OpenVpn working with android client but not Mac client

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
alankellyeire
OpenVpn Newbie
Posts: 6
Joined: Sun Feb 18, 2018 4:17 pm

OpenVpn working with android client but not Mac client

Post by alankellyeire » Sun Feb 18, 2018 4:52 pm

Hey,

I configured Openvpn on a freenas Jail and all works perfect from my android phone using "OpenVPN Connect". I copied all the config files from the phone to my mac computer and i am able to connect but I am unable to access anything on the network or remote and i get the following error.

Code: Select all

2018-02-18 15:53:23 Initialization Sequence Completed
2018-02-18 15:53:23 MANAGEMENT: >STATE:1518969203,CONNECTED,SUCCESS,172.16.8.6, <MY IP>
2018-02-18 15:53:28 *Tunnelblick process-network-changes: A system configuration change was ignored
2018-02-18 15:53:31 Authenticate/Decrypt packet error: packet HMAC authentication failed
The setting on the MAC is the exact same as the one i used for the android so i don't understand why its not working. The only thing i can think of is that I'm using "tunnelblick" on the Mac and I'm using the "OpenVPN Connect".

Could anyone suggest another Openvpn client for MAC other than tunnelblick??

here is the relevant server/ client data.

server

Operating system:

Code: Select all

root@OPENVPN:/ # uname -a                                                       
FreeBSD OPENVPN 11.1-STABLE FreeBSD 11.1-STABLE #0 r321665+4bd3ee42941(freenas/1
1.1-stable): Thu Jan 18 15:45:01 UTC 2018     root@gauntlet:/freenas-11-releng/f
reenas/_BE/objs/freenas-11-releng/freenas/_BE/os/sys/FreeNAS.amd64  amd64 
Openvpn version

Code: Select all

root@OPENVPN:/ # openvpn --version                                              
OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] 
[AEAD] built on Jan 20 2018
server config
[oconf]port 55879
proto udp
dev tun
ca /mnt/keys/ca.crt
cert /mnt/keys/openvpn-server.crt #Server public key
key /mnt/keys/openvpn-server.key #Server private key
dh /mnt/keys/dh.pem #Diffie-Hellman parameters
server 172.16.8.0 255.255.255.0 #Purple network
ifconfig-pool-persist /mnt/keys/ipp.txt
push "route 192.168.0.0 255.255.255.0" #Yellow network
#tls-auth /mnt/keys/ta.key 0
#crl-verify /mnt/keys/crl.pem
keepalive 10 120
cipher AES-256-CBC
auth SHA256
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3 [/oconf]

