[Solved] OpenVPN 1.2.5 tls-auth VoD issue

[markymarrow]

As from my post in the other 1.2.5 tls-auth thread.

I can connect my mobileconfig profile fine from within the OpenVPN app.
But trying to do so from settings app results in the server side showing:

Code: Select all

Jan 10 11:38:31 corto openvpn[1709]: TLS Error: incoming packet authentication failed from [AF_INET]
Jan 10 11:38:32 corto openvpn[1713]: TCP connection established with [AF_INET]
Jan 10 11:38:32 corto openvpn[1713]:  TLS: Initial packet from [AF_INET], sid=45c993e4 bda3daeb
Jan 10 11:38:32 corto openvpn[1713]:  Authenticate/Decrypt packet error: packet HMAC authentication failed
Jan 10 11:38:32 corto openvpn[1713]:  TLS Error: incoming packet authentication failed from [AF_INET]
Jan 10 11:38:32 corto openvpn[1713]:  Fatal TLS error (check_tls_errors_co), restarting
Jan 10 11:38:32 corto openvpn[1713]:  SIGUSR1[soft,tls-error] received, client-instance restarting

When trying to connect via settings app there are no logs in the OpenVPN app

[markymarrow]

just catching up on ordex's post in the other thread - adding the key-direction option in the config fixes the on demand issue.

[TinCanTech]

adding the key-direction option in the config fixes the on demand issue

Explanation is:

• When using --tls-auth filename direction .. the correct way is like so:
  
  Server side
  
  View Originalserver

  
  tls-auth filename.key 0
  
  
  Client side
  
  View Originalclient

  
  tls-auth filename.key 1
  
  
  
  When you use Inline certs then it looks like this:
  Server side

  Code: Select all

  <tls-auth>
    paste your key here
  </tls-auth>
  key-direction 0
  

  Client side

  Code: Select all

  <tls-auth>
    paste your key here
  </tls-auth>
  key-direction 1