Re: [SOLVED] [gentoo-user] OpenVPN - error
Thank you. [SOLVED] All I needed was on sever.conf line: tls-auth /etc/openvpn/cert/ta.key 0 In my case it was pointing it to a wrong file :-/ Thelma On 02/22/2020 03:30 AM, Roger Welsh wrote: > Hi Thelma, > > I think you need > tls-server > And > tls-client > In your respective configs below. > > Reference: > https://askubuntu.com/questions/594868/openvpn-hmac-authentication-failure-no-matter-what-i-do > > And > https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ > Grep for tls-server. > > > On 22 February 2020 11:08:02 PM NZDT, the...@sys-concept.com wrote: >> When I try to start openVPN on a client I see this error on a server: >> >> Sat Feb 22 02:32:10 2020 Authenticate/Decrypt packet error: packet HMAC >> authentication failed >> Sat Feb 22 02:32:10 2020 TLS Error: incoming packet authentication >> failed from [AF_INET] >> >> cat server.conf >> proto udp >> port 9000 >> dev tun >> mode server >> ca /etc/openvpn/cert/ca.crt >> cert /etc/openvpn/cert/clinic_atom.crt >> key /etc/openvpn/cert/clinic_atom.key >> dh /etc/openvpn/cert/dh.pem >> topology subnet >> server 192.168.141.0 255.255.255.0 >> client-to-client >> ifconfig-pool-persist ipp.txt >> client-config-dir ccd >> keepalive 10 120 >> tls-auth vpn_clinic.key 0 >> tun-mtu 1500 >> tun-mtu-extra 32 >> mssfix 1200 >> duplicate-cn >> comp-lzo >> max-clients 100 >> persist-key >> persist-tun >> status openvpn-status.log >> log /var/log/openvpn.log >> log-append /var/log/openvpn.log >> verb 3 >> >> On client-config: >> clinic_atom.conf >> client >> dev tun >> proto udp >> port 9070 >> topology subnet >> remote xxx.xx.xx.xx 9070 # static IP >> resolv-retry infinite >> tun-mtu 1500 >> tun-mtu-extra 32 >> mssfix 1200 >> persist-key >> persist-tun >> remote-cert-tls server >> ca "/etc/openvpn/clinic_atom/ca.crt" >> cert "/etc/openvpn/clinic_atom/syscon7.crt" >> key "/etc/openvpn/clinic_atom/syscon7.key" >> tls-auth "/etc/openvpn/clinic_atom/ta.key" 1 >> comp-lzo >> log /var/log/openvpn.log >> log-append /var/log/openvpn.log >> verb 3 >> >> -- >> Thelma > > -- > Kind regards, > > Roger >
Re: [gentoo-user] OpenVPN - error
Hi Thelma, I think you need tls-server And tls-client In your respective configs below. Reference: https://askubuntu.com/questions/594868/openvpn-hmac-authentication-failure-no-matter-what-i-do And https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ Grep for tls-server. On 22 February 2020 11:08:02 PM NZDT, the...@sys-concept.com wrote: >When I try to start openVPN on a client I see this error on a server: > >Sat Feb 22 02:32:10 2020 Authenticate/Decrypt packet error: packet HMAC >authentication failed >Sat Feb 22 02:32:10 2020 TLS Error: incoming packet authentication >failed from [AF_INET] > >cat server.conf >proto udp >port 9000 >dev tun >mode server >ca /etc/openvpn/cert/ca.crt >cert /etc/openvpn/cert/clinic_atom.crt >key /etc/openvpn/cert/clinic_atom.key >dh /etc/openvpn/cert/dh.pem >topology subnet >server 192.168.141.0 255.255.255.0 >client-to-client >ifconfig-pool-persist ipp.txt >client-config-dir ccd >keepalive 10 120 >tls-auth vpn_clinic.key 0 >tun-mtu 1500 >tun-mtu-extra 32 >mssfix 1200 >duplicate-cn >comp-lzo >max-clients 100 >persist-key >persist-tun >status openvpn-status.log >log /var/log/openvpn.log >log-append /var/log/openvpn.log >verb 3 > >On client-config: >clinic_atom.conf >client >dev tun >proto udp >port 9070 >topology subnet >remote xxx.xx.xx.xx 9070 # static IP >resolv-retry infinite >tun-mtu 1500 >tun-mtu-extra 32 >mssfix 1200 >persist-key >persist-tun >remote-cert-tls server >ca "/etc/openvpn/clinic_atom/ca.crt" >cert "/etc/openvpn/clinic_atom/syscon7.crt" >key "/etc/openvpn/clinic_atom/syscon7.key" >tls-auth "/etc/openvpn/clinic_atom/ta.key" 1 >comp-lzo >log /var/log/openvpn.log >log-append /var/log/openvpn.log >verb 3 > >-- >Thelma -- Kind regards, Roger
[gentoo-user] OpenVPN - error
When I try to start openVPN on a client I see this error on a server: Sat Feb 22 02:32:10 2020 Authenticate/Decrypt packet error: packet HMAC authentication failed Sat Feb 22 02:32:10 2020 TLS Error: incoming packet authentication failed from [AF_INET] cat server.conf proto udp port 9000 dev tun mode server ca /etc/openvpn/cert/ca.crt cert /etc/openvpn/cert/clinic_atom.crt key /etc/openvpn/cert/clinic_atom.key dh /etc/openvpn/cert/dh.pem topology subnet server 192.168.141.0 255.255.255.0 client-to-client ifconfig-pool-persist ipp.txt client-config-dir ccd keepalive 10 120 tls-auth vpn_clinic.key 0 tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 duplicate-cn comp-lzo max-clients 100 persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 On client-config: clinic_atom.conf client dev tun proto udp port 9070 topology subnet remote xxx.xx.xx.xx 9070 # static IP resolv-retry infinite tun-mtu 1500 tun-mtu-extra 32 mssfix 1200 persist-key persist-tun remote-cert-tls server ca "/etc/openvpn/clinic_atom/ca.crt" cert "/etc/openvpn/clinic_atom/syscon7.crt" key "/etc/openvpn/clinic_atom/syscon7.key" tls-auth "/etc/openvpn/clinic_atom/ta.key" 1 comp-lzo log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 -- Thelma