Community discussions

 
Kraken2k
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

OpenVPN server and duplicate packets

Mon Sep 14, 2015 12:21 pm

I try to setup OpenVPN server at RB1100AHx2 with RouterOS v 6.32.1 (with public IPv4 address). I followed the wiki tutorial, but it still disconnects the client - on the other side, there is Synology NAS RS812. Certificates imported, trusted and all the stuff, but RB keep dropping the connection because of duplicate packets...

Any ideas, where is the problem?
Sep/14/2015 10:50:21 ovpn,info TCP connection established from <ip_hidden>
Sep/14/2015 10:50:21 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=a09ef5e2cdb2f6 pid=0 DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=14b65c26dabdb693 pid=0 DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_ACK kid=0 sid=a09ef5e2cdb2f6 [0 sid=14b65c26dabdb693] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=14b65c26dabdb693 [0 sid=a09ef5e2cdb2f6] pid=0 DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,error,,,,debug,l2tp,,warning,,,,,firewall,,,,debug duplicate packet, dropping
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=14b65c26dabdb693 pid=1 DATA len=100
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_ACK kid=0 sid=a09ef5e2cdb2f6 [1 sid=14b65c26dabdb693] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=14b65c26dabdb693 pid=2 DATA len=100
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_ACK kid=0 sid=a09ef5e2cdb2f6 [2 sid=14b65c26dabdb693] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=14b65c26dabdb693 pid=3 DATA len=1
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_ACK kid=0 sid=a09ef5e2cdb2f6 [3 sid=14b65c26dabdb693] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_CONTROL kid=0 sid=a09ef5e2cdb2f6 pid=1 DATA len=1400
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_CONTROL kid=0 sid=a09ef5e2cdb2f6 pid=2 DATA len=1400
Sep/14/2015 10:50:22 ovpn,debug,packet sent P_CONTROL kid=0 sid=a09ef5e2cdb2f6 pid=3 DATA len=547
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_ACK kid=0 sid=14b65c26dabdb693 [1 sid=a09ef5e2cdb2f6] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug,packet rcvd P_ACK kid=0 sid=14b65c26dabdb693 [2 sid=a09ef5e2cdb2f6] DATA len=0
Sep/14/2015 10:50:22 ovpn,debug <ip_hidden>: disconnected <peer disconnected>
Last edited by Kraken2k on Fri Oct 23, 2015 10:59 am, edited 1 time in total.
 
4artur
just joined
Posts: 2
Joined: Fri Oct 02, 2015 3:05 pm

Re: OpenVPN server and duplicate packets

Fri Oct 02, 2015 3:08 pm

I've got same problem, may be someone has a solution?
 
pmurdock
newbie
Posts: 32
Joined: Sun Jul 03, 2005 7:39 am
Location: Herriman, Utah
Contact:

Re: OpenVPN server and duplicate packets

Fri Oct 02, 2015 4:29 pm

I got Open VPN working

Couple things just to double check.

1) LZO compression off

2) tls-cipher DEFAULT option had to be set for my android clients
 
4artur
just joined
Posts: 2
Joined: Fri Oct 02, 2015 3:05 pm

Re: OpenVPN server and duplicate packets

Tue Oct 06, 2015 9:26 am

Nope, it doesn't help. Funny thing is it absolutely workable on android, but when i use same config file in windows 8.1 (just change tun/tap adapter type) is not working. May be some other ideas?
 
Kraken2k
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

Re: OpenVPN server and duplicate packets

Thu Oct 15, 2015 6:52 pm

After days of testing... I made it working!

The problem was not in the MikroTIK configuration, but on the Synology NAS ... and the "duplicate packet" error was not the blocking issue. So how to find out what's wrong...

Enabled SSH on Synology
logging in as a user root (with tha same password as admin) - I used WinSCP for this
navigate to OpenVPN config file in /usr/syno/etc/synovpnclient/openvpn directory
open config file "client_o*******" (stars stands for numbes that may vary)
adding "log openvpn.log" to the end of this file

after failed attempt to connect, there was an error line:
VERIFY ERROR: self signed certificate in certificate chain
Certificates issued by company CA, which use 3 tier PKI, so not only the OpenVPN server certificate need to be trusted but also the others in the trust chain - imported server certificate is trusted automatically and that's the reason why self-signed certificates works in this case, but certificates from multiple tier PKI are in trouble.

