We upgraded one of our Firewalls to SFOS 18.0.3 MR-3 from 18.0.1 MR1 and our SSL VPN clients quit working.
We get the error:
the system tried to join a drive to a directory on a joined drive
Any thoughts on the cause?
No DNAT:
Server log
Tue Nov 3 00:28:28 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:34169
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:28 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:34660
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:29 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:35366
Tue Nov 3 00:28:29 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (21331), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:29 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:29 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:29 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:36260
Tue Nov 3 00:28:34 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:34 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:35 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:44330
Tue Nov 3 00:28:42 2020 [8020] CID is :3205
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:43 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:57314
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:44 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:58512
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:44 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:60958
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (32814), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 01:19:19 2020 [8020] TCP connection established with [AF_INET6]::ffff:128.14.134.170:47674
Tue Nov 3 01:19:19 2020 [8020] ::ffff:128.14.134.170 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 01:19:19 2020 [8020] ::ffff:128.14.134.170 Connection reset, restarting [0]
Tue Nov 3 01:19:19 2020 [8020] ::ffff:128.14.134.170 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 04:44:34 2020 [8020] TCP connection established with [AF_INET6]::ffff:46.246.62.206:36474
Tue Nov 3 04:44:34 2020 [8020] ::ffff:46.246.62.206 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 04:44:34 2020 [8020] ::ffff:46.246.62.206 Connection reset, restarting [0]
Tue Nov 3 04:44:34 2020 [8020] ::ffff:46.246.62.206 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 05:29:13 2020 [8020] TCP connection established with [AF_INET6]::ffff:182.124.56.252:47450
Tue Nov 3 05:29:14 2020 [8020] ::ffff:182.124.56.252 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 05:29:14 2020 [8020] ::ffff:182.124.56.252 Connection reset, restarting [0]
Tue Nov 3 05:29:14 2020 [8020] ::ffff:182.124.56.252 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 05:48:26 2020 [8020] TCP connection established with [AF_INET6]::ffff:51.254.75.176:59938
Tue Nov 3 05:48:26 2020 [8020] ::ffff:51.254.75.176 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 05:48:26 2020 [8020] ::ffff:51.254.75.176 Connection reset, restarting [0]
Tue Nov 3 05:48:26 2020 [8020] ::ffff:51.254.75.176 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 05:52:58 2020 [8020] TCP connection established with [AF_INET6]::ffff:138.68.26.56:57930
Tue Nov 3 05:52:58 2020 [8020] ::ffff:138.68.26.56 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 05:52:58 2020 [8020] ::ffff:138.68.26.56 Connection reset, restarting [0]
Tue Nov 3 05:52:58 2020 [8020] ::ffff:138.68.26.56 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 05:55:36 2020 [8020] TCP connection established with [AF_INET6]::ffff:51.254.75.188:49788
Tue Nov 3 05:55:36 2020 [8020] ::ffff:51.254.75.188 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 05:55:36 2020 [8020] ::ffff:51.254.75.188 Connection reset, restarting [0]
Tue Nov 3 05:55:36 2020 [8020] ::ffff:51.254.75.188 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 06:21:10 2020 [8020] TCP connection established with [AF_INET6]::ffff:216.218.206.66:35538
Tue Nov 3 06:21:10 2020 [8020] ::ffff:216.218.206.66 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 06:21:10 2020 [8020] ::ffff:216.218.206.66 Connection reset, restarting [0]
Tue Nov 3 06:21:10 2020 [8020] ::ffff:216.218.206.66 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 06:23:09 2020 [8020] Closing TUN/TAP interface
Tue Nov 3 06:23:09 2020 [8020] /bin/ip addr del dev tun0 10.255.255.1/24
Tue Nov 3 06:23:10 2020 [8020] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0
Tue Nov 3 06:23:10 2020 [8020] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so
Tue Nov 3 06:23:10 2020 [8020] SIGTERM[hard,] received, process exiting
Tue Nov 3 06:32:01 2020 [10749] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 8 2020
Tue Nov 3 06:32:01 2020 [10749] library versions: OpenSSL 1.0.2r-fips 26 Feb 2019, LZO 2.09
Tue Nov 3 06:32:01 2020 [10749] MANAGEMENT: client_uid=0
Tue Nov 3 06:32:01 2020 [10749] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt
Tue Nov 3 06:32:01 2020 [10749] cleanup success
Tue Nov 3 06:32:01 2020 [10749] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Tue Nov 3 06:32:01 2020 [10749] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Tue Nov 3 06:32:01 2020 [10749] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
grhandle=0x926b530
Authentication server 127.0.0.1 gave login response code 2
Tue Nov 3 06:32:01 2020 [10749] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT
Tue Nov 3 06:32:01 2020 [10749] Diffie-Hellman initialized with 2048 bit key
Tue Nov 3 06:32:01 2020 [10749] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible
Tue Nov 3 06:32:01 2020 [10749] WARNING: experimental option --capath /conf/certificate/openvpn
Tue Nov 3 06:32:01 2020 [10749] Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Nov 3 06:32:01 2020 [10749] TUN/TAP device tun0 opened
Tue Nov 3 06:32:01 2020 [10749] TUN/TAP TX queue length set to 1000
Tue Nov 3 06:32:01 2020 [10749] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Tue Nov 3 06:32:01 2020 [10749] /bin/ip link set dev tun0 up mtu 1500
Tue Nov 3 06:32:01 2020 [10749] /bin/ip addr add dev tun0 10.255.255.1/24 broadcast 10.255.255.255
Tue Nov 3 06:32:01 2020 [10749] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0
Tue Nov 3 06:32:01 2020 [10749] CSC service status updated to RUNNING
Tue Nov 3 06:32:01 2020 [10749] Listening for incoming TCP connection on [undef]
Tue Nov 3 06:32:01 2020 [10749] TCPv6_SERVER link local (bound): [undef]
Tue Nov 3 06:32:01 2020 [10749] TCPv6_SERVER link remote: [undef]
Tue Nov 3 06:32:01 2020 [10749] MULTI: multi_init called, r=256 v=256
Tue Nov 3 06:32:01 2020 [10749] IFCONFIG POOL IPv6: (IPv4) size=253, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1
Tue Nov 3 06:32:01 2020 [10749] IFCONFIG POOL: base=10.255.255.2 size=253, ipv6=1
Tue Nov 3 06:32:01 2020 [10749] IFCONFIG POOL LIST
Tue Nov 3 06:32:01 2020 [10749] MULTI: TCP INIT maxclients=440 maxevents=444
Tue Nov 3 06:32:01 2020 [10749] Initialization Sequence Completed
Tue Nov 3 08:31:21 2020 [10749] MANAGEMENT: Client connected from /tmp/openvpn_mgmt
Tue Nov 3 08:31:21 2020 [10749] MANAGEMENT: CMD 'status -1'
Tue Nov 3 08:31:31 2020 [10749] MANAGEMENT: Client disconnected
Client log
Thu Nov 05 11:41:16 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Thu Nov 05 11:41:16 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Thu Nov 05 11:41:16 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Nov 05 11:41:16 2020 Need hold release from management interface, waiting...
Thu Nov 05 11:41:17 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Nov 05 11:41:17 2020 MANAGEMENT: CMD 'state on'
Thu Nov 05 11:41:17 2020 MANAGEMENT: CMD 'log all on'
Thu Nov 05 11:41:17 2020 MANAGEMENT: CMD 'hold off'
Thu Nov 05 11:41:17 2020 MANAGEMENT: CMD 'hold release'
Thu Nov 05 11:41:26 2020 MANAGEMENT: CMD 'username "Auth" "pompey"'
Thu Nov 05 11:41:26 2020 MANAGEMENT: CMD 'password [...]'
Thu Nov 05 11:41:26 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Nov 05 11:41:26 2020 Attempting to establish TCP connection with [AF_INET]68.142.164.248:8443 [nonblock]
Thu Nov 05 11:41:26 2020 MANAGEMENT: >STATE:1604594486,TCP_CONNECT,,,,,,
Thu Nov 05 11:41:36 2020 TCP: connect to [AF_INET]68.142.164.248:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Thu Nov 05 11:41:40 2020 SIGTERM[hard,init_instance] received, process exiting
Thu Nov 05 11:41:40 2020 MANAGEMENT: >STATE:1604594500,EXITING,init_instance,,,,,
No DNAT:
Server log
Tue Nov 3 00:28:28 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:34169
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:28 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:34660
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:28 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:29 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:35366
Tue Nov 3 00:28:29 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (21331), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:29 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:29 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:29 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:36260
Tue Nov 3 00:28:34 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:34 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:35 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:44330
Tue Nov 3 00:28:42 2020 [8020] CID is :3205
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:43 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:57314
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:43 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:44 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:58512
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 00:28:44 2020 [8020] TCP connection established with [AF_INET6]::ffff:107.6.183.162:60958
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 WARNING: Bad encapsulated packet length from peer (32814), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 Connection reset, restarting [0]
Tue Nov 3 00:28:44 2020 [8020] ::ffff:107.6.183.162 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 01:19:19 2020 [8020] TCP connection established with [AF_INET6]::ffff:128.14.134.170:47674
Tue Nov 3 01:19:19 2020 [8020] ::ffff:128.14.134.170 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 01:19:19 2020 [8020] ::ffff:128.14.134.170 Connection reset, restarting [0]
Tue Nov 3 01:19:19 2020 [8020] ::ffff:128.14.134.170 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 04:44:34 2020 [8020] TCP connection established with [AF_INET6]::ffff:46.246.62.206:36474
Tue Nov 3 04:44:34 2020 [8020] ::ffff:46.246.62.206 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 04:44:34 2020 [8020] ::ffff:46.246.62.206 Connection reset, restarting [0]
Tue Nov 3 04:44:34 2020 [8020] ::ffff:46.246.62.206 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 05:29:13 2020 [8020] TCP connection established with [AF_INET6]::ffff:182.124.56.252:47450
Tue Nov 3 05:29:14 2020 [8020] ::ffff:182.124.56.252 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 05:29:14 2020 [8020] ::ffff:182.124.56.252 Connection reset, restarting [0]
Tue Nov 3 05:29:14 2020 [8020] ::ffff:182.124.56.252 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 05:48:26 2020 [8020] TCP connection established with [AF_INET6]::ffff:51.254.75.176:59938
Tue Nov 3 05:48:26 2020 [8020] ::ffff:51.254.75.176 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 05:48:26 2020 [8020] ::ffff:51.254.75.176 Connection reset, restarting [0]
Tue Nov 3 05:48:26 2020 [8020] ::ffff:51.254.75.176 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 05:52:58 2020 [8020] TCP connection established with [AF_INET6]::ffff:138.68.26.56:57930
Tue Nov 3 05:52:58 2020 [8020] ::ffff:138.68.26.56 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 05:52:58 2020 [8020] ::ffff:138.68.26.56 Connection reset, restarting [0]
Tue Nov 3 05:52:58 2020 [8020] ::ffff:138.68.26.56 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 05:55:36 2020 [8020] TCP connection established with [AF_INET6]::ffff:51.254.75.188:49788
Tue Nov 3 05:55:36 2020 [8020] ::ffff:51.254.75.188 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 05:55:36 2020 [8020] ::ffff:51.254.75.188 Connection reset, restarting [0]
Tue Nov 3 05:55:36 2020 [8020] ::ffff:51.254.75.188 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 06:21:10 2020 [8020] TCP connection established with [AF_INET6]::ffff:216.218.206.66:35538
Tue Nov 3 06:21:10 2020 [8020] ::ffff:216.218.206.66 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Tue Nov 3 06:21:10 2020 [8020] ::ffff:216.218.206.66 Connection reset, restarting [0]
