OpenVPN error with phone connection

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
plawer
DD-WRT User


Joined: 11 Aug 2019
Posts: 156
PostPosted: Wed Feb 01, 2023 16:25    Post subject: OpenVPN error with phone connection Reply with quote
I have created a configuration for a friend. When I am on my home network, I can connect to his router and everything works just fine. When either of us uses the same configuration on our phones via 4g/5g, the server logs throw this error repeatedly and we are not able to connect. I have my phone client set up to only use IPv4 (and my provider is T-Mobile in the US/his is in Denmark). And when I connect with an almost identical profile to my own OpenVPN, it works just fine.

20230201 14:16:48 N x.x.x.x:58635 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1675261006) 2023-02-01 14:16:46 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
20230201 14:16:48 N x.x.x.x:58635 TLS Error: incoming packet authentication failed from [AF_INET]x.x.x.x:58635

Any suggestions_

The configuration file
Code:
client
dev tun
proto udp4
remote hostname port
nobind
persist-key
persist-tun
remote-cert-tls server
#auth-nocache
verb 4
float
tun-mtu 1400
auth SHA512
cipher AES-256-GCM
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
data-ciphers AES-256-GCM:AES-192-GCM:AES-256-CBC
tls-client
resolv-retry infinite
#redirect-gateway def1
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

_________________
Linksys: Several WRTxx00AC variations | Netgear: 4x WNDR4500v2, 7x WNDR4300, R6400v1 | Asus: 2x RT-AC66U | Gl.inet: 3x GL-AR150
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12882
Location: Netherlands
PostPosted: Wed Feb 01, 2023 16:45    Post subject: Reply with quote
Things to try:
Make sure you are not using IPv6 add:
Quote:
# to block IPv6 traffic necessary on newer clients
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
block-ipv6


Remove tls auth key and key direction to see if that is the culprit.

Use TCP instead of UDP

Lower MTU to 1280

Some cellular providers are IPv6 only nowadays, check with your phone if you get an IPv4 address.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum