pfSense OpenVPN Problem

enterprise973

New Member
Hallo,

seit einiger Zeit sehe ich öfters folgende Meldungen in den Logs des Routers:
Code:
May 9 12:08:36     openvpn     35879     PID_ERR replay-window backtrack occurred [1] [SSL-7] [0_00000000000000000000000000000000000000000000000000000000000000] 0:314 0:313 t=1589018916[0] r=[-1,64,15,1,1] sl=[6,64,64,528]
May 9 12:19:48     openvpn     35879     PID_ERR replay-window backtrack occurred [2] [SSL-7] [0__0000000000000000000000000011111111111111111111112222222222222] 0:34785 0:34783 t=1589019588[0] r=[-3,64,15,2,1] sl=[31,64,64,528]
May 9 12:50:44     openvpn     35879     PID_ERR replay-window backtrack occurred [4] [SSL-7] [0____00000000000000000000000000000000000000000000000000000000000] 0:78500 0:78496 t=1589021444[0] r=[-2,64,15,4,1] sl=[28,64,64,528]
May 9 12:50:44     openvpn     35879     PID_ERR replay-window backtrack occurred [9] [SSL-7] [0_________000000000000000000000000000000000000000000000000000000] 0:78511 0:78502 t=1589021444[0] r=[-2,64,15,9,1] sl=[17,64,64,528]
May 9 12:50:44     openvpn     35879     PID_ERR replay-window backtrack occurred [12] [SSL-7] [0___0________000000000000000000000000000000000000000000000000000] 0:78515 0:78503 t=1589021444[0] r=[-2,64,15,12,1] sl=[13,64,64,528]
May 9 12:50:44     openvpn     35879     PID_ERR replay-window backtrack occurred [16] [SSL-7] [0000___0_0___0___00000000000000000000000000000000000000000000000] 0:78524 0:78508 t=1589021444[0] r=[-2,64,15,16,1] sl=[4,64,64,528]
May 9 12:50:44     openvpn     35879     PID_ERR replay-window backtrack occurred [17] [SSL-7] [000000___0_0___0__0000000000000000000000000000000000000000000000] 0:78526 0:78509 t=1589021444[0] r=[-2,64,15,17,1] sl=[2,64,64,528]
May 9 13:07:05     openvpn     35879     TLS: soft reset sec=0 bytes=107876688/-1 pkts=138975/0
May 9 13:07:05     openvpn     35879     VERIFY OK: depth=1, C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
May 9 13:07:05     openvpn     35879     VERIFY OK: nsCertType=SERVER
May 9 13:07:05     openvpn     35879     VERIFY OK: depth=0, C=CH, ST=Zug, O=Perfect Privacy, CN=Server_frankfurt.perfect-privacy.com, emailAddress=admin@perfect-privacy.com
May 9 13:07:06     openvpn     35879     Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 9 13:07:06     openvpn     35879     Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
May 9 13:07:06     openvpn     35879     Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 9 13:07:06     openvpn     35879     Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
May 9 13:07:06     openvpn     35879     Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
May 9 13:17:14     openvpn     35879     PID_ERR replay-window backtrack occurred [1] [SSL-1] [0_00000000000000000000000000000000000000000000000000000000000000] 0:1263 0:1262 t=1589023034[0] r=[-3,64,15,1,1] sl=[17,64,64,528]
May 9 14:07:05     openvpn     35879     TLS: tls_process: killed expiring key
May 9 14:07:06     openvpn     35879     TLS: soft reset sec=0 bytes=8745980/-1 pkts=22944/0
May 9 14:07:06     openvpn     35879     VERIFY OK: depth=1, C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
May 9 14:07:06     openvpn     35879     VERIFY OK: nsCertType=SERVER
May 9 14:07:06     openvpn     35879     VERIFY OK: depth=0, C=CH, ST=Zug, O=Perfect Privacy, CN=Server_frankfurt.perfect-privacy.com, emailAddress=admin@perfect-privacy.com
May 9 14:07:07     openvpn     35879     Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 9 14:07:07     openvpn     35879     Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
May 9 14:07:07     openvpn     35879     Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 9 14:07:07     openvpn     35879     Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
May 9 14:07:07     openvpn     35879     Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
May 9 14:18:00     openvpn     35879     PID_ERR replay-window backtrack occurred [1] [SSL-2] [0_00000000000000000000000000000000000000000000000000111111111111] 0:1557 0:1556 t=1589026680[0] r=[-2,64,15,1,1] sl=[43,64,64,528]
May 9 15:07:06     openvpn     35879     TLS: tls_process: killed expiring key
May 9 15:07:07     openvpn     35879     TLS: soft reset sec=0 bytes=18519188/-1 pkts=32906/0
May 9 15:07:07     openvpn     35879     VERIFY OK: depth=1, C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
May 9 15:07:07     openvpn     35879     VERIFY OK: nsCertType=SERVER
May 9 15:07:07     openvpn     35879     VERIFY OK: depth=0, C=CH, ST=Zug, O=Perfect Privacy, CN=Server_frankfurt.perfect-privacy.com, emailAddress=admin@perfect-privacy.com
May 9 15:07:07     openvpn     35879     Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 9 15:07:07     openvpn     35879     Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
May 9 15:07:07     openvpn     35879     Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 9 15:07:07     openvpn     35879     Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
May 9 15:07:07     openvpn     35879     Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
May 9 15:21:12     openvpn     35879     PID_ERR replay-window backtrack occurred [1] [SSL-3] [0_11111111111111111111111111111111111111111111111111111111111111] 0:1824 0:1823 t=1589030472[0] r=[-2,64,15,1,1] sl=[32,64,64,528]
May 9 15:50:51     openvpn     35879     PID_ERR replay-window backtrack occurred [2] [SSL-3] [00_0000000000000000000000000000000000001111111111111222222222222] 0:7877 0:7875 t=1589032251[0] r=[-1,64,15,2,1] sl=[59,64,64,528]
May 9 16:07:07     openvpn     35879     TLS: soft reset sec=0 bytes=5032912/-1 pkts=18884/0
May 9 16:07:07     openvpn     35879     VERIFY OK: depth=1, C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
May 9 16:07:07     openvpn     35879     VERIFY OK: nsCertType=SERVER
May 9 16:07:07     openvpn     35879     VERIFY OK: depth=0, C=CH, ST=Zug, O=Perfect Privacy, CN=Server_frankfurt.perfect-privacy.com, emailAddress=admin@perfect-privacy.com
May 9 16:07:07     openvpn     35879     Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 9 16:07:07     openvpn     35879     Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
May 9 16:07:07     openvpn     35879     Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 9 16:07:07     openvpn     35879     Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
May 9 16:07:07     openvpn     35879     Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
May 9 16:08:46     openvpn     35879     PID_ERR replay-window backtrack occurred [4] [SSL-4] [0000_00000000000000000000000000000000000011111111111111112222223] 0:863 0:859 t=1589033326[0] r=[-4,64,15,4,1] sl=[33,64,64,528]
Als Folge ist die Geschwindigkeit langsamer und die temporäre Lösung ist, den Router neuzustarten. Wie könnte ich das dauerhaft lösen? Ich habe eure Anleitung für pfSense befolgt.
 
Top