Upgrade to OpenVPN 1.2.5 (iOS): tls-auth not working

[anatoli]

Hi,

Just after upgrading to 1.2.5, I can't connect to my server any more. On the iPhone the app tries to connect as if there's no internet, on the server I see:

Tue Jan 9 03:18:19 2018 TLS Error: incoming packet authentication failed from [AF_INET]xxx:yyy
Tue Jan 9 03:18:20 2018 Authenticate/Decrypt packet error: packet HMAC authentication failed

I tried to re-deploy the config again (xxx.ovpn), same problem.

[ordex]

Is this the client or the server log? IS it possible to have both?
Could you please also post both configurations (please omit private information such as keys, etc).

[anatoli]

The log from server (OpenVPN community 2.3.17) every second while iPhone tries to connect:

Code: Select all

Tue Jan  9 04:23:33 2018 Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Jan  9 04:23:33 2018 TLS Error: incoming packet authentication failed from [AF_INET]xx:yy

The log from the client with OpenVPN Connect 1.2.5 on iPhone 6S with iOS 11.2.1:

Code: Select all

2018-01-09 04:23:29 Server poll timeout, trying next remote entry...
2018-01-09 04:23:29 EVENT: RECONNECTING
2018-01-09 04:23:29 Contacting [xx]:yy/UDP via UDP
2018-01-09 04:23:29 EVENT: WAIT
2018-01-09 04:23:29 Connecting to [xx]:yy (xx) via UDPv4
2018-01-09 04:23:34 EVENT: DISCONNECTED

Server config:

Code: Select all

local xx
lport yy

dev tun

mode server

topology subnet
push "topology subnet"

tun-mtu 1500
ifconfig xx yy

ifconfig-pool xx yy

fast-io

push "route-gateway xx"
push "redirect-gateway def1 autolocal bypass-dhcp"

push "dhcp-option DNS xx"

client-config-dir client_cfg

user xx
group yy
chroot /zz

script-security 2

tls-server

tls-auth keys/xx

tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
cipher AES-256-CBC
auth SHA512

dh keys/xx

ca keys/xx
cert keys/yy
key keys/zz

crl-verify crl 'dir'

remote-cert-ku a0
remote-cert-eku "TLS Web Client Authentication"
verify-x509-name xx name-prefix


comp-lzo

ping 5
push "ping 5"
push "ping-restart 15"

persist-tun
persist-key
push "persist-key"

push "explicit-exit-notify"

Client config:

Code: Select all

remote xx

resolv-retry infinite

server-poll-timeout 5

nobind

dev tun

tun-mtu 1500

allow-pull-fqdn
pull



tls-client

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
xxx
-----END OpenVPN Static key V1-----
</tls-auth>

tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
cipher AES-256-CBC
auth SHA512

<key>
-----BEGIN PRIVATE KEY-----
xxx
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>

remote-cert-tls server
verify-x509-name xx name

comp-lzo

[anatoli]

ordex, could you please confirm you can reproduce the error? The problem is starting to affect the users as, despite the warning not to update the app, most of them have autoupdate turned on.

Maybe you could publish the previous (1.1.1) version as a new version for the moment so everything is back again?

[ordex]

ordex, could you please confirm you can reproduce the error? The problem is starting to affect the users as, despite the warning not to update the app, most of them have autoupdate turned on.

we have tested tls-auth and tis-crypt and they both work as expected.
The log message you reported from the server is printed *after* the tis-auth/crypt mechanism has already performed its check.
You could try verifying this by temporary disabling tis-auth and see if the error is still the same.

Actually this error is more related to the authentication of the packets performed with SHA512 in your case.
Is it possible for you to temporary comment that line on client and server and see if the error persists? That would help understanding where the problem is.

Maybe you could publish the previous (1.1.1) version as a new version for the moment so everything is back again?

Unfortunately the AppStore does not allow that. That why we are striving to collect as much information as possible and fix the bugs.

[ahx-fos]

Unfortunately the AppStore does not allow that. That why we are striving to collect as much information as possible and fix the bugs.

This isn't good enough.