Tue Nov 3 06:21:10 2020 [8020] ::ffff:216.218.206.66 SIGUSR1[soft,connection-reset] received, client-instance restarting
Tue Nov 3 06:23:09 2020 [8020] Closing TUN/TAP interface
Tue Nov 3 06:23:09 2020 [8020] /bin/ip addr del dev tun0 10.255.255.1/24
Tue Nov 3 06:23:10 2020 [8020] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0
Tue Nov 3 06:23:10 2020 [8020] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so
Tue Nov 3 06:23:10 2020 [8020] SIGTERM[hard,] received, process exiting
Tue Nov 3 06:32:01 2020 [10749] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 8 2020
Tue Nov 3 06:32:01 2020 [10749] library versions: OpenSSL 1.0.2r-fips 26 Feb 2019, LZO 2.09
Tue Nov 3 06:32:01 2020 [10749] MANAGEMENT: client_uid=0
Tue Nov 3 06:32:01 2020 [10749] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt
Tue Nov 3 06:32:01 2020 [10749] cleanup success
Tue Nov 3 06:32:01 2020 [10749] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Tue Nov 3 06:32:01 2020 [10749] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Tue Nov 3 06:32:01 2020 [10749] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
grhandle=0x926b530
Authentication server 127.0.0.1 gave login response code 2
Tue Nov 3 06:32:01 2020 [10749] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT
Tue Nov 3 06:32:01 2020 [10749] Diffie-Hellman initialized with 2048 bit key
Tue Nov 3 06:32:01 2020 [10749] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible
Tue Nov 3 06:32:01 2020 [10749] WARNING: experimental option --capath /conf/certificate/openvpn
Tue Nov 3 06:32:01 2020 [10749] Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Nov 3 06:32:01 2020 [10749] TUN/TAP device tun0 opened
Tue Nov 3 06:32:01 2020 [10749] TUN/TAP TX queue length set to 1000
Tue Nov 3 06:32:01 2020 [10749] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Tue Nov 3 06:32:01 2020 [10749] /bin/ip link set dev tun0 up mtu 1500
Tue Nov 3 06:32:01 2020 [10749] /bin/ip addr add dev tun0 10.255.255.1/24 broadcast 10.255.255.255
Tue Nov 3 06:32:01 2020 [10749] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0
Tue Nov 3 06:32:01 2020 [10749] CSC service status updated to RUNNING
Tue Nov 3 06:32:01 2020 [10749] Listening for incoming TCP connection on [undef]
Tue Nov 3 06:32:01 2020 [10749] TCPv6_SERVER link local (bound): [undef]
Tue Nov 3 06:32:01 2020 [10749] TCPv6_SERVER link remote: [undef]
Tue Nov 3 06:32:01 2020 [10749] MULTI: multi_init called, r=256 v=256
Tue Nov 3 06:32:01 2020 [10749] IFCONFIG POOL IPv6: (IPv4) size=253, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1
Tue Nov 3 06:32:01 2020 [10749] IFCONFIG POOL: base=10.255.255.2 size=253, ipv6=1
Tue Nov 3 06:32:01 2020 [10749] IFCONFIG POOL LIST
Tue Nov 3 06:32:01 2020 [10749] MULTI: TCP INIT maxclients=440 maxevents=444
Tue Nov 3 06:32:01 2020 [10749] Initialization Sequence Completed
Tue Nov 3 08:31:21 2020 [10749] MANAGEMENT: Client connected from /tmp/openvpn_mgmt
Tue Nov 3 08:31:21 2020 [10749] MANAGEMENT: CMD 'status -1'
Tue Nov 3 08:31:31 2020 [10749] MANAGEMENT: Client disconnected
Client log
Thu Nov 05 11:41:16 2020 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
Thu Nov 05 11:41:16 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
Enter Management Password:
Thu Nov 05 11:41:16 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Nov 05 11:41:16 2020 Need hold release from management interface, waiting...
Thu Nov 05 11:41:17 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Nov 05 11:41:17 2020 MANAGEMENT: CMD 'state on'
Thu Nov 05 11:41:17 2020 MANAGEMENT: CMD 'log all on'
Thu Nov 05 11:41:17 2020 MANAGEMENT: CMD 'hold off'
Thu Nov 05 11:41:17 2020 MANAGEMENT: CMD 'hold release'
Thu Nov 05 11:41:26 2020 MANAGEMENT: CMD 'username "Auth" "pompey"'
Thu Nov 05 11:41:26 2020 MANAGEMENT: CMD 'password [...]'
Thu Nov 05 11:41:26 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Nov 05 11:41:26 2020 Attempting to establish TCP connection with [AF_INET]68.142.164.248:8443 [nonblock]
Thu Nov 05 11:41:26 2020 MANAGEMENT: >STATE:1604594486,TCP_CONNECT,,,,,,
Thu Nov 05 11:41:36 2020 TCP: connect to [AF_INET]68.142.164.248:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Thu Nov 05 11:41:40 2020 SIGTERM[hard,init_instance] received, process exiting
Thu Nov 05 11:41:40 2020 MANAGEMENT: >STATE:1604594500,EXITING,init_instance,,,,,
looks like your MTU is too large with 1572
do you have PPPoE dial in on your XG WAN interface?
I would check the setting of your WAN Interface. Did the clients install new VPN configs after the upgrade or do they have the same?
for a workaround try if setting a fix smaller MTU on a client works.
but I guess the bug is inside XG, not the VPN client.