So... how to import those if there is no GUI for that in NAS? Fortunately, there is a way, which I had to use few weeks ago, when configuring VMware vCenter server certificates: all certificates need to be in a single file you import, so they are marked as trusted.

Synology uses Base64 encoded x.509 certificates by default. If you open the server/authority .cer file with certificate, you see:
-----BEGIN CERTIFICATE-----
(encoded certificate data)
-----END CERTIFICATE-----
I had three of those files: Root CA, Intermediate/Issuing CA and OpenVPN server certificates. The trick is that the engine will process all the certificates in one file, so just copy all the files into one and you have:
-----BEGIN CERTIFICATE-----
(encoded Root CA certificate data)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(encoded Intermediate/Issuing CA certificate data)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(encoded OpenVPN server certificate data)
-----END CERTIFICATE-----
Once imported into Synology NAS in OpenVPN client configuration, the verification error vanished from Synology openvpn.log and the OpenVPN client connects to MikroTIK router, even if the "duplicate packet dropping" error still stays in the log.
 
ibrahimzaaidh
just joined
Posts: 9
Joined: Wed Oct 21, 2015 11:54 pm

Re: OpenVPN server and duplicate packets

Wed Oct 21, 2015 11:58 pm

I want connect D-Link NAS to Mikrotik routerboard.
If you're technical team provide any solution or any link to a tutorial
that will help this problem it would be very helpful.
Thank You!
 
Kraken2k
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Wed Oct 01, 2014 1:50 pm
Location: Prague

Re: OpenVPN server and duplicate packets

Fri Oct 23, 2015 11:03 am

The OpenVPN settings for MikroTik is described on wiki page. It's not exactly easy to understand all steps, but in fact the settings itself is not that complicated.

IMHO the biggest problem with OpenVPN settings is handling keys and certificates, because the concept of this is often misunderstood.
 
suharich
just joined
Posts: 1
Joined: Thu Nov 26, 2015 10:18 am

Re: OpenVPN server and duplicate packets

Thu Nov 26, 2015 10:22 am

I had the same duplicate packet I figured out that is due to I have the same active connection in ovpn server. When I dropped it I was successfully connected to ovpn.

Hope it helps.
 
nezdeshniy
just joined
Posts: 3
Joined: Thu Jul 17, 2014 2:32 pm

Re: OpenVPN server and duplicate packets

Mon Dec 14, 2015 4:03 pm

We have CCR1016, after upgrade from 6.29 to 6.33.3 we have this error:
16:43:26 ovpn,info TCP connection established from xx.xx.xxx.x 
16:43:26 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=0b7ef2d0ca5a23d
0 pid=0 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=c9f147fa5b02c86
 pid=0 DATA len=0 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [0 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=c9f147fa5b02c86
 [0 sid=0b7ef2d0ca5a23d0] pid=0 DATA len=0 
[color=#FF0000]16:43:27 ovpn,debug,error duplicate packet, dropping[/color] 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=1 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [1 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=2 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [2 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=3 DATA len=93 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [3 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=1 DATA len=1400
 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=2 DATA len=1116
 
16:43:27 ovpn,debug,packet rcvd P_ACK kid=0 sid=c9f147fa5b02c86 [1 sid=0b7ef2d0ca5a23d0]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 [2 sid=0b7ef2d0ca5a2
3d0] pid=4 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [4 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=5 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [5 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=6 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [6 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=7 DATA len=18 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [7 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=3 DATA len=51 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 [3 sid=0b7ef2d0ca5a2
3d0] pid=8 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [8 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=9 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [9 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=10 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [10 sid=c9f147fa5b02c86
] DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=11 DATA len=76 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [11 sid=c9f147fa5b02c86
] DATA len=0 
16:43:27 ovpn,info : using encoding - AES-256-CBC/SHA1 
16:43:27 ovpn,info,account X@X logged in, 192.168.83.50 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=4 DATA len=227 
16:43:27 ovpn,debug,packet rcvd P_ACK kid=0 sid=c9f147fa5b02c86 [4 sid=0b7ef2d0ca5a23d0]
 DATA len=0 
16:43:27 ovpn,info <X@X>: connected
we dont see any trouble in ovpn, but we have a lot of this "ovpn,debug,error duplicate packet, dropping" in log.

