[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] Re-using SSL/TLS context: Bad encapsulated packet length

Subject: [Openvpn-users] Re-using SSL/TLS context: Bad encapsulated packet length
From: "Johnny Flash" <mopsko@xxxxxxxxx>
Date: Wed, 4 Apr 2007 23:56:09 +0200

Hi everybody,

I'm using an OpenVPN-Server behind a NAT-Box to connect to my home-LAN
when I'm away with my notebook. So far everything works fine. To be
able to connect even when I'm in very restrictive environments (read:
work, internet-cafe) I do a forwading of TCP port 80 to port 1194 from
my NAT-router to the vpn-server. This works alomst as expected. I get
those strange errors every few minutes in the log and I wonder what
they mean:

<snip>
Wed Apr  4 23:39:21 2007 Re-using SSL/TLS context
Wed Apr  4 23:39:21 2007 LZO compression initialized
Wed Apr  4 23:39:21 2007 TCP connection established with <WAN-IP>:52824
Wed Apr  4 23:39:21 2007 TCPv4_SERVER link local: [undef]
Wed Apr  4 23:39:21 2007 TCPv4_SERVER link remote: <WAN-IP>:52824
Wed Apr  4 23:39:21 2007 <WAN-IP>:52824 WARNING: Bad encapsulated
packet length from peer
 (18245), which must be > 0 and <= 1592 -- please ensure that
--tun-mtu or --link-mtu is equ
al on both peers -- this condition could also indicate a possible
active attack on the TCP l
ink -- [Attemping restart...]
Wed Apr  4 23:39:21 2007 <WAN-IP>:52824 Connection reset, restarting [0]
</snip>

Rarely I see the same with remote IPs different from my own <WAN-IP>
and I first thought this might be search-bots trying to connect to a
non-existent webserver. Seeing my own <WAN-IP> there puzzles me,
especially because this happens without ever having tried to connect
to the vpn (eg. after a restart). Is this normal behaviour and if so,
what exactly is going on there? Any help would be very much
appreciated. In case it is of any help, here's my server-conf:

local 10.0.70.100
port 1194
proto tcp
dev tap0
ca /etc/openvpn/newvpn/ca.crt
cert /etc/openvpn/newvpn/server.crt
key /etc/openvpn/newvpn/server.key
dh /etc/openvpn/newvpn/dh2048.pem
ifconfig-pool-persist /etc/openvpn/newvpn/ipp.txt
server-bridge 10.0.70.0 255.255.255.0 10.0.70.200 10.0.70.220
client-to-client
keepalive 10 45
tls-auth /etc/openvpn/newvpn/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
status          /var/log/openvpn/openvpn-status.log
log-append      /var/log/openvpn/openvpn.log
verb 1
mute 20

Systeminfo:
Ubuntu/dapper
Linux 2.6.15-28-686 #1 SMP PREEMPT Thu Feb 1 16:14:07 UTC 2007 i686 GNU/Linux
OpenVPN 2.0.6 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 10 2006

Please let me know if you need more information, I will gladly post it here :-)
Thanks in advance,

Andreas
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Prev by Date: [Openvpn-users] Authentication solution
Next by Date: Re: [Openvpn-users] Authentication solution
Previous by thread: Re: [Openvpn-users] Authentication solution
Next by thread: [Openvpn-users] problem with the tun/tap device
Index(es):
- Date
- Thread