HMAC Error due to wrong package order

1. We encountered a really strange behaviour with OpenVPN 2.3.6 on CentOS 5. A device of ours that is behind a SAT Link is having troubles getting through the buildup phase.
2. For some strange reason it sends the packages not in the right order.
3. Sometimes it works. But its pure chance and chance varies over the day.
4. We can rule out firewall or connection issues, as this wrong sent packet order (from client to server) (...15, 17, 16, 17...) is already present in the logs on client side.
5. If we switch to fiber connection everything is fine.
6. So for us it seems that some strange circumstance with the SAT Link connection triggers a Bug in OpenVpn and it sends one packge early.
7.  
8. So two questions:
9.  
10. 1) Why does the client send packet 17 two times and for the first time, too early?
11.  
12. 2) Why does the server not wait for the missing package and instead fails instantly with: "Authenticate/Decrypt packet error: packet HMAC authentication failed"?
13.  
14. Client Side: Notice PID series: 14, 15, 17, 16, 17, 18
15.  
16. ...
17. Apr 10 17:39:08 client openvpn[1300]: TCPv4_CLIENT WRITE [154] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #41 ] [ 39 ] pid=2 DATA len=100
18. Apr 10 17:39:08 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #42 ] [ ] pid=3 DATA len=100
19. Apr 10 17:39:08 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #43 ] [ ] pid=4 DATA len=100
20. Apr 10 17:39:08 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #44 ] [ ] pid=5 DATA len=100
21. Apr 10 17:39:09 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #45 ] [ ] pid=6 DATA len=100
22. Apr 10 17:39:10 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #46 ] [ ] pid=7 DATA len=100
23. Apr 10 17:39:10 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #47 ] [ ] pid=8 DATA len=100
24. Apr 10 17:39:10 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #48 ] [ ] pid=9 DATA len=100
25. Apr 10 17:39:10 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #49 ] [ ] pid=10 DATA len=100
26. Apr 10 17:39:11 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #50 ] [ ] pid=11 DATA len=100
27. Apr 10 17:39:11 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #51 ] [ ] pid=12 DATA len=100
28. Apr 10 17:39:11 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #52 ] [ ] pid=13 DATA len=100
29. Apr 10 17:39:12 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #53 ] [ ] pid=14 DATA len=100
30. Apr 10 17:39:12 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #54 ] [ ] pid=15 DATA len=100
31. Apr 10 17:39:13 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #55 ] [ ] pid=17 DATA len=100
32. Apr 10 17:39:13 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #56 ] [ ] pid=16 DATA len=100
33. Apr 10 17:39:13 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #57 ] [ ] pid=17 DATA len=100
34. Apr 10 17:39:13 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #58 ] [ ] pid=18 DATA len=100
35. Apr 10 17:39:14 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #59 ] [ ] pid=19 DATA len=100
36. Apr 10 17:39:20 client openvpn[1300]: TCPv4_CLIENT WRITE [42] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
37. Apr 10 17:39:20 client openvpn[1300]: TCPv4_CLIENT READ [54] from xxx.xxx.xxx.xxx:yyyy: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
38.  
39.  
40. Server side: Cancels on jump from PID=15 to 17
41.  
42. ...
43. Apr 10 19:39:09 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [154] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #41 ] [ 39 ] pid=2 DATA len=100
44. Apr 10 19:39:09 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #42 ] [ ] pid=3 DATA len=100
45. Apr 10 19:39:09 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #43 ] [ ] pid=4 DATA len=100
46. Apr 10 19:39:09 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #44 ] [ ] pid=5 DATA len=100
47. Apr 10 19:39:10 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #45 ] [ ] pid=6 DATA len=100
48. Apr 10 19:39:10 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #46 ] [ ] pid=7 DATA len=100
49. Apr 10 19:39:11 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #47 ] [ ] pid=8 DATA len=100
50. Apr 10 19:39:11 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #48 ] [ ] pid=9 DATA len=100
51. Apr 10 19:39:11 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #49 ] [ ] pid=10 DATA len=100
52. Apr 10 19:39:12 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #50 ] [ ] pid=11 DATA len=100
53. Apr 10 19:39:12 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #51 ] [ ] pid=12 DATA len=100
54. Apr 10 19:39:12 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #52 ] [ ] pid=13 DATA len=100
55. Apr 10 19:39:13 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #53 ] [ ] pid=14 DATA len=100
56. Apr 10 19:39:13 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #54 ] [ ] pid=15 DATA len=100
57. Apr 10 19:39:14 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #55 ] [ ] pid=17 DATA len=100
58. Apr 10 19:39:14 server openvpn[32482]: 192.168.19.253:48396 Authenticate/Decrypt packet error: packet HMAC authentication failed
59.  
60.  
61. Server Conf:
62.  
63. port yyyy
64. proto tcp
65. dev tun
66. ca ca.crt
67. tls-auth ta.key 0
68. cert ______________.com.crt
69. key ______________.com.key
70. dh dh2048.pem
71. server 172.20.0.0 255.255.0.0
72. client-config-dir clients
73. ifconfig-pool-persist ipp_server.txt
74. push "route 172.18.0.0 255.255.0.0"
75. keepalive 10 60
76. cipher AES-256-CBC
77. comp-lzo
78. max-clients 5000
79. user nobody
80. group nobody
81. persist-key
82. persist-tun
83. status status.log
84. verb 1
85.  
86.  
87. Client COnf:
88.  
89. client
90. dev tun0
91. proto tcp
92. remote xxx.xxx.xxx.xxx yyyy
93. resolv-retry infinite
94. persist-key
95. persist-tun
96. ca ca.crt
97. cert _________.crt
98. key _________.key
99. tls-auth ta.key 1
100. cipher AES-256-CBC
101. ns-cert-type server
102. verb 8