What's new

AEAD Decrypt error: bad packet ID

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Jonnny

Occasional Visitor
Hi,

Using VPN Director to redirect a device (IP), through a VPN Client (OpenVPN), the following error appears using torrent traffic:

Code:
Jun 23 10:05:32 ovpn-client1[16663]: AEAD Decrypt error: bad packet ID (may be a replay): [ #10543379 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

If using the Wireguard client, this error no longer appears.

I remember, in the past to configure the OpenVPN Server (not client), on the router, I had to set it to TCP protocol so that a similar error does not appear when viewing streaming channels.

In some research I did, it is mentioned that it could be the UDP/TCP protocol, MTU value, OpenVPN client configuration...

Has anyone experienced this error?

Thanks.
 
Hi,

Using VPN Director to redirect a device (IP), through a VPN Client (OpenVPN), the following error appears using torrent traffic:

Code:
Jun 23 10:05:32 ovpn-client1[16663]: AEAD Decrypt error: bad packet ID (may be a replay): [ #10543379 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

If using the Wireguard client, this error no longer appears.

I remember, in the past to configure the OpenVPN Server (not client), on the router, I had to set it to TCP protocol so that a similar error does not appear when viewing streaming channels.

In some research I did, it is mentioned that it could be the UDP/TCP protocol, MTU value, OpenVPN client configuration...

Has anyone experienced this error?

Thanks.

Honestly very little familiarity with OVPN but if you're using UDP, retransmissions are common and I'm wondering if that is what it means by "replay".

I believe the default OpenVPN config assumes you have 1500 MTU on the WAN, is that the case with your ISP? If not it could be fragmentation but that doesn't seem to line up with that log message.

If you have the option of using wireguard, why don't you use that? It is much lighter weight and more efficient.
 
I've tried changing the MTU value but to no effect.

The times I tried Wireguard Client/Server, I switched back to OpenVPN. A big drawback for me on the Wireguard Client, it only allows one session at same time unlike OpenVPN.

Thanks.
 
The AEAD error is not an error as such. It's just a message saying it's happening - a non-error. Also it's unrelated to MTU.
I run my own VPN on a vps and have found that adding
Code:
mute-replay-warnings
to the client's custom configuration, as the log is advising would mute the AEAD messages.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top