Applications can _absolutely_ be pulled. You need to pull this application; re-submit the previous version with an incremental version release and put back a working version until you can fix the absolute piss up that is 1.2.5.

[ordex]

ordex, could you please confirm you can reproduce the error? The problem is starting to affect the users as, despite the warning not to update the app, most of them have autoupdate turned on.

we have tested tls-auth and tis-crypt and they both work as expected.
The log message you reported from the server is printed *after* the tis-auth/crypt mechanism has already performed its check.
You could try verifying this by temporary disabling tis-auth and see if the error is still the same.

Actually this error is more related to the authentication of the packets performed with SHA512 in your case.
Is it possible for you to temporary comment that line on client and server and see if the error persists? That would help understanding where the problem is.

After digging deeper, it seems this might be related to tls-auth. Would it be possible for you to re-test without "auth SHA512" in the configuration?

Thanks a lot

[anatoli]

I only have this setup at production, I'll make the tests today COB.

[Tg92]

Hi,

I have exactly the same trouble.

server side (ipfire with OpenSSL 1.0.2n)

Code: Select all

18:56:09	openvpnserver[25602]: 	x.x.x.x:55555 Fatal TLS error (check_tls_errors_co), restarting
18:56:09	openvpnserver[25602]: 	x.x.x.x:55555 TLS Error: incoming packet authentication failed from [AF_INET ]x.x.x.x:55555
18:56:09	openvpnserver[25602]: 	x.x.x.x:55555 Authenticate/Decrypt packet error: packet HMAC authentication failed
18:56:09	openvpnserver[25602]: 	TCP connection established with [AF_INET]x.x.x.x:55555

client side

Code: Select all

2018-01-09 18:56:09 EVENT: RESOLVE
2018-01-09 18:56:09 Contacting [y.y.y.y]::1234 /TCP via TCP
2018-01-09 18:56:09 EVENT: WAIT
2018-01-09 18:56:09 Connecting to [y.y.y.y]:1234 (y.y.y.y) via TCPv4
2018-01-09 18:56:09 TCP recv EOF
2018-01-09 18:56:09 Transport Error: Transport error on 'y.y.y.y: NETWORK_EOF_ERROR
2018-01-09 18:56:09 EVENT: TRANSPORT_ERROR Transport error on 'y.y.y.y: NETWORK_EOF_ERROR [ERR]
2018-01-09 18:56:09 Client terminated, restarting in 5000 ms...

my server is still working fine with another device with the openVPN 1.2.4

can you help me?

Thank you

[ordex]

Hi,

I have exactly the same trouble.

server side (ipfire with OpenSSL 1.0.2n)

Code: Select all

18:56:09	openvpnserver[25602]: 	x.x.x.x:55555 Fatal TLS error (check_tls_errors_co), restarting
18:56:09	openvpnserver[25602]: 	x.x.x.x:55555 TLS Error: incoming packet authentication failed from [AF_INET ]x.x.x.x:55555
18:56:09	openvpnserver[25602]: 	x.x.x.x:55555 Authenticate/Decrypt packet error: packet HMAC authentication failed
18:56:09	openvpnserver[25602]: 	TCP connection established with [AF_INET]x.x.x.x:55555

client side

Code: Select all

2018-01-09 18:56:09 EVENT: RESOLVE
2018-01-09 18:56:09 Contacting [y.y.y.y]::1234 /TCP via TCP
2018-01-09 18:56:09 EVENT: WAIT
2018-01-09 18:56:09 Connecting to [y.y.y.y]:1234 (y.y.y.y) via TCPv4
2018-01-09 18:56:09 TCP recv EOF
2018-01-09 18:56:09 Transport Error: Transport error on 'y.y.y.y: NETWORK_EOF_ERROR
2018-01-09 18:56:09 EVENT: TRANSPORT_ERROR Transport error on 'y.y.y.y: NETWORK_EOF_ERROR [ERR]
2018-01-09 18:56:09 Client terminated, restarting in 5000 ms...

my server is still working fine with another device with the openVPN 1.2.4

can you help me?

Thank you

I guess you mean v1.1.1? The app that was in AppStore earlier?

