MacOS: OpenVPN Connect: configuration 'tls-auth' not working as expected

[starkjs]

Hello,

I have been using TunnelBlick? for years with OpenVPN and have just recently tried the macOS version of OpenVPN Connect (Have been using the iOS verson for years)

When I went to import the config I was using with TunnelBlick? into OpenVPN Connect, I found that it would not connect to my VPN and the server reported the following error:

Jun 15 17:44:26 hostname ovpn-server[19234]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 15 17:44:26 hostname ovpn-server[19234]: TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:49377
Jun 15 17:44:27 hostname ovpn-server[19234]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Jun 15 17:44:27 hostname ovpn-server[19234]: TLS Error: incoming packet authentication failed from [AF_INET]xxx.xxx.xxx.xxx:49377

My client config had:

tls-auth ta.key 1

which didn't seem to work.

Changing that to the following config seems to work

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
 <snip>
-----END OpenVPN Static key V1-----

</tls-auth>

I have not been able to find anything in the documentation that says one format over the other works/fails

It would be great if there was some logging in the macOS client that gave more of a clue when client config would be rejected or fail to load.

[Gert Döring]

OpenVPN Inc does not want to receive any feedback for the "Connect"
OpenVPN clients via the community bug trackers (here and in GH issues).

Please resubmit - if still relevant - via ​https://support.openvpn.net/

(From a community maintainer perspective, Tunnelblick is the better option anyway)