11 2016 MANAGEMENT: >STATE:1452987611,AUTH,
Sun Jan 17 01:40:11 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=63b52ea0 46442d78
Sun Jan 17 01:40:11 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:11 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:11 2016 MANAGEMENT: >STATE:1452987611,RECONNECTING,connection-reset,
Sun Jan 17 01:40:11 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:16 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:16 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:16 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:16 2016 MANAGEMENT: >STATE:1452987616,TCP_CONNECT,
Sun Jan 17 01:40:17 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:17 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:17 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:17 2016 MANAGEMENT: >STATE:1452987617,WAIT,
Sun Jan 17 01:40:17 2016 MANAGEMENT: >STATE:1452987617,AUTH,
Sun Jan 17 01:40:17 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=9cfe52bf f9b60867
Sun Jan 17 01:40:17 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:17 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:17 2016 MANAGEMENT: >STATE:1452987617,RECONNECTING,connection-reset,
Sun Jan 17 01:40:17 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:22 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:22 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:22 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:22 2016 MANAGEMENT: >STATE:1452987622,TCP_CONNECT,
Sun Jan 17 01:40:23 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:23 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:23 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:23 2016 MANAGEMENT: >STATE:1452987623,WAIT,
Sun Jan 17 01:40:23 2016 MANAGEMENT: >STATE:1452987623,AUTH,
Sun Jan 17 01:40:23 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=8938f616 5ad4f1de
Sun Jan 17 01:40:23 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:23 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:23 2016 MANAGEMENT: >STATE:1452987623,RECONNECTING,connection-reset,
Sun Jan 17 01:40:23 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:29 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:29 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:29 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:29 2016 MANAGEMENT: >STATE:1452987629,TCP_CONNECT,
Sun Jan 17 01:40:30 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:30 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:30 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:30 2016 MANAGEMENT: >STATE:1452987630,WAIT,
Sun Jan 17 01:40:30 2016 MANAGEMENT: >STATE:1452987630,AUTH,
Sun Jan 17 01:40:30 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=6954bf90 266a238a
Sun Jan 17 01:40:30 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:30 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:30 2016 MANAGEMENT: >STATE:1452987630,RECONNECTING,connection-reset,
Sun Jan 17 01:40:30 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:35 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:35 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:35 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:35 2016 MANAGEMENT: >STATE:1452987635,TCP_CONNECT,
Sun Jan 17 01:40:36 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:36 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:36 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:36 2016 MANAGEMENT: >STATE:1452987636,WAIT,
Sun Jan 17 01:40:36 2016 MANAGEMENT: >STATE:1452987636,AUTH,
Sun Jan 17 01:40:36 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=1f512a66 9558de31
Sun Jan 17 01:40:36 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:36 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:36 2016 MANAGEMENT: >STATE:1452987636,RECONNECTING,connection-reset,
Sun Jan 17 01:40:36 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:41 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:41 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:41 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:41 2016 MANAGEMENT: >STATE:1452987641,TCP_CONNECT,
Sun Jan 17 01:40:42 2016 SIGTERM[hard,init_instance] received, process exiting
Sun Jan 17 01:40:42 2016 MANAGEMENT: >STATE:1452987642,EXITING,init_instance,

I don’t think that duplicating packets has anything with disconnecting. However, I can’t connect using OpenVPN running on RouterOS. On client’s side it keeps saying:

Connection reset, restarting [0]
SIGUSR1[soft,connection-reset] received, process restarting

I tried to sign certificate with crl-host and without, 4096 and 2048 key size and no difference.I am using RB433 and 6.37.3 (tried on 6.37.2 firstly). On client side I tried 2.4.0 and 2.3.10 on Windows 10 and other client based on linux OS.

I tried AES 256 but 192 or 128 neither do work.

Anybody?

Has anybody resolved this? Still have the error in v6.38.1 - doesn’t work with the Ubuntu nor the Windows Client. Thanks!

I’m having the same issue on my RB3011. My iphone connects fine. My MacBook will not at all. just get the duplicate packet errors flooding the log file. Frustrating. This is also with multiple client software to connect.

I have the same problem. On Windows client it works but on Android clients (I tried 3 of them) I get

ovpn,debug,error,,,,debug,l2tp,,warning,,,,,firewall,,,,debug duplicate packet, dropping

Hi there. I could solve the error but didn’t know what I did. Just changed the userpassword and edited some configuration in there. After that it worked without the duplicate packet error. But now I have it again and tryed again to edit the user info but I dint’t found out the point. Maybe thats a hint for somebody…

I thought that was the problem in my case too, but now I can connect and these messages are popping up again. I stopped bothering…

I have the same problem with windows and android… Completely the same messages for both… Is this solved yet?


Best Regards!

Yes, guys. problem was that under “secrets” there were duplicate entries of same username. Even being disabled at the time it had to be deleted for connection to succeed.

It’s not this solution for me. I have the same error. I connected with my android and everything ok but i get the same error to my log file.

# Silence  the output of replay warnings, which are a common false
# alarm on WiFi networks.  This option preserves the  security  of
# the replay protection code without the verbosity associated with
# warnings about duplicate packets.
mute-replay-warnings