I've discussed this with James, in his opinion it is not needed to be fixed in openvpn3 server side, since those duplicated packets are dropped anyway in openvpn2/3 clients. OpenVPN3 client doesn't display those errors but increments error counter, which is then dumped to log on disconnect. The problem is mostly with openvpn2 client, which displays those replay errors with very high verbosity levels:
#define D_REPLAY_ERRORS LOGLEV(1, 6, M_NONFATAL) /* show packet replay errors */ #define D_TLS_ERRORS LOGLEV(1, 3, M_NONFATAL) /* show TLS control channel errors */ The first one can be muted with --mute-replay-warnings, but we still have the second one. -- -Lev _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