By the way, could you please post the client config? thanks

[Tg92]

yes version 1.1.1

I can complete my client log with

Code: Select all

OpenVPN core 3.1.2 ios arm64 64-bit built on Jan  5 2018 23:09:59
2018-01-09 19:22:56 Keychain Cert Extraction: 1 certificate(s) found
2018-01-09 19:22:56 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-09 19:22:56 UNUSED OPTIONS
0 [tls-client] 
2 [nobind] 
9 [verb] [3] 
13 [verify-x509-name] [a.mydomain.com] [name] 

client config

Code: Select all

#OpenVPN Client conf
tls-client
client
nobind
dev tun
proto tcp
tun-mtu 1400
remote a.mydomain.com 1234
cipher AES-256-CBC
auth SHA256
verb 3
ns-cert-type server
redirect-gateway def1
tls-remote a.mydomain.com
verify-x509-name a.mydomain.com name
#mssfix ##optional!

[Tg92]

I am a suggestion for the trouble

with a windows connection which is working, I have

Code: Select all

ultrahp/x.x.x.x:55555 TCPv4_SERVER READ [96] from [AF_INET]x.x.x.x:55555 : P_CONTROL_V1 kid=0 COUIC_CONFIDENTIAL
ultrahp/x.x.x.x:55555 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]192 .168.2.2:55555

and with my ios I have :

Code: Select all

x.x.x.x:55555 TCPv4_SERVER READ [54] from [AF_INET]x.x.x.x:55555: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 COUIC_CONFIDENTIAL
x.x.x.x:55555 TLS: control channel, op=P_CONTROL_HARD_RESET_CLIENT_V2, IP=[A F_INET]x.x.x.x:55555

it looks like it is not the right authentication type P_CONTROL_V1 vs P_CONTROL_HARD_RESET_CLIENT_V2
in openvpn/ssl.h

Code: Select all

/* packet opcodes -- the V1 is intended to allow protocol changes in the future */
#define P_CONTROL_HARD_RESET_CLIENT_V1 1     /* initial key from client, forget previous state */
#define P_CONTROL_HARD_RESET_SERVER_V1 2     /* initial key from server, forget previous state */
#define P_CONTROL_SOFT_RESET_V1        3     /* new key, graceful transition from old to new key */
#define P_CONTROL_V1                   4     /* control channel packet (usually TLS ciphertext) */
#define P_ACK_V1                       5     /* acknowledgement for packets received */
#define P_DATA_V1                      6     /* data channel packet */
#define P_DATA_V2                      9     /* data channel packet with peer-id */

/* indicates key_method >= 2 */
#define P_CONTROL_HARD_RESET_CLIENT_V2 7     /* initial key from client, forget previous state */
#define P_CONTROL_HARD_RESET_SERVER_V2 8 /* initial key from server, forget previous state */

how can we define it in the client config?

[ordex]

yes version 1.1.1

I can complete my client log with

Code: Select all

OpenVPN core 3.1.2 ios arm64 64-bit built on Jan  5 2018 23:09:59
2018-01-09 19:22:56 Keychain Cert Extraction: 1 certificate(s) found
2018-01-09 19:22:56 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-09 19:22:56 UNUSED OPTIONS
0 [tls-client] 
2 [nobind] 
9 [verb] [3] 
13 [verify-x509-name] [a.mydomain.com] [name] 

client config

Code: Select all

#OpenVPN Client conf
tls-client
client
nobind
dev tun
proto tcp
tun-mtu 1400
remote a.mydomain.com 1234
cipher AES-256-CBC
auth SHA256
verb 3
ns-cert-type server
redirect-gateway def1
tls-remote a.mydomain.com
verify-x509-name a.mydomain.com name
#mssfix ##optional!

do you have tls-auth or tls-crypt enabled on the server?

[ordex]

how can we define it in the client config?

This is not correct. The HARD_RESET_V2 is sent also by the iOS client. This is essential for the protocol to work and it is sent also when no tls-auth/crypt is used. You can see it when dumping the traffic with tcpdump/wireshark if you are curious.

