Project

General

Profile

Bug #458

Openvpn TLS is not working for me

Added by Adam Stylinski about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
Start date:
03/29/2010
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

I'm getting the HMAC TLS Authentication error in the server's logs characteristic of a bad static key. I did an md5 hash on both the server file and mine, they match up. The certificates are correct, the CAs have identical md5s, the only conclusion I can come up with is that openvpn is somehow broken. I'm willing to test whatever suggestion you've got, but it seems to have happened after I updated to the 3-28 BETA (although it can have been broken earlier). A traversal of the git revision history for anything openvpn related will probably point to the problem.

History

#1 Updated by Adam Stylinski about 9 years ago

I should add that the reason I'm not traversing the git branches myself is because I'm not very familiar with git.

#2 Updated by Chris Buechler about 9 years ago

  • Status changed from New to Feedback

You're going to have to provide more information on the actual cause. Review the underlying OpenVPN configuration and keys in /var/etc/openvpn/, where is the problem? If it's not readily apparent, increase the logging level.

If you don't know, or can't determine, post to the forum or list.

The version of OpenVPN hasn't changed in months. The code that writes out the config has, but nothing related to this in months that I see. There isn't anything here to go on. See also http://doc.pfsense.org/index.php/Bug_reporting

#3 Updated by Deon George about 9 years ago

FWIW, I use TLS HMAC authentication for pfsense being an OpenVPN client and an OpenVPN server, and it works for me for both roles:)

I am using the 1st April snapshot now...

#4 Updated by Chris Buechler about 9 years ago

  • Status changed from Feedback to Closed

I just ran into this on an upgraded older system and I know why it's happening, it's not a bug though. You probably have the line:

tls-auth blah.key

where you need to have:

tls-auth blah.key 1

in your client configuration file.

#5 Updated by Adam Stylinski about 9 years ago

Chris Buechler wrote:

I just ran into this on an upgraded older system and I know why it's happening, it's not a bug though. You probably have the line:

tls-auth blah.key

where you need to have:

tls-auth blah.key 1

in your client configuration file.

Thanks Chris, that's exactly what it was.

Also available in: Atom PDF