Thank you. [SOLVED] All I needed was on sever.conf line: tls-auth /etc/openvpn/cert/ta.key 0
In my case it was pointing it to a wrong file :-/ Thelma On 02/22/2020 03:30 AM, Roger Welsh wrote: > Hi Thelma, > > I think you need > tls-server > And > tls-client > In your respective configs below. > > Reference: > https://askubuntu.com/questions/594868/openvpn-hmac-authentication-failure-no-matter-what-i-do > > And > https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ > Grep for tls-server. > > > On 22 February 2020 11:08:02 PM NZDT, the...@sys-concept.com wrote: >> When I try to start openVPN on a client I see this error on a server: >> >> Sat Feb 22 02:32:10 2020 Authenticate/Decrypt packet error: packet HMAC >> authentication failed >> Sat Feb 22 02:32:10 2020 TLS Error: incoming packet authentication >> failed from [AF_INET] >> >> cat server.conf >> proto udp >> port 9000 >> dev tun >> mode server >> ca /etc/openvpn/cert/ca.crt >> cert /etc/openvpn/cert/clinic_atom.crt >> key /etc/openvpn/cert/clinic_atom.key >> dh /etc/openvpn/cert/dh.pem >> topology subnet >> server 192.168.141.0 255.255.255.0 >> client-to-client >> ifconfig-pool-persist ipp.txt >> client-config-dir ccd >> keepalive 10 120 >> tls-auth vpn_clinic.key 0 >> tun-mtu 1500 >> tun-mtu-extra 32 >> mssfix 1200 >> duplicate-cn >> comp-lzo >> max-clients 100 >> persist-key >> persist-tun >> status openvpn-status.log >> log /var/log/openvpn.log >> log-append /var/log/openvpn.log >> verb 3 >> >> On client-config: >> clinic_atom.conf >> client >> dev tun >> proto udp >> port 9070 >> topology subnet >> remote xxx.xx.xx.xx 9070 # static IP >> resolv-retry infinite >> tun-mtu 1500 >> tun-mtu-extra 32 >> mssfix 1200 >> persist-key >> persist-tun >> remote-cert-tls server >> ca "/etc/openvpn/clinic_atom/ca.crt" >> cert "/etc/openvpn/clinic_atom/syscon7.crt" >> key "/etc/openvpn/clinic_atom/syscon7.key" >> tls-auth "/etc/openvpn/clinic_atom/ta.key" 1 >> comp-lzo >> log /var/log/openvpn.log >> log-append /var/log/openvpn.log >> verb 3 >> >> -- >> Thelma > > -- > Kind regards, > > Roger >
