Hi,
On 02/03/17 15:40, debbie10t wrote:
> From this thread:
> https://forums.openvpn.net/viewtopic.php?f=6&t=23526&p=68435#p68421
>
> In the previous posts on that thread the OP had certificate errors
> (ssl3_get_server_certificate:certificate verify failed)
> but the OP appears to have managed to rectify that error ..
>
> This is openvpn on pfSense server to Fedora 25 client ovpn 2.3.14
>
> My question is, what does this mean:
> "TLS Error: Unroutable control packet received"
>
> Is it a network problem or is this something to do with security ?
>
>
this error is triggered when someone sends a "random" TLS control packet
to the server. Normally, when an OpenVPN connection is set up, security
parameters are negotiated. After that, packets coming from the client to
the server with the right encryption and security signature are accepted
and processed. If the server receives a packet for a client that it
does not know, then the above message is shown. In particular, it is
triggered by this code in ssl.c:
3563 /*
3564 * Packet must belong to an existing session.
3565 */
3566 if (i != TM_ACTIVE && i != TM_UNTRUSTED)
3567 {
3568 msg(D_TLS_ERRORS,
3569 "TLS Error: Unroutable control packet
received from %s (si=%d op=%s)",
3570 print_link_socket_actual(from, &gc),
3571 i,
3572 packet_opcode_name(op));
3573 goto error;
3574 }
Thus, it seems that a packet is received that is no longer associated
with a session .
The same applies to packets received by the client from the server.
HTH,
JJK
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
