random packet HMAC authentication failed

Use this forum to share your network setup and what's been working for you.
Post Reply
OpenVpn Newbie
Posts: 2
Joined: Wed Dec 05, 2018 4:14 pm

random packet HMAC authentication failed

Post by dnguyen76 » Wed Dec 05, 2018 8:28 pm


I am running an OpenVPN 2.3.12 network with TCP protocol and 443 port to mimic https stream

After connection, I have random packet HMAC authentication failed every 2 or 3 minutes when receiving from Raspbian openvpn client thru a firewall . After each software reset the Raspbian client succeed to reconnect but again 2 or 3 minutes later another packet HMAC authentication failure occurs.

This firewall is filtering https url so i suspect my problem is coming from it.

( The openvpn server is running in a Raspberry 3 and working well with others clients ( Windows, Android) but another network without firewall in this case)

Is anybody an idea how to correct these random packet HMAC authentication failures ? :)


The messages from openvpn are:
14:43:30 2018 us=538741 xx.xx.xx.xx:42807 TCPv4_SERVER READ [142] from [AF_INET]xx.xx.xx.xx:42807: P_CONTROL_V1 kid=0 pid=[ #43 ] [ ] pid=7 DATA len=100
14:43:30 2018 us=538782 xx.xx.xx.xx:42807 Authenticate/Decrypt packet error: packet HMAC authentication failed
14:43:30 2018 us=538821 xx.xx.xx.xx:42807 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:42807
14:43:30 2018 us=538878 xx.xx.xx.xx:42807 ACK reliable_can_send active=0 current=0 : [38]
14:43:30 2018 us=538929 xx.xx.xx.xx:42807 ACK reliable_send_timeout 604800 [38]
14:43:30 2018 us=538961 xx.xx.xx.xx:42807 Fatal TLS error (check_tls_errors_co), restarting
14:43:30 2018 us=538993 xx.xx.xx.xx:42807 SIGUSR1[soft,tls-error] received, client-instance restarting

User avatar
Forum Team
Posts: 9251
Joined: Fri Jun 03, 2016 1:17 pm

Re: random packet HMAC authentication failed

Post by TinCanTech » Wed Dec 05, 2018 11:13 pm

dnguyen76 wrote:
Wed Dec 05, 2018 8:28 pm
I am running an OpenVPN 2.3.12
You must be the last person ever to be still using that .. :shock:

Post Reply