Any idea?
 
nedeleav
just joined
Posts: 3
Joined: Sun Jan 17, 2016 1:45 am

Re: OpenVPN server and duplicate packets

Sun Jan 17, 2016 1:56 am

Hi all.

OpenVPN Error:
ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning: duplicate packet, dropping

V 6.33.5

and openvpn client shows only:
Sun Jan 17 01:39:38 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan 4 2016
Sun Jan 17 01:39:38 2016 Windows version 6.1 (Windows 7)
Sun Jan 17 01:39:38 2016 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Enter Management Password:
Sun Jan 17 01:39:38 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jan 17 01:39:38 2016 Need hold release from management interface, waiting...
Sun Jan 17 01:39:38 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jan 17 01:39:38 2016 MANAGEMENT: CMD 'state on'
Sun Jan 17 01:39:38 2016 MANAGEMENT: CMD 'log all on'
Sun Jan 17 01:39:38 2016 MANAGEMENT: CMD 'hold off'
Sun Jan 17 01:39:38 2016 MANAGEMENT: CMD 'hold release'
Sun Jan 17 01:39:38 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:39:38 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:39:38 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:39:38 2016 MANAGEMENT: >STATE:1452987578,TCP_CONNECT,,,
Sun Jan 17 01:39:39 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:39 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:39:39 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:39 2016 MANAGEMENT: >STATE:1452987579,WAIT,,,
Sun Jan 17 01:39:39 2016 MANAGEMENT: >STATE:1452987579,AUTH,,,
Sun Jan 17 01:39:39 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=6c910a9b 3d91168d
Sun Jan 17 01:39:45 2016 Connection reset, restarting [0]
Sun Jan 17 01:39:45 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:39:45 2016 MANAGEMENT: >STATE:1452987585,RECONNECTING,connection-reset,,
Sun Jan 17 01:39:45 2016 Restart pause, 5 second(s)
Sun Jan 17 01:39:50 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:39:50 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:39:50 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:39:50 2016 MANAGEMENT: >STATE:1452987590,TCP_CONNECT,,,
Sun Jan 17 01:39:51 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:51 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:39:51 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:51 2016 MANAGEMENT: >STATE:1452987591,WAIT,,,
Sun Jan 17 01:39:51 2016 MANAGEMENT: >STATE:1452987591,AUTH,,,
Sun Jan 17 01:39:51 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=3158d1da 23fa6449
Sun Jan 17 01:39:51 2016 Connection reset, restarting [0]
Sun Jan 17 01:39:51 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:39:51 2016 MANAGEMENT: >STATE:1452987591,RECONNECTING,connection-reset,,
Sun Jan 17 01:39:51 2016 Restart pause, 5 second(s)
Sun Jan 17 01:39:56 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:39:56 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:39:56 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:39:56 2016 MANAGEMENT: >STATE:1452987596,TCP_CONNECT,,,
Sun Jan 17 01:39:57 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:57 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:39:57 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:39:57 2016 MANAGEMENT: >STATE:1452987597,WAIT,,,
Sun Jan 17 01:39:57 2016 MANAGEMENT: >STATE:1452987597,AUTH,,,
Sun Jan 17 01:39:57 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=6ed3308f 8d22dedb
Sun Jan 17 01:39:58 2016 Connection reset, restarting [0]
Sun Jan 17 01:39:58 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:39:58 2016 MANAGEMENT: >STATE:1452987598,RECONNECTING,connection-reset,,
Sun Jan 17 01:39:58 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:03 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:03 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:03 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:03 2016 MANAGEMENT: >STATE:1452987603,TCP_CONNECT,,,
Sun Jan 17 01:40:04 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:04 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:04 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:04 2016 MANAGEMENT: >STATE:1452987604,WAIT,,,
Sun Jan 17 01:40:04 2016 MANAGEMENT: >STATE:1452987604,AUTH,,,
Sun Jan 17 01:40:05 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=849563e1 27d2ab93
Sun Jan 17 01:40:05 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:05 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:05 2016 MANAGEMENT: >STATE:1452987605,RECONNECTING,connection-reset,,
Sun Jan 17 01:40:05 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:10 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:10 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:10 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:10 2016 MANAGEMENT: >STATE:1452987610,TCP_CONNECT,,,
