DD-WRT VPN Router Dropping PIA VPN Connection

cubs2016cubs2016
in Other Devices VPN Setup
I'm a relative VPN and DD-WRT amateur.  I've set up a Netgear R7000 as a VPN router in my home.  I set up the PIA VPN on the router exactly as specified by PIA through DD-WRT.  It works great, except for this dropped connection issue I am experiencing.

I don't have a specific length of uptime or anything, but almost every time I connect my laptop to the VPN router, the VPN is not working.  To get the VPN to reconnect, all I need to do is go into the DD-WRT VPN settings and click "Apply Settings" and it immediately reconnects to the VPN and works properly pretty much as long as I need to use it.  But after downtime, it must disconnect from the VPN (which in turn begins to use my ISP ip address).

Is there any solution so that I do not need to go into these settings basically every time I want to use the VPN?  

Comments

  • Max-PMax-P
    There must be some error that caused OpenVPN to disconnect on the router.

    Before reconnecting the VPN, can you copy and paste us the logs from the Status->OpenVPN section of DD-WRT? That way it should tell us exactly why it disconnected so we can address that directly.
  • cubs2016cubs2016
    Thanks for the response.  When it is disconnected, it is completely blank in the "status-openvpn" section.  
  • RobinHood345RobinHood345
    I have exactly the same problem - the VPN client disconnects every day and reconnects fine when manually enabling it again. No idea why this keeps happening every day as the settings are correct and there aren't any error messages other than "authentication problem" - but when I connect manually it works so not sure what the authentication problem is...

    Any help to keep the VPN running (or reconnecting automatically) would be much appreciated, thank you.
  • Max-PMax-P
    there aren't any error messages other than "authentication problem" - but when I connect manually it works so not sure what the authentication problem is...
    Try adding
    pull-filter ignore "auth-token"

    to your Additional options section for the VPN in DD-WRT. That one typically takes care of the authentication errors.
  • cubs2016cubs2016
    I don't know anything about authentication errors, but here is my log as of right now, has been up and working since yesterday evening.  Let me know if anything looks off, I believe I set it up properly exact to PIA specifications.  Thanks.
    -----------------------------
    Clientlog: 
    20180125 16:17:36 10 variation(s) on previous 3 message(s) suppressed by --mute 
    20180125 16:17:36 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180125 16:17:36 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180125 16:17:36 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 16:17:36 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180125 16:17:36 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 16:17:36 NOTE: --mute triggered... 
    20180125 17:17:36 10 variation(s) on previous 3 message(s) suppressed by --mute 
    20180125 17:17:36 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180125 17:17:36 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180125 17:17:36 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 17:17:36 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180125 17:17:36 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 17:17:36 NOTE: --mute triggered... 
    20180125 18:17:36 9 variation(s) on previous 3 message(s) suppressed by --mute 
    20180125 18:17:36 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180125 18:17:36 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180125 18:17:36 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 18:17:36 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180125 18:17:36 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 18:17:36 NOTE: --mute triggered... 
    20180125 19:17:36 9 variation(s) on previous 3 message(s) suppressed by --mute 
    20180125 19:17:36 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180125 19:17:36 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180125 19:17:36 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 19:17:36 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180125 19:17:36 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 19:17:36 NOTE: --mute triggered... 
    20180125 20:17:37 9 variation(s) on previous 3 message(s) suppressed by --mute 
    20180125 20:17:37 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180125 20:17:37 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180125 20:17:37 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 20:17:37 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180125 20:17:37 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 20:17:37 NOTE: --mute triggered... 
    20180125 21:17:37 10 variation(s) on previous 3 message(s) suppressed by --mute 
    20180125 21:17:37 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180125 21:17:37 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180125 21:17:37 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 21:17:37 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180125 21:17:37 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 21:17:37 NOTE: --mute triggered... 
    20180125 22:17:37 9 variation(s) on previous 3 message(s) suppressed by --mute 
    20180125 22:17:37 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180125 22:17:37 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180125 22:17:37 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 22:17:37 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180125 22:17:37 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 22:17:37 NOTE: --mute triggered... 
    20180125 23:17:38 9 variation(s) on previous 3 message(s) suppressed by --mute 
    20180125 23:17:38 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180125 23:17:38 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180125 23:17:38 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 23:17:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180125 23:17:38 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180125 23:17:38 NOTE: --mute triggered... 
    20180126 00:17:38 10 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 00:17:38 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180126 00:17:38 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180126 00:17:38 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 00:17:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180126 00:17:38 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 00:17:38 NOTE: --mute triggered... 
    20180126 01:17:38 9 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 01:17:38 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180126 01:17:38 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180126 01:17:38 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 01:17:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180126 01:17:38 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 01:17:38 NOTE: --mute triggered... 
    20180126 01:18:40 2 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'state' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'state' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'state' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'status 2' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'log 500' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'state' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'state' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'state' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'status 2' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'log 500' 
    19700101 01:00:00 
  • cubs2016cubs2016
    I actually just snagged this log immediately before it dropped the VPN connection, hopefully this shows something. I can tell when it is dropping the VPN as the Internet stops working for about 30 seconds, then starts working again, but my new IP address is that of my service provider:

