Can't connect to server: TLS Error

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
marci_iv
OpenVpn Newbie
Posts: 1
Joined: Fri Sep 17, 2021 10:54 pm

Can't connect to server: TLS Error

Post by marci_iv » Fri Sep 17, 2021 11:10 pm

Hi everyone

I have set up an external OpenVPN Access Server 2.6.1 on Ubuntu 18.04.6 and tried to connect to it via my pfSense box.
I have consulted this guide https://openvpn.net/cloud-docs/using-op ... e-pfsense/ to set up the client (which is very straight forward).

Unfortunately I can not connect to the server due to a TLS error. See below (I removed my IP address by xx):

Code: Select all

2021-09-17 21:38:58+0200 [-] OVPN 0 OUT: 'Fri Sep 17 19:38:58 2021 TCP connection established with [AF_INET]xx.xx.xx.xx:31527'
2021-09-17 21:38:58+0200 [-] OVPN 0 OUT: 'Fri Sep 17 19:38:58 2021 xx.xx.xx.xx:31527 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:31527, sid=137dea90 bb606c0c'
2021-09-17 21:38:58+0200 [-] OVPN 0 OUT: 'Fri Sep 17 19:38:58 2021 xx.xx.xx.xx:31527 Authenticate/Decrypt packet error: packet HMAC authentication failed'
2021-09-17 21:38:58+0200 [-] OVPN 0 OUT: 'Fri Sep 17 19:38:58 2021 xx.xx.xx.xx:31527 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:31527'
2021-09-17 21:38:58+0200 [-] OVPN 0 OUT: 'Fri Sep 17 19:38:58 2021 xx.xx.xx.xx:31527 Fatal TLS error (check_tls_errors_co), restarting'
2021-09-17 21:38:58+0200 [-] OVPN 0 OUT: 'Fri Sep 17 19:38:58 2021 xx.xx.xx.xx:31527 SIGUSR1[soft,tls-error] received, client-instance restarting'
When I searched for possible solutions I actually did not find any referring to the OpenVPN Access Server. This is basically because it has a different conf file (as.conf / config.json instead of server.conf) and all solutions are referring to editing the server.conf file.

Update: I can connect to the server with my iphone where I imported the .ovpn file. I have used the info from this file to create the pfSense client which is still not working...

I would very much appreciate any help or ideas how to proceed.

Thanks, Marci

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 330
Joined: Tue Feb 16, 2021 10:41 am

Re: Can't connect to server: TLS Error

Post by openvpn_inc » Sat Sep 18, 2021 5:55 am

Hello marci_iv,

Please, upgrade that to 2.9.4. Version 2.6.1 is ancient.

Also, the documentation you referenced is for OpenVPN Cloud, not OpenVPN Access Server. But if you look past that it should be a rough guide to getting it to work with Access Server.

And finally you should not try to put open source directives into as.conf - it's totally not meant for that and does not accept openvpn directives at all.

The error message in the log "Authenticate/Decrypt packet error: packet HMAC authentication failed" refers to TLS auth not being properly configured. This is not optional if it's enabled on the server side. Then it must be configured correctly on the client side. If you do this correctly it should be able to connect normally. It's easy when you use a client that accepts .ovpn files. But on pfsense you have to feed the information piece-by-piece, and if any one of the settings you have to feed it are wrong, it won't connect.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply