Jump to content
TorGuard
  • 0

Authenticate/Decrypt packet error

Rate this question


PeterR
 Share

Question

Example:

Mon Dec 23 13:06:13 2013 us=445149 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:06:17 2013 us=347753 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:06:23 2013 us=910997 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:06:35 2013 us=970051 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:08:04 2013 us=212181 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:08:13 2013 us=364001 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:08:24 2013 us=465058 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:10:55 2013 us=682440 tun packet too large on write (tried=1448,max=1434)

Mon Dec 23 13:10:58 2013 us=853447 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:11:04 2013 us=718435 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:11:12 2013 us=578657 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:15:42 2013 us=43014 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:15:47 2013 us=556174 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:15:52 2013 us=535584 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:15:58 2013 us=97952 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:15:59 2013 us=683123 Authenticate/Decrypt packet error: packet HMAC authentication failed

Mon Dec 23 13:16:06 2013 us=651924 Authenticate/Decrypt packet error: packet HMAC authentication failed

 

Now before I go explaining a bunch of stuff about my setup, I need to point out that this ONLY happens with heavy p2p/bittorent traffic. Normal web access, downloading and FTP traffic are not creating ANY of these errors. The error seems to be the result of "some" unruly bittorrent clients on the other end.

 

So, my question is, how do I connect the dots... how can I monitor the traffic and determine what connections are causing this... Can I use something like WireShark to take a look at this, and if so, what am I looking for that would help me identify the packets causing the problem. I mean, since this error seems to be happening at the application layer of the OSI model, WireShark is not going to show these as dropped packets, is it?

 

 

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Normally this happens when using keys and keys at either end are not the same or the users system time is incorrect, have you checked your system time ? i know its most likely correct but just naming 2 things i know for a fact that can cause those messages.

 

Do you get this error on all servers under heavy traffic ?

 

I don't think it will cause too much of a problem (As in disconnect you) but i would be interested to know the issue too.

 

Cheers

 

 

Link to comment
Share on other sites

  • 0

I appreciate the truth in what you point out, however, neither cause would seem to be at issue. In my limited experience, both would cause a total connection failure as apposed to an intermittent error.

 

More info:

 

When initially configuring my connection, I noticed that I was getting a high number of ...

 

Tue Dec 31 15:23:21 2013 us=408368 write UDPv4: Message too long (code=97)

Tue Dec 31 15:23:22 2013 us=824253 write UDPv4: Message too long (code=97)

Tue Dec 31 15:23:25 2013 us=506615 write UDPv4: Message too long (code=97)

Tue Dec 31 15:23:30 2013 us=916598 write UDPv4: Message too long (code=97)

Tue Dec 31 15:23:34 2013 us=879571 write UDPv4: Message too long (code=97)

 

messages, so through trial and error I reset my tun-mtu to be 1434. While this eliminates the "Message too long (code=97)" errors, it seems to replace them with the "Authenticate/Decrypt packet error: packet HMAC authentication failed" at roughly the same rate of occurrence.

 

Presently, I have the mtu configured as 1500, so my errors are of the

Message too long (code=97) variety...

 

ifconfig shows the following for the last 24 hours.

 

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

inet addr:10.8.0.50 P-t-P:10.8.0.49 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1

RX packets:51,66,868 errors:0 dropped:0 overruns:0 frame:0

TX packets:5,156,945 errors:0 dropped:164,422 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:4016960063 (3.7 GiB) TX bytes:3190207229 (2.9 GiB)

 

While neither mtu setting (1500/1434) or error message (Message too long/HMAC authentication failed), seem to substantially impact throughput, certainly they are an indication that something is hinky somewhere... the numbers reported above are fairly typical of either setting or error.

 

Note that no other I/F connection through my router shows any dropped packets, with or without VPN running. And yes, this happens all the time on every server I connect to, from both the Canadian or NL server pools.

 

I should also point out that while the dropped packets, through causal observation, do NOT appear to be directly related to the error messages.

 

 

All that said, since this does not result in a connection failure, my expectation of support from torguard is extremely low.

 

The only reason I am aware of the scope is that I took the time to un-mute the log data from the standard conf settings. My fear is that this is a wide spread issue that many customers are experiencing and are simply unaware of it since it does not break the connection.

 

So, my question is STILL, how do I connect the dots... how can I monitor the traffic and determine what connections are causing this... Can I use something like WireShark to take a look at this, and if so, what am I looking for that would help me identify the packets causing the problem. I mean, since this error seems to be happening at the application layer of the OSI model, WireShark is not going to show these as dropped packets, is it?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...