Bug #458
closed
Openvpn TLS is not working for me
0%
Description
I'm getting the HMAC TLS Authentication error in the server's logs characteristic of a bad static key. I did an md5 hash on both the server file and mine, they match up. The certificates are correct, the CAs have identical md5s, the only conclusion I can come up with is that openvpn is somehow broken. I'm willing to test whatever suggestion you've got, but it seems to have happened after I updated to the 3-28 BETA (although it can have been broken earlier). A traversal of the git revision history for anything openvpn related will probably point to the problem.
Updated by Adam Stylinski over 14 years ago
I should add that the reason I'm not traversing the git branches myself is because I'm not very familiar with git.
Updated by Chris Buechler over 14 years ago
- Status changed from New to Feedback
You're going to have to provide more information on the actual cause. Review the underlying OpenVPN configuration and keys in /var/etc/openvpn/, where is the problem? If it's not readily apparent, increase the logging level.
If you don't know, or can't determine, post to the forum or list.
The version of OpenVPN hasn't changed in months. The code that writes out the config has, but nothing related to this in months that I see. There isn't anything here to go on. See also http://doc.pfsense.org/index.php/Bug_reporting
Updated by Deon George over 14 years ago
FWIW, I use TLS HMAC authentication for pfsense being an OpenVPN client and an OpenVPN server, and it works for me for both roles:)
I am using the 1st April snapshot now...
Updated by Chris Buechler over 14 years ago
- Status changed from Feedback to Closed
I just ran into this on an upgraded older system and I know why it's happening, it's not a bug though. You probably have the line:
tls-auth blah.key
where you need to have:
tls-auth blah.key 1
in your client configuration file.
Updated by Adam Stylinski over 14 years ago
Chris Buechler wrote:
I just ran into this on an upgraded older system and I know why it's happening, it's not a bug though. You probably have the line:
tls-auth blah.key
where you need to have:
tls-auth blah.key 1
in your client configuration file.
Thanks Chris, that's exactly what it was.