[peter_sm]

I got my server working with latest version of the app. I think the key was to move from tls-auto to tls-crypt

PLEASE, if you see any bad or missing settings feel free to let me know


Server config

Code: Select all

server 10.33.0.0 255.255.255.0
local 192.168.0.190
dev tun
port 1199
proto udp
dh /mnt/disks/SSD1/appdata/myVPNserver_rsa/dh.pem
ca /mnt/disks/SSD1/appdata/myVPNserver_rsa/ca.crt
cert /mnt/disks/SSD1/appdata/myVPNserver_rsa/server.crt
key /mnt/disks/SSD1/appdata/myVPNserver_rsa/server.key
push "dhcp-option DNS 192.168.0.1"
tls-server
verb 3
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
tls-crypt /mnt/disks/SSD1/appdata/myVPNserver_rsa/ta.key
persist-key
persist-tun
keepalive 10 120
user nobody
group users
cipher AES-256-GCM
ncp-disable
auth sha512
comp-lzo adaptive
push "route 192.168.0.0 255.255.255.0"
push "resolv-retry infinite"
status /var/log/openvpnserver-status.log 5
log-append /var/log/openvpnserver.log
status-version 2
explicit-exit-notify 0
remote-cert-tls client
remote-cert-eku "TLS Web Client Authentication"

Client

Code: Select all

remote my.vpnserver.com
tls-client
cipher AES-256-GCM
tls-version-min 1.2
auth sha512
client
dev tun
proto udp
port 1199
nobind
persist-key
persist-tun
resolv-retry infinite
comp-lzo adaptive
verb 3
remote-cert-tls server
remote-cert-eku "TLS Web Server Authentication"
route-delay 2

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>

Log

Code: Select all

2018-01-10 06:42:19 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Jan  5 2018 23:09:59
2018-01-10 06:42:19 Frame=512/2048/512 mssfix-ctrl=1250
2018-01-10 06:42:19 UNUSED OPTIONS
1 [tls-client] 
9 [nobind] 
10 [persist-key] 
11 [persist-tun] 
12 [resolv-retry] [infinite] 
14 [verb] [3] 
17 [route-delay] [2] 

2018-01-10 06:42:19 EVENT: RESOLVE
2018-01-10 06:42:19 Contacting [yy.yyy.yyy.yyy]:1199/UDP via UDP
2018-01-10 06:42:19 EVENT: WAIT
2018-01-10 06:42:19 Connecting to [xxx.xxx.com]:1199 (yy.yyy.yyy.yyy) via UDPv4
2018-01-10 06:42:19 EVENT: CONNECTING
2018-01-10 06:42:19 Tunnel Options:V4,dev-type tun,link-mtu 1522,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth SHA512,keysize 256,key-method 2,tls-client
2018-01-10 06:42:19 Creds: UsernameEmpty/PasswordEmpty
2018-01-10 06:42:19 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.2.5-1
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2018-01-10 06:42:19 VERIFY OK : depth=1
cert. version    : 3
serial number    : A6:8E:1D:AD:5B:E2:A0:D1
issuer name      : CN=Easy-RSA CA
subject name      : CN=Easy-RSA CA
issued  on        : 2018-01-09 17:25:06
expires on        : 2028-01-07 17:25:06
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2018-01-10 06:42:19 VERIFY OK : depth=0
cert. version    : 3
serial number    : 91:9F:27:18:FE:5E:3F:EC:48:4F:84:7E:00:FF:0F:F6
issuer name      : CN=Easy-RSA CA
subject name      : CN=server
issued  on        : 2018-01-09 17:25:07
expires on        : 2028-01-07 17:25:07
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2018-01-10 06:42:19 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2018-01-10 06:42:19 Session is ACTIVE
2018-01-10 06:42:19 EVENT: GET_CONFIG
2018-01-10 06:42:19 Sending PUSH_REQUEST to server...
2018-01-10 06:42:19 OPTIONS:
0 [dhcp-option] [DNS] [192.168.0.1] 
1 [route] [192.168.0.0] [255.255.255.0] 
2 [resolv-retry] [infinite] 
3 [route] [10.33.0.1] 
4 [topology] [net30] 
5 [ping] [10] 
6 [ping-restart] [120] 
7 [ifconfig] [10.33.0.6] [10.33.0.5] 
8 [peer-id] [0] 

