Links to local pages:

• Security - OpenVPN
• OpenVPN config examples

OpenVPN is relying on a proper time consistency between Client and Server. This can result in problems on 2 levels:

• TLS/SSL certificates validity/expiration is based on time
• the encrypted packets have a time-tag to conquer replay-attacks and out-of-sequence delivery

Client-side

TLS Error: Unroutable control packet received from 80.69.65.224:10494 (si=3 op=P_CONTROL_V1)

Server-side

TLS: new session incoming connection from 80.100.97.87:54702
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

Client-side

VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=CO/ST=Province/L=City/O=Organisation/CN=ca.auxmgt.ncbv/emailAddress=email@domain.com
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

Server-side

Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 / time = (1199146245) Tue Jan  1 01:10:45 2008 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)