View difference between Paste ID: <a href="/7m7vkKnN">7m7vkKnN</a> and <a href="/tHPPsfYK">tHPPsfYK</a>

We encountered a really strange behaviour with OpenVPN 2.3.6 on CentOS 5. A device of ours that is behind a SAT Link is having troubles getting through the buildup phase.
1		We encountered a really strange behaviour with OpenVPN 2.3.6 on CentOS 5. A device of ours that is behind a SAT Link is having troubles getting through the buildup phase.
2		For some strange reason it sends the packages not in the right order.
3		Sometimes it works. But its pure chance and chance varies over the day.
4		We can rule out firewall or connection issues, as this wrong sent packet order (from client to server) (...15, 17, 16, 17...) is already present in the logs on client side.
5		If we switch to fiber connection everything is fine.
6		So for us it seems that some strange circumstance with the SAT Link connection triggers a Bug in OpenVpn and it sends one packge early.
7
8		So two questions:
9
10		1) Why does the client send packet 17 two times and for the first time, too early?
11
12		2) Why does the server not wait for the missing package and instead fails instantly with: "Authenticate/Decrypt packet error: packet HMAC authentication failed"?
13
14		Client Side: Notice PID series: 14, 15, 17, 16, 17, 18
15
16		...
17		Apr 10 17:39:08 client openvpn[1300]: TCPv4_CLIENT WRITE [154] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #41 ] [ 39 ] pid=2 DATA len=100
18		Apr 10 17:39:08 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #42 ] [ ] pid=3 DATA len=100
19		Apr 10 17:39:08 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #43 ] [ ] pid=4 DATA len=100
20		Apr 10 17:39:08 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #44 ] [ ] pid=5 DATA len=100
21		Apr 10 17:39:09 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #45 ] [ ] pid=6 DATA len=100
22		Apr 10 17:39:10 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #46 ] [ ] pid=7 DATA len=100
23		Apr 10 17:39:10 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #47 ] [ ] pid=8 DATA len=100
24		Apr 10 17:39:10 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #48 ] [ ] pid=9 DATA len=100
25		Apr 10 17:39:10 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #49 ] [ ] pid=10 DATA len=100
26		Apr 10 17:39:11 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #50 ] [ ] pid=11 DATA len=100
27		Apr 10 17:39:11 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #51 ] [ ] pid=12 DATA len=100
28		Apr 10 17:39:11 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #52 ] [ ] pid=13 DATA len=100
29		Apr 10 17:39:12 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #53 ] [ ] pid=14 DATA len=100
30		Apr 10 17:39:12 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #54 ] [ ] pid=15 DATA len=100
31		Apr 10 17:39:13 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #55 ] [ ] pid=17 DATA len=100
32		Apr 10 17:39:13 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #56 ] [ ] pid=16 DATA len=100
33		Apr 10 17:39:13 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #57 ] [ ] pid=17 DATA len=100
34		Apr 10 17:39:13 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #58 ] [ ] pid=18 DATA len=100
35		Apr 10 17:39:14 client openvpn[1300]: TCPv4_CLIENT WRITE [142] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_V1 kid=0 pid=[ #59 ] [ ] pid=19 DATA len=100
36		Apr 10 17:39:20 client openvpn[1300]: TCPv4_CLIENT WRITE [42] to xxx.xxx.xxx.xxx:yyyy: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
37		Apr 10 17:39:20 client openvpn[1300]: TCPv4_CLIENT READ [54] from xxx.xxx.xxx.xxx:yyyy: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
38
39
40		Server side: Cancels on jump from PID=15 to 17
41
42		...
43		Apr 10 19:39:09 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [154] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #41 ] [ 39 ] pid=2 DATA len=100
44		Apr 10 19:39:09 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #42 ] [ ] pid=3 DATA len=100
45		Apr 10 19:39:09 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #43 ] [ ] pid=4 DATA len=100
46		Apr 10 19:39:09 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #44 ] [ ] pid=5 DATA len=100
47		Apr 10 19:39:10 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #45 ] [ ] pid=6 DATA len=100
48		Apr 10 19:39:10 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #46 ] [ ] pid=7 DATA len=100
49		Apr 10 19:39:11 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #47 ] [ ] pid=8 DATA len=100
50		Apr 10 19:39:11 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #48 ] [ ] pid=9 DATA len=100
51		Apr 10 19:39:11 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #49 ] [ ] pid=10 DATA len=100
52		Apr 10 19:39:12 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #50 ] [ ] pid=11 DATA len=100
53		Apr 10 19:39:12 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #51 ] [ ] pid=12 DATA len=100
54		Apr 10 19:39:12 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #52 ] [ ] pid=13 DATA len=100
55		Apr 10 19:39:13 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #53 ] [ ] pid=14 DATA len=100
56		Apr 10 19:39:13 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #54 ] [ ] pid=15 DATA len=100
57		Apr 10 19:39:14 server openvpn[32482]: 192.168.19.253:48396 TCPv4_SERVER READ [142] from 192.168.19.253:48396: P_CONTROL_V1 kid=0 pid=[ #55 ] [ ] pid=17 DATA len=100
58		Apr 10 19:39:14 server openvpn[32482]: 192.168.19.253:48396 Authenticate/Decrypt packet error: packet HMAC authentication failed
59
60
61		Server Conf:
62
63		port yyyy
64		proto tcp
65		dev tun
66		ca ca.crt
67		tls-auth ta.key 0
68		cert ______________.com.crt
69		key ______________.com.key
70		dh dh2048.pem
71		server 172.20.0.0 255.255.0.0
72		client-config-dir clients
73		ifconfig-pool-persist ipp_server.txt
74		push "route 172.18.0.0 255.255.0.0"
75		keepalive 10 60
76		cipher AES-256-CBC
77		comp-lzo
78		max-clients 5000
79		user nobody
80		group nobody
81		persist-key
82		persist-tun
83		status status.log
84		verb 1
85
86
87		Client COnf:
88
89		client
90		dev tun0
91		proto tcp
92		remote xxx.xxx.xxx.xxx yyyy
93		resolv-retry infinite
94		persist-key
95		persist-tun
96		ca ca.crt
97		cert _________.crt
98		key _________.key
99		tls-auth ta.key 1
100		cipher AES-256-CBC
101		ns-cert-type server
102		verb 8