Packet HMAC authentication failed & TLS Error

Zodor · Post by **Zodor** » Mon Mar 01, 2021 5:16 pm

In our company we have a OpenVPN server V2.4.9 that is working perfect for everyone except me.
My VPN used to work nicely until I replaced my motherboard with an Asus ROG Z490 and then the problem started after reinstalling Windows 10 Pro.

I began receiving the following errors:

Code: Select all

mar 01 5:16:19 PM: AEAD Decrypt error: cipher final failed
mar 01 5:16:19 PM: TLS Error: unknown opcode received from [AF_INET]xx.xx.xx.xx:1194 op=10
mar 01 5:16:19 PM: AEAD Decrypt error: cipher final failed
mar 01 5:16:19 PM: TLS Error: client->client or server->server connection attempted from [AF_INET]xx.xx.xx.xx:1194
mar 01 5:16:19 PM: AEAD Decrypt error: cipher final failed
mar 01 5:16:19 PM: TLS Error: unknown opcode received from [AF_INET]xx.xx.xx.xx:1194 op=11

I have tried both OpenVPN GUI client 11.20.00, and Viscosity 1.9.1 and both generates the same errors.
The connection is usually authenticated and works but degraded and slow. Sometimes it does not work at all.

This is the server config

Code: Select all

proto udp
port 1194
dev tun
topology subnet

server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
route 10.8.0.0 255.255.255.0

ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
tls-crypt ta.key 0

cipher AES-256-CBC
auth SHA256
verb 3

client-config-dir /etc/openvpn/clients

persist-key
persist-tun
keepalive 10 60
user nobody
group nobody

log-append /var/log/openvpn.log
status /var/log/openvpn-status.log
syslog
explicit-exit-notify 1

comp-lzo
push "comp-lzo"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

And this is the client config

Code: Select all

client
dev tun
proto udp

remote example.com 1194
resolv-retry infinite
nobind

user nobody
group nobody
persist-key
persist-tun

remote-cert-tls server
tls-auth ta.key 1
mssfix 1450

cipher AES-256-CBC
auth SHA256
key-direction 1
comp-lzo
verb 3
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-auth>
...
</tls-auth>

I have an Hyper-V client with Ubuntu 18 installed and in that Ubuntu I am running OpenVPN and from the client it works, so a virtualized OpenVPN client in my Windows 10 is working, but not if I run OpenVPN direktly in my windows. This is quite strange. I have tried connecting to other VPN-servern but the same errors keep coming.

TinCanTech · Post by **TinCanTech** » Mon Mar 01, 2021 5:40 pm

Which versions of Openvpn are you using ?

In advance of that, there is a new version for Windows. V2.5.1 Please try that:
https://openvpn.net/community-downloads/

Zodor · Post by **Zodor** » Mon Mar 01, 2021 6:31 pm

I am using: OpenVPN 2.5.0-1601 on the client

Zodor · Post by **Zodor** » Tue Mar 02, 2021 3:07 pm

Installed 2.5.0-1601 and this still is an issue:

Code: Select all

2021-03-02 16:04:34 Authenticate/Decrypt packet error: packet HMAC authentication failed
2021-03-02 16:04:34 Peer tried unsupported key-method 1
2021-03-02 16:04:34 TLS Error: unknown opcode received from [AF_INET]52.29.4.59:1194 op=2
2021-03-02 16:04:35 Authenticate/Decrypt packet error: packet HMAC authentication failed

TinCanTech · Post by **TinCanTech** » Tue Mar 02, 2021 3:32 pm

TinCanTech wrote: ↑
Mon Mar 01, 2021 5:40 pm
there is a new version for Windows. V2.5.1 Please try that

Zodor wrote: ↑
Tue Mar 02, 2021 3:07 pm
Installed 2.5.0-1601 and this still is an issue

OpenVPN Support Forum

Packet HMAC authentication failed & TLS Error

Packet HMAC authentication failed & TLS Error

Re: Packet HMAC authentication failed & TLS Error

Re: Packet HMAC authentication failed & TLS Error

Re: Packet HMAC authentication failed & TLS Error

Re: Packet HMAC authentication failed & TLS Error