On my newly installed OpenWRT 19.07.2 I seem to have worked out all the kinks except for one. While connected to my VPN provider, when I download an Ubuntu torrent (which obviously is the only thing people ever get using the torrent-network) I reach about 1/3 of the maximum speed and my system log gets spammed with "AEAD Decrypt error: bad packet ID (may be a replay)" messages.
I have searched and am aware that there is a likelihood this has a workaround of using
mssfix in my OpenVPN config. I haven't tried that yet, mainly because all I did was upgrade the same hardware with the same openvpn config to a newer version. Why would it start spamming my logs now when previously it was working fine?
What did I change? I used the DavidC build before, have now switched to the official OpenWRT build. I changed my internal IP subnet from one /24 network to another and I set my wireless to another channel because it was giving me a a headache. Figuratively.
I fixed almost every new issue I came across, except the occasional
maximum dns requests (150) reached and this one. This one is a gamestopper.
If anybody can help figure out why now and not before I would really appreciate it.
Oh, I also switched from using
vpn-bypass to using
vpn-policy-routing. Since that does primarily firewall routing, it shouldn't cause this problem, methinks. It is almost as if something is adding extra padding to my frames.
The VPN provider made me realize I should test it with other protocols as well. If I download the Ubuntu ISO directly from their server over HTTP it happens just the same.
I did the no-fragment ping test and reach a clean 1472, which means the default MTU of 1500 should be fine.