Opened 15 months ago

#1199 new Bug / Defect

MacOS: OpenVPN Connect: configuration 'tls-auth' not working as expected

Reported by: starkjs Owned by: yuriy
Priority: minor Milestone:
Component: OpenVPN Connect Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Hello,

I have been using TunnelBlick? for years with OpenVPN and have just recently tried the macOS version of OpenVPN Connect (Have been using the iOS verson for years)

When I went to import the config I was using with TunnelBlick? into OpenVPN Connect, I found that it would not connect to my VPN and the server reported the following error:

Jun 15 17:44:26 hostname ovpn-server[19234]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 15 17:44:26 hostname ovpn-server[19234]: TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:49377
Jun 15 17:44:27 hostname ovpn-server[19234]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 15 17:44:27 hostname ovpn-server[19234]: TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:49377

My client config had:

tls-auth ta.key 1

which didn't seem to work.

Changing that to the following config seems to work

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
 <snip>
-----END OpenVPN Static key V1-----

</tls-auth>

I have not been able to find anything in the documentation that says one format over the other works/fails

It would be great if there was some logging in the macOS client that gave more of a clue when client config would be rejected or fail to load.

Change History (0)

Note: See TracTickets for help on using tickets.