TLS Error: cannot locate HMAC in incoming packet

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

TLS Error: cannot locate HMAC in incoming packet

Post by dnilgreb » Mon Jan 17, 2022 10:16 am

Hi,

I am running an OpenVPN 2.5.1 server. It´s running fine, and works as intended. No problems connecting or anything like that.

I have more of a general question on how to handle these messages:

Code: Select all

TLS Error: cannot locate HMAC in incoming packet from [AF_INET] xxx.xxx.xxx.xxx:XXX
The x-s represent an IP address and port. I get about 5 - 10 of these daily in the message log on my OpenVPN server. They are coming from a lots of different IP addresses from all over the world. I assume this is someone trying to connect without a valid certificate?
Should I simply diregard these, or should I take some measures to stop these attempts? Or could it be something else entirely?

User avatar
TinCanTech
Forum Team
Posts: 10716
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS Error: cannot locate HMAC in incoming packet

Post by TinCanTech » Mon Jan 17, 2022 3:10 pm

Ignore it, they are from internet scanners..

dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

Re: TLS Error: cannot locate HMAC in incoming packet

Post by dnilgreb » Tue Jan 18, 2022 6:46 am

is it safe to ignore though? can something be done as a defense?

User avatar
TinCanTech
Forum Team
Posts: 10716
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS Error: cannot locate HMAC in incoming packet

Post by TinCanTech » Tue Jan 18, 2022 4:30 pm

It is safe to ignore, technically, the packet is dropped (although no message to point that out).

Openvpn is doing the best defense already.

dnilgreb
OpenVPN User
Posts: 21
Joined: Fri Mar 04, 2016 12:13 pm

Re: TLS Error: cannot locate HMAC in incoming packet

Post by dnilgreb » Tue Jan 18, 2022 7:06 pm

Ok, thank you for explaining.

User avatar
TinCanTech
Forum Team
Posts: 10716
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS Error: cannot locate HMAC in incoming packet

Post by TinCanTech » Tue Jan 18, 2022 7:11 pm

If you feel like trying something new you could try --tls-crypt or --tls-crypt-v2 keys.

This may help: https://github.com/TinCanTech/easy-tls

Post Reply