Re: [Openvpn-users] "PID_ERR large diff" messages

[Steffan Karger]

Hi.

On 16-03-2021 11:44, Ralf Hildebrandt wrote:
> I noticed these in my logcheck output. Should I wory?
> 
> Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: 
> ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [66] [SSL-0] 
> [000000000000___000000000000_________00000000011111111___________] 0:627607 
> 0:627541 t=1615815597[0] r=[-2,64,15,66,1] sl=[41,64,64,528]
> Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: 
> ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [70] [SSL-0] 
> [00000000000000000___000000000000_________00000000011111111______] 0:627612 
> 0:627542 t=1615815597[0] r=[-2,64,15,70,1] sl=[36,64,64,528]
> Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: 
> ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] 
> [000000_000000000000000000000000000000000___000000000000_________] 0:627635 
> 0:627543 t=1615815597[0] r=[-2,64,15,92,1] sl=[13,64,64,528]
> Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: 
> ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] 
> [0000000_000000000000000000000000000000000___000000000000________] 0:627636 
> 0:627544 t=1615815597[0] r=[-2,64,15,92,1] sl=[12,64,64,528]
> Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: 
> ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] 
> [00000000_000000000000000000000000000000000___000000000000_______] 0:627637 
> 0:627545 t=1615815597[0] r=[-2,64,15,92,1] sl=[11,64,64,528]
> Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: 
> ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] 
> [000000000_000000000000000000000000000000000___000000000000______] 0:627638 
> 0:627546 t=1615815597[0] r=[-2,64,15,92,1] sl=[10,64,64,528]
> Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: 
> ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] 
> [0000000000_000000000000000000000000000000000___000000000000_____] 0:627639 
> 0:627547 t=1615815597[0] r=[-2,64,15,92,1] sl=[9,64,64,528]
> Mar 15 14:39:57 openvpn-igel-int ovpn-server-udp[1089]: 
> ITC00E0C5247DB8/84.130.190.9:55871 PID_ERR large diff [92] [SSL-0] 
> [00000000000_000000000000000000000000000000000___000000000000____] 0:627640 
> 0:627548 t=1615815597[0] r=[-2,64,15,92,1] sl=[8,64,64,528]

Not unless you see them a lot. This just means that some old (reordered)
packets are dropped by openvpn because replay protection checks can no
longer guarantee that this is not a replayed packet. So it *might* be an
availability issue, but won't affect connection security.

If you see these a lot, it might be worth checking the network between
client and server to see why this packet reordering happens.

Otherwise just reduce the log level to 3, which is a very reasonable
setting for production servers and will no longer show these warnings.

-Steffan


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users