Sun Jan 17 01:40:11 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:11 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:11 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:11 2016 MANAGEMENT: >STATE:1452987611,WAIT,,,
Sun Jan 17 01:40:11 2016 MANAGEMENT: >STATE:1452987611,AUTH,,,
Sun Jan 17 01:40:11 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=63b52ea0 46442d78
Sun Jan 17 01:40:11 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:11 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:11 2016 MANAGEMENT: >STATE:1452987611,RECONNECTING,connection-reset,,
Sun Jan 17 01:40:11 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:16 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:16 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:16 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:16 2016 MANAGEMENT: >STATE:1452987616,TCP_CONNECT,,,
Sun Jan 17 01:40:17 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:17 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:17 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:17 2016 MANAGEMENT: >STATE:1452987617,WAIT,,,
Sun Jan 17 01:40:17 2016 MANAGEMENT: >STATE:1452987617,AUTH,,,
Sun Jan 17 01:40:17 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=9cfe52bf f9b60867
Sun Jan 17 01:40:17 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:17 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:17 2016 MANAGEMENT: >STATE:1452987617,RECONNECTING,connection-reset,,
Sun Jan 17 01:40:17 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:22 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:22 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:22 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:22 2016 MANAGEMENT: >STATE:1452987622,TCP_CONNECT,,,
Sun Jan 17 01:40:23 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:23 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:23 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:23 2016 MANAGEMENT: >STATE:1452987623,WAIT,,,
Sun Jan 17 01:40:23 2016 MANAGEMENT: >STATE:1452987623,AUTH,,,
Sun Jan 17 01:40:23 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=8938f616 5ad4f1de
Sun Jan 17 01:40:23 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:23 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:23 2016 MANAGEMENT: >STATE:1452987623,RECONNECTING,connection-reset,,
Sun Jan 17 01:40:23 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:29 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:29 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:29 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:29 2016 MANAGEMENT: >STATE:1452987629,TCP_CONNECT,,,
Sun Jan 17 01:40:30 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:30 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:30 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:30 2016 MANAGEMENT: >STATE:1452987630,WAIT,,,
Sun Jan 17 01:40:30 2016 MANAGEMENT: >STATE:1452987630,AUTH,,,
Sun Jan 17 01:40:30 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=6954bf90 266a238a
Sun Jan 17 01:40:30 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:30 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:30 2016 MANAGEMENT: >STATE:1452987630,RECONNECTING,connection-reset,,
Sun Jan 17 01:40:30 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:35 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:35 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:35 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:35 2016 MANAGEMENT: >STATE:1452987635,TCP_CONNECT,,,
Sun Jan 17 01:40:36 2016 TCP connection established with [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:36 2016 TCPv4_CLIENT link local: [undef]
Sun Jan 17 01:40:36 2016 TCPv4_CLIENT link remote: [AF_INET]xxx.x.x.x.x.x.:x
Sun Jan 17 01:40:36 2016 MANAGEMENT: >STATE:1452987636,WAIT,,,
Sun Jan 17 01:40:36 2016 MANAGEMENT: >STATE:1452987636,AUTH,,,
Sun Jan 17 01:40:36 2016 TLS: Initial packet from [AF_INET]xxx.x.x.x.x.x.:x, sid=1f512a66 9558de31
Sun Jan 17 01:40:36 2016 Connection reset, restarting [0]
Sun Jan 17 01:40:36 2016 SIGUSR1[soft,connection-reset] received, process restarting
Sun Jan 17 01:40:36 2016 MANAGEMENT: >STATE:1452987636,RECONNECTING,connection-reset,,
Sun Jan 17 01:40:36 2016 Restart pause, 5 second(s)
Sun Jan 17 01:40:41 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jan 17 01:40:41 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jan 17 01:40:41 2016 Attempting to establish TCP connection with [AF_INET]xxx.x.x.x.x.x.:x [nonblock]
Sun Jan 17 01:40:41 2016 MANAGEMENT: >STATE:1452987641,TCP_CONNECT,,,
Sun Jan 17 01:40:42 2016 SIGTERM[hard,init_instance] received, process exiting
Sun Jan 17 01:40:42 2016 MANAGEMENT: >STATE:1452987642,EXITING,init_instance,,




