https://live.paloaltonetworks.com/t5/general-topics/pan-os-5-0-0-quot-killing-quot-remote-connections/m-p/33145#M24290 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>sorry for the "bad" title, bat that's whats actually happening.</P><P></P><P>I have a NAT rule translating the external interface IP to an internal server from Port 443 to 8443 (for OpenVPN) and to the same server for ssh (no port translation)</P><P></P><P>When I connect with OpenVPN to the VPN Server, it connects fine, but as soon as I have a certain amount of traffic (i.e. opening a webpage), the client drops the connection with:</P><P></P><P>----cut---</P><P>Nov 20 19:38:21: Authenticate/Decrypt packet error: packet HMAC authentication failed</P><P>Nov 20 19:38:21: Fatal decryption error (process_incoming_link), restarting</P><P>Nov 20 19:38:21: SIGUSR1[soft,decryption-error] received, process restarting</P><P>---cut---</P><P>I first assumed a problem on the VPN Server, but connecting to it bypassing the PA works perfectly fine.</P><P>I also tried configuring "Disable server response" in the security policy with no effect.</P><P></P><P>The above mentioned does not only kill my openvpn connections, but also does the same for a SSH connection to the same server (Error Message: HMAC Error, connection reset) as soon as there is some traffic on the connection (e.g. less a bigger log file)</P><P></P><P>Can anyone give me a hint where to dig deeper in order to find the problem?</P><P></P><P>Thanks</P><P></P><P>Andre</P></BODY></HTML> Tue, 20 Nov 2012 18:56:32 GMT u13550 2012-11-20T18:56:32Z https://live.paloaltonetworks.com/t5/general-topics/pan-os-5-0-0-quot-killing-quot-remote-connections/m-p/33145#M24290 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>sorry for the "bad" title, bat that's whats actually happening.</P><P></P><P>I have a NAT rule translating the external interface IP to an internal server from Port 443 to 8443 (for OpenVPN) and to the same server for ssh (no port translation)</P><P></P><P>When I connect with OpenVPN to the VPN Server, it connects fine, but as soon as I have a certain amount of traffic (i.e. opening a webpage), the client drops the connection with:</P><P></P><P>----cut---</P><P>Nov 20 19:38:21: Authenticate/Decrypt packet error: packet HMAC authentication failed</P><P>Nov 20 19:38:21: Fatal decryption error (process_incoming_link), restarting</P><P>Nov 20 19:38:21: SIGUSR1[soft,decryption-error] received, process restarting</P><P>---cut---</P><P>I first assumed a problem on the VPN Server, but connecting to it bypassing the PA works perfectly fine.</P><P>I also tried configuring "Disable server response" in the security policy with no effect.</P><P></P><P>The above mentioned does not only kill my openvpn connections, but also does the same for a SSH connection to the same server (Error Message: HMAC Error, connection reset) as soon as there is some traffic on the connection (e.g. less a bigger log file)</P><P></P><P>Can anyone give me a hint where to dig deeper in order to find the problem?</P><P></P><P>Thanks</P><P></P><P>Andre</P></BODY></HTML> Tue, 20 Nov 2012 18:56:32 GMT https://live.paloaltonetworks.com/t5/general-topics/pan-os-5-0-0-quot-killing-quot-remote-connections/m-p/33145#M24290 u13550 2012-11-20T18:56:32Z https://live.paloaltonetworks.com/t5/general-topics/pan-os-5-0-0-quot-killing-quot-remote-connections/m-p/33146#M24291 <HTML><HEAD></HEAD><BODY><P>do you have specific application policies other than the nat rule ? I would try to do some logging on the security policies and some packet caputure to see if and how the traffic passes through the pan..</P></BODY></HTML> Thu, 02 May 2013 12:44:14 GMT https://live.paloaltonetworks.com/t5/general-topics/pan-os-5-0-0-quot-killing-quot-remote-connections/m-p/33146#M24291 mne 2013-05-02T12:44:14Z https://live.paloaltonetworks.com/t5/general-topics/pan-os-5-0-0-quot-killing-quot-remote-connections/m-p/33147#M24292 <HTML><HEAD></HEAD><BODY><P>Auth failures could imply fragmented encrypted traffic with some missing fragments. PCAPs should help determine if this is the case. Also ensure that you do not have any zone protection profiles which block frags. </P><P></P><P>-Richard</P></BODY></HTML> Thu, 02 May 2013 23:58:42 GMT https://live.paloaltonetworks.com/t5/general-topics/pan-os-5-0-0-quot-killing-quot-remote-connections/m-p/33147#M24292 Retired Member 2013-05-02T23:58:42Z