Opened 5 years ago
Closed 16 months ago
#1199 closed Bug / Defect (wontfix)
MacOS: OpenVPN Connect: configuration 'tls-auth' not working as expected
Reported by: | starkjs | Owned by: | OpenVPN Inc. |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | OpenVPN Connect | Version: | |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Hello,
I have been using TunnelBlick? for years with OpenVPN and have just recently tried the macOS version of OpenVPN Connect (Have been using the iOS verson for years)
When I went to import the config I was using with TunnelBlick? into OpenVPN Connect, I found that it would not connect to my VPN and the server reported the following error:
Jun 15 17:44:26 hostname ovpn-server[19234]: Authenticate/Decrypt packet error: packet HMAC authentication failed Jun 15 17:44:26 hostname ovpn-server[19234]: TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:49377 Jun 15 17:44:27 hostname ovpn-server[19234]: Authenticate/Decrypt packet error: packet HMAC authentication failed Jun 15 17:44:27 hostname ovpn-server[19234]: TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:49377
My client config had:
tls-auth ta.key 1
which didn't seem to work.
Changing that to the following config seems to work
key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- <snip> -----END OpenVPN Static key V1----- </tls-auth>
I have not been able to find anything in the documentation that says one format over the other works/fails
It would be great if there was some logging in the macOS client that gave more of a clue when client config would be rejected or fail to load.
Change History (3)
comment:1 Changed 3 years ago by
Owner: | changed from yuriy to denys |
---|---|
Status: | new → assigned |
comment:2 Changed 3 years ago by
Owner: | changed from denys to OpenVPN Inc. |
---|
comment:3 Changed 16 months ago by
Resolution: | → wontfix |
---|---|
Status: | assigned → closed |
OpenVPN Inc does not want to receive any feedback for the "Connect"
OpenVPN clients via the community bug trackers (here and in GH issues).
Please resubmit - if still relevant - via https://support.openvpn.net/
(From a community maintainer perspective, Tunnelblick is the better option anyway)