server log

Code: Select all

[root@OPENVPN /]# openvpn --config /mnt/keys/openvpn.conf
Sun Feb 18 16:40:38 2018 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 20 2018
Sun Feb 18 16:40:38 2018 library versions: OpenSSL 1.0.2j-freebsd  26 Sep 2016, LZO 2.10
Sun Feb 18 16:40:38 2018 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Sun Feb 18 16:40:38 2018 Diffie-Hellman initialized with 2048 bit key
Sun Feb 18 16:40:38 2018 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=epair0b HWADDR=22:ea:89:0f:47:74
Sun Feb 18 16:40:38 2018 TUN/TAP device /dev/tun0 opened
Sun Feb 18 16:40:38 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Feb 18 16:40:38 2018 /sbin/ifconfig tun0 172.16.8.1 172.16.8.2 mtu 1500 netmask 255.255.255.255 up
Sun Feb 18 16:40:38 2018 /sbin/route add -net 172.16.8.0 172.16.8.2 255.255.255.0
add net 172.16.8.0: gateway 172.16.8.2
Sun Feb 18 16:40:38 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Sun Feb 18 16:40:38 2018 Socket Buffers: R=[42080->42080] S=[9216->9216]
Sun Feb 18 16:40:38 2018 setsockopt(IPV6_V6ONLY=0)
Sun Feb 18 16:40:38 2018 UDPv6 link local (bound): [AF_INET6][undef]:55879
Sun Feb 18 16:40:38 2018 UDPv6 link remote: [AF_UNSPEC]
Sun Feb 18 16:40:38 2018 GID set to nobody
Sun Feb 18 16:40:38 2018 UID set to nobody
Sun Feb 18 16:40:38 2018 MULTI: multi_init called, r=256 v=256
Sun Feb 18 16:40:38 2018 IFCONFIG POOL: base=172.16.8.4 size=62, ipv6=0
Sun Feb 18 16:40:38 2018 ifconfig_pool_read(), in='alan.kelly,172.16.8.4', TODO: IPv6
Sun Feb 18 16:40:38 2018 succeeded -> ifconfig_pool_set()
Sun Feb 18 16:40:38 2018 IFCONFIG POOL LIST
Sun Feb 18 16:40:38 2018 alan.kelly,172.16.8.4
Sun Feb 18 16:40:38 2018 Initialization Sequence Completed
Sun Feb 18 16:41:10 2018 <MyClientIP> TLS: Initial packet from [AF_INET6]::ffff:<MyClientIP>:57477, sid=460d5f05 4492cd36
Sun Feb 18 16:41:11 2018 <MyClientIP> VERIFY OK: depth=1, CN=OpenVPN
Sun Feb 18 16:41:11 2018 <MyClientIP> VERIFY OK: depth=0, CN=alan.kelly
Sun Feb 18 16:41:12 2018 <MyClientIP> peer info: IV_VER=2.3.18
Sun Feb 18 16:41:12 2018 <MyClientIP> peer info: IV_PLAT=mac
Sun Feb 18 16:41:12 2018 <MyClientIP> peer info: IV_PROTO=2
Sun Feb 18 16:41:12 2018 <MyClientIP> peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_4921_3.7.4b__build_4921)"
Sun Feb 18 16:41:12 2018 <MyClientIP> WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1558'
Sun Feb 18 16:41:12 2018 <MyClientIP> WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
Sun Feb 18 16:41:12 2018 <MyClientIP> Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 18 16:41:12 2018 <MyClientIP> Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Feb 18 16:41:12 2018 <MyClientIP> Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Feb 18 16:41:12 2018 <MyClientIP> Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
Sun Feb 18 16:41:13 2018 <MyClientIP> Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Feb 18 16:41:13 2018 <MyClientIP> [alan.kelly] Peer Connection Initiated with [AF_INET6]::ffff:<MyClientIP>:57477
Sun Feb 18 16:41:13 2018 alan.kelly/<MyClientIP> MULTI_sva: pool returned IPv4=172.16.8.6, IPv6=(Not enabled)
Sun Feb 18 16:41:13 2018 alan.kelly/<MyClientIP> MULTI: Learn: 172.16.8.6 -> alan.kelly/<MyClientIP>
Sun Feb 18 16:41:13 2018 alan.kelly/<MyClientIP> MULTI: primary virtual IP for alan.kelly/<MyClientIP>: 172.16.8.6
Sun Feb 18 16:41:15 2018 alan.kelly/<MyClientIP> PUSH: Received control message: 'PUSH_REQUEST'
Sun Feb 18 16:41:15 2018 alan.kelly/<MyClientIP> SENT CONTROL [alan.kelly]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 172.16.8.1,topology net30,ping 10,ping-restart 120,ifconfig 172.16.8.6 172.16.8.5,peer-id 0' (status=1)
Sun Feb 18 16:41:21 2018 alan.kelly/<MyClientIP> Authenticate/Decrypt packet error: packet HMAC authentication failed
Sun Feb 18 16:41:21 2018 alan.kelly/<MyClientIP> Authenticate/Decrypt packet error: packet HMAC authentication failed
Sun Feb 18 16:41:21 2018 alan.kelly/<MyClientIP> Authenticate/Decrypt packet error: packet HMAC authentication failed
Sun Feb 18 16:41:21 2018 alan.kelly/<MyClientIP> Authenticate/Decrypt packet error: packet HMAC authentication failed
Sun Feb 18 16:41:21 2018 alan.kelly/<MyClientIP> Authenticate/Decrypt packet error: packet HMAC authentication failed
Client
OS

Code: Select all

Mac OS X 10.12.6
Client App

Code: Select all

TunnelBlick 3.7.4b
client config
[oconf]client
dev tun
proto udp
remote <myIP> 993
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert alan.kelly.crt
key alan.kelly.key
remote-cert-tls server
cipher AES-256-CBC
#tls-auth ta.key 1
dhcp-option DNS 192.168.0.1
redirect-gateway def1
comp-lzo
verb 3[/oconf]

client log

Code: Select all

2018-02-18 15:53:23 Initialization Sequence Completed
2018-02-18 15:53:23 MANAGEMENT: >STATE:1518969203,CONNECTED,SUCCESS,172.16.8.6,<MyServerIP>
2018-02-18 15:53:28 *Tunnelblick process-network-changes: A system configuration change was ignored
2018-02-18 15:53:31 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:53:40 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:53:51 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:54:01 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:54:03 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's name after connecting.
2018-02-18 15:54:04 *Tunnelblick process-network-changes: A system configuration change was ignored
2018-02-18 15:54:11 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:54:20 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:54:31 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:54:38 *Tunnelblick: After 30.0 seconds, gave up trying to fetch IP address information using the ipInfo host's IP address after connecting.
2018-02-18 15:54:41 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:54:51 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:55:01 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:55:04 *Tunnelblick process-network-changes: A system configuration change was ignored
2018-02-18 15:55:11 Authenticate/Decrypt packet error: packet HMAC authentication failed
2018-02-18 15:55:20 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thanks for any help.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVpn working with android client but not Mac client

Post by TinCanTech » Sun Feb 18, 2018 8:49 pm

Complete logs @ verb 4 please.

alankellyeire
OpenVpn Newbie
Posts: 6
Joined: Sun Feb 18, 2018 4:17 pm

Re: OpenVpn working with android client but not Mac client

Post by alankellyeire » Mon Feb 19, 2018 4:09 pm

TinCanTech wrote:
Sun Feb 18, 2018 8:49 pm
Complete logs @ verb 4 please.
Hey,

I managed to diagnose and fix the problem after reading thru the log file at verbose 4.

Issue was

Code: Select all

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1558'
WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
Strangely enough i get the same error as above on my phone after connecting but it doesn't stop me accessing anything on the vpn network or remote

to fix the sissue i just added the code below to the client.opvn file

Code: Select all

auth SHA256
thanks for the help.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVpn working with android client but not Mac client

Post by TinCanTech » Mon Feb 19, 2018 4:17 pm

The link-mtu are known problems .. but nobody has worked on a solution yet.

Post Reply