    Clientlog: 
    20180126 00:17:38 10 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 00:17:38 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180126 00:17:38 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180126 00:17:38 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 00:17:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180126 00:17:38 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 00:17:38 NOTE: --mute triggered... 
    20180126 01:17:38 9 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 01:17:38 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180126 01:17:38 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180126 01:17:38 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 01:17:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180126 01:17:38 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 01:17:38 NOTE: --mute triggered... 
    20180126 01:18:40 2 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'state' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'state' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'state' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'status 2' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:18:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:18:40 D MANAGEMENT: CMD 'log 500' 
    20180126 01:18:40 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'state' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'state' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'state' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'status 2' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:24:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 01:24:03 D MANAGEMENT: CMD 'log 500' 
    20180126 01:24:03 MANAGEMENT: Client disconnected 
    20180126 01:26:30 N write UDPv4: Message too large (code=90) 
    20180126 01:26:31 N write UDPv4: Message too large (code=90) 
    20180126 01:26:32 N write UDPv4: Message too large (code=90) 
    20180126 01:26:34 NOTE: --mute triggered... 
    20180126 02:17:38 78 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 02:17:38 TLS: soft reset sec=0 bytes=1271154881/-1 pkts=1940160/0 
    20180126 02:17:38 VERIFY OK: depth=1 C=US ST=CA L=LosAngeles O=Private Internet Access OU=Private Internet Access CN=Private Internet Access name=Private Internet Access [email protected] 
    20180126 02:17:38 VERIFY KU OK 
    20180126 02:17:38 NOTE: --mute triggered... 
    20180126 02:17:38 4 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 02:17:38 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180126 02:17:38 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180126 02:17:38 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 02:17:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180126 02:17:38 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 02:17:38 NOTE: --mute triggered... 
    20180126 02:17:38 2 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 02:17:38 N write UDPv4: Message too large (code=90) 
    20180126 02:17:39 N write UDPv4: Message too large (code=90) 
    20180126 02:17:40 N write UDPv4: Message too large (code=90) 
    20180126 02:17:42 NOTE: --mute triggered... 
    20180126 03:17:38 34 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 03:17:38 TLS: soft reset sec=0 bytes=1303673029/-1 pkts=1675954/0 
    20180126 03:17:38 VERIFY OK: depth=1 C=US ST=CA L=LosAngeles O=Private Internet Access OU=Private Internet Access CN=Private Internet Access name=Private Internet Access [email protected] 
    20180126 03:17:38 VERIFY KU OK 
    20180126 03:17:38 NOTE: --mute triggered... 
    20180126 03:17:39 4 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 03:17:39 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180126 03:17:39 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180126 03:17:39 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 03:17:39 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180126 03:17:39 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 03:17:39 NOTE: --mute triggered... 
    20180126 04:17:40 10 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 04:17:40 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1558' remote='link-mtu 1542' 
    20180126 04:17:40 W WARNING: 'cipher' is used inconsistently local='cipher AES-128-CBC' remote='cipher BF-CBC' 
    20180126 04:17:40 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 04:17:40 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180126 04:17:40 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180126 04:17:40 NOTE: --mute triggered... 
    20180126 05:12:15 2 variation(s) on previous 3 message(s) suppressed by --mute 
    20180126 05:12:15 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 05:12:15 D MANAGEMENT: CMD 'state' 
    20180126 05:12:15 MANAGEMENT: Client disconnected 
    20180126 05:12:15 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 05:12:15 D MANAGEMENT: CMD 'state' 
    20180126 05:12:15 MANAGEMENT: Client disconnected 
    20180126 05:12:15 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 05:12:15 D MANAGEMENT: CMD 'state' 
    20180126 05:12:15 MANAGEMENT: Client disconnected 
    20180126 05:12:15 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 05:12:15 D MANAGEMENT: CMD 'status 2' 
    20180126 05:12:15 MANAGEMENT: Client disconnected 
    20180126 05:12:15 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180126 05:12:15 D MANAGEMENT: CMD 'log 500' 
    19700101 01:00:00 
  • Max-PMax-P
    @cubs2016 Thanks for those logs, the second one is pretty useful!

