static_key_parse_error

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
fperloff
OpenVpn Newbie
Posts: 5
Joined: Sun Jul 23, 2017 1:45 am

static_key_parse_error

Post by fperloff » Mon Sep 04, 2017 9:45 pm

Hello-
I have Windows, OSX, and Android clients connecting to my VPN server. My iOS connected successfully, until I added tls-auth to my server.config. Now the iOS client throws an error: "static_key_parse_error."

iOS ver 10.3.3
OpenVPN 2.3.10
Ubuntu 16.04.3 LTS

Here's the client .ovpn, server.conf and error log:
iOS client
<ca>
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
</ca>

<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 11 (0xb)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=, L=, O=, OU=, CN= CA/name=/emailAddress=
Validity
Not Before: Sep 4 20:54:50 2017 GMT
Not After : Sep 2 20:54:50 2027 GMT
Subject: C=, ST=, L=, O=, OU=, CN=/name=/emailAddress=
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
......
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
......
X509v3 Authority Key Identifier:
keyid:......
DirName:/C=/ST=/L=/O=/OU=/CN= CA/name=/emailAddress=
serial:

X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:
Signature Algorithm: sha256WithRSAEncryption
......
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
......
-----END PRIVATE KEY-----
</key>
key-direction 1

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
.....
-----END OpenVPN Static key V1-----
</tls-auth>

remote http://www.xxx.yyy.zzz 1194
comp-lzo
client
dev tun
redirect-gateway def1

remote-cert-tls server
cipher AES-128-CBC
auth SHA256

proto udp
resolv-retry infinite
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Set log file verbosity.
verb 4
mute 20
The server.conf:
server
# /etc/openvpn/server.conf
port 1194
proto udp
dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh4096.pem
tls-auth /etc/openvpn/keys/ta.key 0
key-direction 0


cipher AES-128-CBC
auth SHA256

server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

ifconfig-pool-persist ipp.txt
keepalive 10 120

comp-lzo

persist-key
persist-tun

status openvpn-status.log
verb 4

user nobody
group nogroup
and the error log:
Error log
2017-09-04 14:00:41 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-09-04 14:00:41 Frame=512/2048/512 mssfix-ctrl=1250
2017-09-04 14:00:41 EVENT: CORE_ERROR static_key_parse_error [ERR]
2017-09-04 14:00:41 Raw stats on disconnect:
2017-09-04 14:00:41 Performance stats on disconnect:
CPU usage (microseconds): 11555
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2017-09-04 14:00:41 EVENT: DISCONNECT_PENDING
2017-09-04 14:00:41 ----- OpenVPN Stop -----
Thanks for any insight.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: static_key_parse_error

Post by TinCanTech » Tue Sep 05, 2017 12:45 pm

The error suggests your static tls-auth key has been pasted into the file incorrectly ..

Try pasting your client config using CODE block so we can see your tls-auth key
(which you can easily replace with a new one subsequently)

*** Do NOT include your CA, client cert or client key data ***

fperloff
OpenVpn Newbie
Posts: 5
Joined: Sun Jul 23, 2017 1:45 am

Re: static_key_parse_error

Post by fperloff » Tue Sep 05, 2017 11:00 pm

Thank you. Here's the tls-auth key:

Code: Select all

<tls-auth>
 -----BEGIN OpenVPN Static key V1-----
c663e25ceba3cd84dfbed97fe702ce53
c24af80719a7a2a3f0ee885c5ca892d3
10e71159b6ff6d17effb2109eb27711b
f7b3b7e75c7f04e52eda232818da1a34
e94900006969ee78f45bda2ac710bef8
f1069f2dc00227473edc1f0913704c5f
2f46efd399cf04e703e6ccd9041ddbda
1aa445525b9e7a333fd54b9b6ed2c505
d502374a48a8b10d3c85835ff306e8d6
5a7c92cd1c925c8e10e090b583916800
c284fc8589c04db052543453b71e4702
2a70a02e4e9c977080e7744b77624d00
dc82284fa4d22e1ede47ebb418249b87
160348f7a6b0658c6ebb4e9080f69114
6aebe1fae504f35e68639788277b2c7f
c0b3a9a3e20f348eb2d157349cfe2e40
-----END OpenVPN Static key V1-----
</tls-auth>

Post Reply