We have CCR1016, after upgrade from 6.29 to 6.33.3 we have this error:
16:43:26 ovpn,info TCP connection established from xx.xx.xxx.x 
16:43:26 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=0b7ef2d0ca5a23d
0 pid=0 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=c9f147fa5b02c86
 pid=0 DATA len=0 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [0 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=c9f147fa5b02c86
 [0 sid=0b7ef2d0ca5a23d0] pid=0 DATA len=0 
[color=#FF0000]16:43:27 ovpn,debug,error duplicate packet, dropping[/color] 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=1 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [1 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=2 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [2 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=3 DATA len=93 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [3 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=1 DATA len=1400
 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=2 DATA len=1116
 
16:43:27 ovpn,debug,packet rcvd P_ACK kid=0 sid=c9f147fa5b02c86 [1 sid=0b7ef2d0ca5a23d0]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 [2 sid=0b7ef2d0ca5a2
3d0] pid=4 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [4 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=5 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [5 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=6 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [6 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=7 DATA len=18 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [7 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=3 DATA len=51 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 [3 sid=0b7ef2d0ca5a2
3d0] pid=8 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [8 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=9 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [9 sid=c9f147fa5b02c86]
 DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=10 DATA len=100 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [10 sid=c9f147fa5b02c86
] DATA len=0 
16:43:27 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=c9f147fa5b02c86 pid=11 DATA len=76 
16:43:27 ovpn,debug,packet sent P_ACK kid=0 sid=0b7ef2d0ca5a23d0 [11 sid=c9f147fa5b02c86
] DATA len=0 
16:43:27 ovpn,info : using encoding - AES-256-CBC/SHA1 
16:43:27 ovpn,info,account X@X logged in, 192.168.83.50 
16:43:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=0b7ef2d0ca5a23d0 pid=4 DATA len=227 
16:43:27 ovpn,debug,packet rcvd P_ACK kid=0 sid=c9f147fa5b02c86 [4 sid=0b7ef2d0ca5a23d0]
 DATA len=0 
16:43:27 ovpn,info <X@X>: connected
we dont see any trouble in ovpn, but we have a lot of this "ovpn,debug,error duplicate packet, dropping" in log.

Any idea?
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: OpenVPN server and duplicate packets

Wed Dec 28, 2016 2:58 pm

I don't think that duplicating packets has anything with disconnecting. However, I can't connect using OpenVPN running on RouterOS. On client's side it keeps saying:
Connection reset, restarting [0]
SIGUSR1[soft,connection-reset] received, process restarting
I tried to sign certificate with crl-host and without, 4096 and 2048 key size and no difference.I am using RB433 and 6.37.3 (tried on 6.37.2 firstly). On client side I tried 2.4.0 and 2.3.10 on Windows 10 and other client based on linux OS.

I tried AES 256 but 192 or 128 neither do work.

Anybody?
 
mosesjohann
just joined
Posts: 5
Joined: Mon May 30, 2016 9:50 am

Re: OpenVPN server and duplicate packets

Tue Feb 07, 2017 2:01 pm

Has anybody resolved this? Still have the error in v6.38.1 - doesn't work with the Ubuntu nor the Windows Client. Thanks!
 
jr0dd
just joined
Posts: 2
Joined: Fri Feb 10, 2017 4:46 am

Re: OpenVPN server and duplicate packets

Fri Feb 10, 2017 3:44 pm

I'm having the same issue on my RB3011. My iphone connects fine. My MacBook will not at all. just get the duplicate packet errors flooding the log file. Frustrating. This is also with multiple client software to connect.
 
martinii
just joined
Posts: 1
Joined: Tue Feb 14, 2017 4:14 pm

Re: OpenVPN server and duplicate packets

Tue Feb 14, 2017 4:21 pm

I have the same problem. On Windows client it works but on Android clients (I tried 3 of them) I get
ovpn,debug,error,,,,debug,l2tp,,warning,,,,,firewall,,,,debug duplicate packet, dropping
 
mosesjohann
just joined
Posts: 5
Joined: Mon May 30, 2016 9:50 am

Re: OpenVPN server and duplicate packets

Thu Mar 30, 2017 12:48 pm

Hi there. I could solve the error but didn't know what I did. Just changed the userpassword and edited some configuration in there. After that it worked without the duplicate packet error. But now I have it again and tryed again to edit the user info but I dint't found out the point. Maybe thats a hint for somebody....
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: OpenVPN server and duplicate packets

Thu Mar 30, 2017 12:50 pm

I thought that was the problem in my case too, but now I can connect and these messages are popping up again. I stopped bothering...
 
spaxton
Member Candidate
Member Candidate
Posts: 168
Joined: Fri Jan 01, 2010 12:18 pm

Re: OpenVPN server and duplicate packets

Sat May 06, 2017 11:08 pm

I have the same problem with windows and android... Completely the same messages for both... Is this solved yet?


Best Regards!
 
gliepins
just joined
Posts: 4
Joined: Thu Mar 02, 2017 1:16 am

Re: OpenVPN server and duplicate packets

Thu Nov 02, 2017 7:45 pm

Yes, guys. problem was that under "secrets" there were duplicate entries of same username. Even being disabled at the time it had to be deleted for connection to succeed.
 
jimint
just joined
Posts: 10
Joined: Fri Aug 11, 2017 12:58 am

Re: OpenVPN server and duplicate packets

Sun Jan 21, 2018 8:32 am

Yes, guys. problem was that under "secrets" there were duplicate entries of same username. Even being disabled at the time it had to be deleted for connection to succeed.
It's not this solution for me. I have the same error. I connected with my android and everything ok but i get the same error to my log file.
 
sutrus
newbie
Posts: 27
Joined: Fri Jun 30, 2017 11:27 pm

Re: OpenVPN server and duplicate packets

Sun Jan 21, 2018 12:23 pm

# Silence  the output of replay warnings, which are a common false
# alarm on WiFi networks.  This option preserves the  security  of
# the replay protection code without the verbosity associated with
# warnings about duplicate packets.
mute-replay-warnings
 
ashoshin
just joined
Posts: 1
Joined: Wed Dec 11, 2013 12:43 pm

Re: OpenVPN server and duplicate packets

Wed Jun 06, 2018 1:21 pm

Check the only-one property in PPP Profile menu for the profile releated to your PPP Secret.
If you use Yes value change it to Default.

After that there will be second short OVPN connection and only one error string.
 
HeinoHomm
just joined
Posts: 1
Joined: Mon Nov 12, 2018 1:50 pm

Re: OpenVPN server and duplicate packets

Mon Jan 07, 2019 4:36 pm

Mikrotik log gives error:
ovpn,debug,error,l2tp,25032,54552,25032,27308,54212,25584,l2tp,info,25588,debug duplicate packet, dropping

I found solution for myself.
windows notepad mades OpenVPN files encoded UTF-8 BOM format.

OpenVPN config files should be encoded in UTF-8.
UTF-8 with BOM not working.
 
venomtver
just joined
Posts: 1
Joined: Fri Oct 18, 2019 12:23 pm

Re: OpenVPN server and duplicate packets

Fri Oct 18, 2019 12:32 pm

It seems i found the solution. First of all there was a problem
<remote peer uses tap encapsulation while we- tun> - so here you should change OVPN config file like
client
dev tun - here is that field
proto tcp/udp "and so on"
Then there was <unsupported cipher>
I googled that problem and found that it's here -> PPP/OVPN Server/cipher -> i marked all the kind of encryptions, even null.
After that, it started working. Not sure, if it's secure to use null, but it helped.
 
User avatar
plam40
newbie
Posts: 29
Joined: Tue Feb 21, 2006 1:27 pm
Location: Greece

Re: OpenVPN server and duplicate packets

Mon Oct 28, 2019 12:43 pm

SOLUTION : In my case issue was cause due to MTU being too big for the line ( the line had limit set ) - Try and lower the MTU on the client side :

tun-mtu 1300 ( you can go even lower depends on your case)

I suspect that with the MAX MTU there was packet fragmentation happening !

BR,
Plamen

Who is online

Users browsing this forum: No registered users and 104 guests