I am trying to connect a laptop running Linux Mint to a FreeBSD server running OpenVPN with no luck. I keep seeing TLS errors like this in the server log:
Tue Sep 17 23:14:51 2013 us=127496 Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Sep 17 23:14:51 2013 us=127570 TLS Error: incoming packet authentication failed from [AF_INET] \\my IP number\\
I have tried using TCP instead of UDP, authenticating by password, and various other options, all to no avail. Here is the server config:
daemon
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/server.crt
key /usr/local/etc/openvpn/keys/server.key
dh /usr/local/etc/openvpn/keys/dh2048.pem
server 192.168.100.0 255.255.255.0
tls-server
tls-auth /usr/local/etc/openvpn/keys/ta.key 0 # This file is secret
keepalive 10 120
duplicate-cn
user nobody
group nobody
persist-key
persist-tun
status /var/openvpn-status.log
log-append /var/log/openvpn.log
verb 5
I generated the ca.crt and ca.key files on the server and copied them to the client along with ta.key, after which I created the necessary client certificates.
I am using Gnome Network Manager to configure the OpenVPN client. Not sure where it is writing its settings.
Any thoughts about what might be going wrong here?
TIA
Best Answer
As per @DerfK comment. You need to apply correct
key-direction.Edit your VPN connection in your Network Manager.
Go to VPN tab.
Click Advanced.
Go to TLS Authentication tab
Change the Key Direction (at the bottom) to 1