1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

TLS Errors

Discussion in 'VPN' started by NoelS, Apr 18, 2019.

  1. NoelS

    NoelS Regular Contributor

    Joined:
    Apr 4, 2019
    Messages:
    59
    I'm getting these errors in my Router Log (AC68U running latest Merlin). Anything to worry about or benign? Any adjustment to try?

    TLS Error: unknown opcode received from [AF_INET]207.189.2.3:443 op=20
    TLS Error: Unroutable control packet received from [AF_INET]207.189.29.3:443 (si=3 op=P_ACK_V1)
    TLS Error: cannot locate HMAC in incoming packet from [AF_INET]207.189.29.3:443
    TLS Error: local/remote TLS keys are out of sync: [AF_INET]207.189.29.3:443 [2]

    TIA
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,327
    Location:
    UK
    Looks like standard port scanning. Expect to see a lot of that as you're using a common port (443).
     
  3. eibgrad

    eibgrad Regular Contributor

    Joined:
    Feb 20, 2017
    Messages:
    153
    Are you in fact running some service on port 443 of the WAN?
     
  4. NoelS

    NoelS Regular Contributor

    Joined:
    Apr 4, 2019
    Messages:
    59
    @eibgrad Nothing that I know of, other than the VPN
    @ColinTaylor Ok, so it sounds like "nothing to worry about"?
     
  5. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    8,327
    Location:
    UK
    Well you can only have one service running on one port, so that will be the VPN.
    It's more of an annoyance really. Once the bots have seen a response on that port they keep coming back. Then over time more and more bots discover it. Just change to a non-standard port and the messages will disappear.
     
    L&LD likes this.