HMAC TLS error

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
absit
OpenVpn Newbie
Posts: 3
Joined: Tue Apr 06, 2021 9:46 am

HMAC TLS error

Post by absit » Tue Apr 06, 2021 12:00 pm

Hello

I installed via (sorry for the dutch site) https://www.synology-forum.nl/vpn-serve ... e-openvpn/ a VPN server on my synology DS220.
Recently the package was updated to a new version and it doesn't seem to work any more.
I get the following error
TLS Error: cannot locate HMAC in incoming packet from [AF_INET]external_IP:1194
Here are my configs:
Server config


log /var/log/openvpn.log
verb 4

server 192.168.160.0 255.255.255.0 ### IP vervangen door regel uit openvpn.conf

push "route 192.168.1.0 255.255.255.0" ### IP vervangen door regel uit openvpn.conf (Local LAN van DS)

push "route 192.168.160.0 255.255.255.0" ### IP vervangen door regel uit openvpn.conf (Dynamisch IP/tunnel)

max-clients 5 ### 5 vervangen door het nummer uit openvpn.conf

# Wat hier onder staat hoeft niet gewijzigd te worden
################################################################

topology subnet

push "sndbuf 0"

push "rcvbuf 0"

sndbuf 0

rcvbuf 0

management 127.0.0.1 1195

dev tun

proto udp

port 1194

persist-tun

persist-key

cipher AES-256-CBC

prng SHA256 32

auth SHA256

tls-version-min 1.2 or-highest

tls-auth /usr/syno/etc/packages/VPNCenter/VPNcerts/ta.key 0

remote-cert-tls client

dh /usr/syno/etc/packages/VPNCenter/VPNcerts/dh4096.pem

ca /usr/syno/etc/packages/VPNCenter/VPNcerts/CA.crt

cert /usr/syno/etc/packages/VPNCenter/VPNcerts/Server.crt

key /usr/syno/etc/packages/VPNCenter/VPNcerts/Server.key

fast-io

comp-lzo no

keepalive 10 60

plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf

status /tmp/ovpn_status_2_result 30

status-version 2


Client config


remote remote_IP 1194 ### Extern IP adres of DDNS-naam of Domein-naam. Meerdere regels zijn mogelijk

cert "client.crt" ### Heb je voor meerdere gebruikers certificaten/keys gemaakt dan "gebruikersnaam.crt"

key "client.key" ### Heb je voor meerdere gebruikers certificaten/keys gemaakt dan "gebruikersnaam.key"



# Wat hier onder staat hoeft niet gewijzigd te worden
################################################################

ca CA.crt

verb 4

nobind

float

block-outside-dns

register-dns

redirect-gateway def1

dev tun

proto udp

pull

tls-client

remote-cert-tls server

cipher AES-256-CBC

prng SHA256 32

auth SHA256

tls-version-min 1.2 or-highest

tls-auth ta.key 1

fast-io

comp-lzo no

auth-user-pass

auth-nocache


Can you guys help me?
Thanks

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: HMAC TLS error

Post by TinCanTech » Tue Apr 06, 2021 1:34 pm

absit wrote:
Tue Apr 06, 2021 12:00 pm
Recently the package was updated to a new version and it doesn't seem to work any more.
I get the following error

Code: Select all

TLS Error: cannot locate HMAC in incoming packet from [AF_INET]external_IP:1194
What was updated .. from what to what ?

The error message means you have misconfigured --tls-auth.

absit
OpenVpn Newbie
Posts: 3
Joined: Tue Apr 06, 2021 9:46 am

Re: HMAC TLS error

Post by absit » Tue Apr 06, 2021 2:20 pm

Hi

I did the upgrade from : Version: 1.3.11-2777 to Version: 1.3.12-2780

https://www.synology.com/nl-nl/releaseN ... l=DS220%2B

I didn't change any configuration only the upgrade of the package.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: HMAC TLS error

Post by TinCanTech » Tue Apr 06, 2021 2:52 pm

Try rebootig ..

absit
OpenVpn Newbie
Posts: 3
Joined: Tue Apr 06, 2021 9:46 am

Re: HMAC TLS error

Post by absit » Tue Apr 06, 2021 5:46 pm

I've reinstalled the package;
rebooted the synology.

Also reinstalled the whole VPN config.

No result.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: HMAC TLS error

Post by TinCanTech » Tue Apr 06, 2021 6:01 pm

You probably need to generate a new client config file from your NAS device.

Try reading your device manual...

Post Reply