Opened 8 months ago
#1199 new Bug / Defect
MacOS: OpenVPN Connect: configuration 'tls-auth' not working as expected
| Reported by: | starkjs | Owned by: | yuriy |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | OpenVPN Connect | Version: | |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
| Cc: |
Description
Hello,
I have been using TunnelBlick? for years with OpenVPN and have just recently tried the macOS version of OpenVPN Connect (Have been using the iOS verson for years)
When I went to import the config I was using with TunnelBlick? into OpenVPN Connect, I found that it would not connect to my VPN and the server reported the following error:
Jun 15 17:44:26 hostname ovpn-server[19234]: Authenticate/Decrypt packet error: packet HMAC authentication failed Jun 15 17:44:26 hostname ovpn-server[19234]: TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:49377 Jun 15 17:44:27 hostname ovpn-server[19234]: Authenticate/Decrypt packet error: packet HMAC authentication failed Jun 15 17:44:27 hostname ovpn-server[19234]: TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:49377
My client config had:
tls-auth ta.key 1
which didn't seem to work.
Changing that to the following config seems to work
key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- <snip> -----END OpenVPN Static key V1----- </tls-auth>
I have not been able to find anything in the documentation that says one format over the other works/fails
It would be great if there was some logging in the macOS client that gave more of a clue when client config would be rejected or fail to load.
Note: See
TracTickets for help on using
tickets.
