OpenVPN connects despite wrong ta.key

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Hamsterman
OpenVpn Newbie
Posts: 2
Joined: Tue Oct 10, 2017 6:38 pm

OpenVPN connects despite wrong ta.key

Post by Hamsterman » Tue Oct 10, 2017 7:14 pm

Hi,

I discovered a problem with my server. Im running OpenVPN 2.4.4 on a windows server machine. I accidentially put a wrong ta.key file on a client's machine but it connected without any problems and/or warnings. Is there some misconfiguration on the server or client for tls-auth? Thanks in advance for help.

Greetings Hans

Server Config

port 25698

proto tcp

dev tun

ca "C:\\Program Files\\OpenVPN\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\keys\\server.crt"
key "C:\\Program Files\\OpenVPN\\keys\\server.key"

dh "C:\\Program Files\\OpenVPN\\keys\\dh.pem"

server 10.6.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt


push "route 192.168.0.0 255.255.255.0"


keepalive 10 120

tls-auth "C:\\Program Files\\OpenVPN\\keys\\ta.key" 0


cipher AES-256-CBC

comp-lzo

max-clients 4

persist-key
persist-tun

status openvpn-status.log

verb 3

mute 60



Client Config


client

dev tun

proto tcp

remote xxx.xxx 25698

resolv-retry infinite

nobind

persist-key
persist-tun

ca "C:\\OpenVPN\\ca.crt"
cert "C:\\OpenVPN\\client.crt"
key "C:\\OpenVPN\\client.key"

remote-cert-tls server

tls-auth "C:\\OpenVPN\\ta.key" 1

cipher AES-256-CBC

comp-lzo

verb 3

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN connects despite wrong ta.key

Post by TinCanTech » Tue Oct 10, 2017 7:49 pm

Perhaps your logs have an answer ..

Hamsterman
OpenVpn Newbie
Posts: 2
Joined: Tue Oct 10, 2017 6:38 pm

Re: OpenVPN connects despite wrong ta.key

Post by Hamsterman » Wed Oct 11, 2017 3:49 pm

Hi, thanks for your effort. I switched to tls-crypt and the problem is now gone.

Post Reply