    20180126 02:17:38 N write UDPv4: Message too large (code=90) 
    20180126 02:17:39 N write UDPv4: Message too large (code=90) 
    20180126 02:17:40 N write UDPv4: Message too large (code=90) 

    So these seems to be the root cause of your disconnections. This error means that some packets sent to the VPN once encapsulated and compressed don't fit your Internet connection.

    You should be able to avoid this by lowering the MTU of the VPN tunnel. Go to Services->VPN on your router and set the "Tunnel MTU setting" to 1400 for the OpenVPN Client. This will make the VPN send smaller messages at a time so that everything should fit.
  • cubs2016cubs2016
    Thanks, I'll give this a shot and see if it fixes the issue.
  • cubs2016cubs2016
    Changing the Tunnel MTU setting did not fix the issue sadly.

    Here is another log:

    Clientlog: 
    20180209 04:57:38 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 
    20180209 04:57:38 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key 
    20180209 04:57:38 NOTE: --mute triggered... 
    20180209 04:57:38 1 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 04:57:38 I TUN/TAP device tun1 opened 
    20180209 04:57:38 TUN/TAP TX queue length set to 100 
    20180209 04:57:38 D do_ifconfig tt->did_ifconfig_ipv6_setup=0 
    20180209 04:57:38 I /sbin/ifconfig tun1 10.92.10.6 pointopoint 10.92.10.5 mtu 1500 
    20180209 04:57:38 /sbin/route add -net 108.61.228.94 netmask 255.255.255.255 gw 192.168.1.1 
    20180209 04:57:38 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.92.10.5 
    20180209 04:57:38 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.92.10.5 
    20180209 04:57:38 /sbin/route add -net 10.92.10.1 netmask 255.255.255.255 gw 10.92.10.5 
    20180209 04:57:40 I Initialization Sequence Completed 
    20180209 05:00:01 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #83704 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:00:12 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #98754 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:00:12 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #98755 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:00:12 NOTE: --mute triggered... 
    20180209 05:00:32 56 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:00:32 N write UDPv4: Message too large (code=90) 
    20180209 05:00:33 N write UDPv4: Message too large (code=90) 
    20180209 05:00:34 N write UDPv4: Message too large (code=90) 
    20180209 05:00:36 NOTE: --mute triggered... 
    20180209 05:02:21 19 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:02:21 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #268579 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:21 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #268580 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:21 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #268581 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:21 NOTE: --mute triggered... 
    20180209 05:02:39 95 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:02:39 N write UDPv4: Message too large (code=90) 
    20180209 05:02:39 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #293784 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:39 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #293785 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:39 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #293786 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:39 NOTE: --mute triggered... 
    20180209 05:02:41 16 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:02:41 N write UDPv4: Message too large (code=90) 
    20180209 05:02:41 N write UDPv4: Message too large (code=90) 
    20180209 05:02:42 N write UDPv4: Message too large (code=90) 
    20180209 05:02:42 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #298160 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:42 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #298167 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:42 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #298168 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:44 N write UDPv4: Message too large (code=90) 
    20180209 05:02:48 N write UDPv4: Message too large (code=90) 
    20180209 05:02:48 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #306516 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:48 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #306517 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:48 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #306518 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:02:48 NOTE: --mute triggered... 
    20180209 05:03:14 64 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:03:14 N write UDPv4: Message too large (code=90) 
    20180209 05:03:14 N write UDPv4: Message too large (code=90) 
    20180209 05:03:15 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #346845 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:03:15 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #346846 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:03:15 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #346847 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:03:15 NOTE: --mute triggered... 
    20180209 05:03:16 172 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:03:16 N write UDPv4: Message too large (code=90) 
    20180209 05:03:17 N write UDPv4: Message too large (code=90) 
    20180209 05:03:17 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #349710 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:03:17 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #349712 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:03:17 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #349747 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:03:17 NOTE: --mute triggered... 
    20180209 05:03:21 195 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:03:21 N write UDPv4: Message too large (code=90) 
    20180209 05:03:31 N write UDPv4: Message too large (code=90) 
    20180209 05:03:50 N write UDPv4: Message too large (code=90) 
    20180209 05:04:53 NOTE: --mute triggered... 
    20180209 05:10:57 65 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:10:57 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #882996 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:10:57 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #882997 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:10:57 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #882998 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:10:57 NOTE: --mute triggered... 
    20180209 05:11:17 93 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:11:17 N write UDPv4: Message too large (code=90) 
    20180209 05:11:18 N write UDPv4: Message too large (code=90) 
    20180209 05:11:18 N write UDPv4: Message too large (code=90) 
    20180209 05:11:19 NOTE: --mute triggered... 
    20180209 05:24:05 101 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:24:05 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2271022 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:24:05 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2271023 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:24:05 N Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2271024 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
    20180209 05:24:05 NOTE: --mute triggered... 
    20180209 05:25:03 99 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:25:03 N write UDPv4: Message too large (code=90) 
    20180209 05:25:06 N write UDPv4: Message too large (code=90) 
    20180209 05:25:07 N write UDPv4: Message too large (code=90) 
    20180209 05:25:08 NOTE: --mute triggered... 
    20180209 05:30:30 46 variation(s) on previous 3 message(s) suppressed by --mute 
    20180209 05:30:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180209 05:30:30 D MANAGEMENT: CMD 'state' 
    20180209 05:30:30 MANAGEMENT: Client disconnected 
    20180209 05:30:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180209 05:30:30 D MANAGEMENT: CMD 'state' 
    20180209 05:30:30 MANAGEMENT: Client disconnected 
    20180209 05:30:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180209 05:30:30 D MANAGEMENT: CMD 'state' 
    20180209 05:30:30 MANAGEMENT: Client disconnected 
    20180209 05:30:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180209 05:30:30 D MANAGEMENT: CMD 'status 2' 
    20180209 05:30:30 MANAGEMENT: Client disconnected 
    20180209 05:30:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
    20180209 05:30:30 D MANAGEMENT: CMD 'log 500' 
    19700101 01:00:00 
  • Max-PMax-P
    The errors are still pretty clear about it still being an issue sadly :/
    20180209 05:11:17 N write UDPv4: Message too large (code=90) 
    20180209 05:11:18 N write UDPv4: Message too large (code=90) 
    20180209 05:11:18 N write UDPv4: Message too large (code=90) 

    Can you try adding
    mssfix 1250
    fragment 1400

    To your additional configuration section as well as lower the MTU again down to 1250 this time? If we still get "Message too large" errors after that, something is really not working well as we'll have both restricted the maximum size and told OpenVPN to fragment packets itself at 1400.

    It's a bit more aggressive but at least we'll know for sure if that's the issue or if it fixes anything - we can then work our way back up to find the optimal values.
Sign In or Register to comment.