2018-01-10 06:42:19 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: SHA512
  compress: LZO
  peer ID: 0
2018-01-10 06:42:19 EVENT: ASSIGN_IP
2018-01-10 06:42:19 NIP: preparing TUN network settings
2018-01-10 06:42:19 NIP: init TUN network settings with endpoint: yy.yyy.yyy.yyy
2018-01-10 06:42:19 NIP: adding IPv4 address to network settings 10.33.0.6/255.255.255.252
2018-01-10 06:42:19 NIP: adding (included) IPv4 route 192.168.0.0/24
2018-01-10 06:42:19 NIP: adding (included) IPv4 route 10.33.0.1/32
2018-01-10 06:42:19 NIP: adding DNS 192.168.0.1
2018-01-10 06:42:19 NIP: adding search domain 
2018-01-10 06:42:19 Connected via NetworkExtensionTUN
2018-01-10 06:42:19 LZO-ASYM init swap=0 asym=0
2018-01-10 06:42:19 EVENT: CONNECTED @xxx.xxx.com:1199 (yy.yyy.yy.yyy) via /UDPv4 on NetworkExtensionTUN/10.33.0.6/ gw=[/]

[Tg92]

do you have tls-auth or tls-crypt enabled on the server?

I have a tls-auth. This is my configuration server.

Code: Select all

#OpenVPN Server conf
daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare OpenVPN for listening on blue and orange
;local a.myDomain.name
dev tun
proto tcp
port 1234
script-security 3 system
ifconfig-pool-persist /path/leases.db 3600
client-config-dir /another/Path
tls-server
ca /path/cacert.pem
cert /path/servercert.pem
key /path/serverkey.pem
dh /path/dh1024.pem
server x.x.x.x 255.255.255.0
tun-mtu 1500
mtu-disc maybe
keepalive 15 47
status-version 1
status /path/log.log 30
cipher AES-256-CBC
auth SHA256
tls-auth /path/ta.key
push "redirect-gateway def1"
push "dhcp-option DNS y.y.y.y"
max-clients 100
tls-verify /path/verify
crl-verify /path/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3

[ordex]

do you have tls-auth or tls-crypt enabled on the server?

I have a tls-auth. This is my configuration server.

Code: Select all

#OpenVPN Server conf
daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare OpenVPN for listening on blue and orange
;local a.myDomain.name
dev tun
proto tcp
port 1234
script-security 3 system
ifconfig-pool-persist /path/leases.db 3600
client-config-dir /another/Path
tls-server
ca /path/cacert.pem
cert /path/servercert.pem
key /path/serverkey.pem
dh /path/dh1024.pem
server x.x.x.x 255.255.255.0
tun-mtu 1500
mtu-disc maybe
keepalive 15 47
status-version 1
status /path/log.log 30
cipher AES-256-CBC
auth SHA256
tls-auth /path/ta.key
push "redirect-gateway def1"
push "dhcp-option DNS y.y.y.y"
max-clients 100
tls-verify /path/verify
crl-verify /path/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3

but then you have no tls-auth option in the client config (at least looking at the configuration you posted before)

[anatoli]

OK, done the tests...

With 'auth SHA512' removed both on server and client nothing improves, same problem.

If 'tls-auth' is removed from both server and client, the connection is immediately established.

[ordex]

OK, done the tests...

With 'auth SHA512' removed both on server and client nothing improves, same problem.

If 'tls-auth' is removed from both server and client, the connection is immediately established.

Thanks for testing, this was very helpful. I am adding it to the internal ticket.
In the meantime, as peter_sm said, you can use tls-crypt instead of tls-auth as workaround (assuming that all your clients support it).

[anatoli]

ordex, thanks for the workaround, but we have a lot of desktops with 2.3.17, we're not ready to migrate everything to 2.4 right now. Also, the mobiles are deployed manually, so also no way to roll out new configs now. Will be waiting for the fix to the iOS app. Please let us know when you identify the cause of this problem.