HMAC Authentication Issue

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
victovpn
OpenVpn Newbie
Posts: 2
Joined: Wed Nov 06, 2013 7:35 pm

HMAC Authentication Issue

Post by victovpn » Wed Nov 06, 2013 8:32 pm

Hello all,

I'm using OpenVPN version 2.3.2 and OpenVPN Connect client for iOS version 1.0.1 build 88. I am having issues configuring "tls-auth" properly, and am receiving the following errors (maximum verbosity):

Code: Select all

Wed Nov  6 14:22:47 2013 us=698988 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]IPADDRESS:32418
Wed Nov  6 14:22:47 2013 us=699017 GET INST BY REAL: IPADDRESS:32418 [failed]
Wed Nov  6 14:22:47 2013 us=699028 SCHEDULE: schedule_find_least NULL
Wed Nov  6 14:22:47 2013 us=699038 PO_CTL rwflags=0x0001 ev=5 arg=0x080df7c8
Wed Nov  6 14:22:47 2013 us=699047 PO_CTL rwflags=0x0001 ev=6 arg=0x080df728
Wed Nov  6 14:22:47 2013 us=699062 I/O WAIT TR|Tw|SR|Sw [10/0]
Wed Nov  6 14:22:47 2013 us=718653 PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x080df7c8 
Wed Nov  6 14:22:47 2013 us=718681  event_wait returned 1
Wed Nov  6 14:22:47 2013 us=718696 I/O WAIT status=0x0001
Wed Nov  6 14:22:47 2013 us=718717 UDPv4 read returned 42
Wed Nov  6 14:22:47 2013 us=718734 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]IPADDRESS:32418
Wed Nov  6 14:22:47 2013 us=718751 GET INST BY REAL: IPADDRESS:32418 [failed]
Wed Nov  6 14:22:47 2013 us=718760 SCHEDULE: schedule_find_least NULL
Wed Nov  6 14:22:47 2013 us=718770 PO_CTL rwflags=0x0001 ev=5 arg=0x080df7c8
Wed Nov  6 14:22:47 2013 us=718778 PO_CTL rwflags=0x0001 ev=6 arg=0x080df728
Wed Nov  6 14:22:47 2013 us=718790 I/O WAIT TR|Tw|SR|Sw [10/0]
Wed Nov  6 14:22:49 2013 us=778578 PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x080df7c8 
Wed Nov  6 14:22:49 2013 us=778609  event_wait returned 1
Wed Nov  6 14:22:49 2013 us=778624 I/O WAIT status=0x0001
Wed Nov  6 14:22:49 2013 us=778636 MULTI: REAP range 128 -> 144
Wed Nov  6 14:22:49 2013 us=778652 UDPv4 read returned 42
Below are my configuration files:

server.ovpn

Code: Select all

server 10.8.0.0 255.255.255.0
dev tun
port 1194
proto udp
dh /mnt/cache/apps/openvpnserver/dh2048.pem
ca /mnt/cache/apps/openvpnserver/ca.crt
cert /mnt/cache/apps/openvpnserver/server.crt
key /mnt/cache/apps/openvpnserver/server.key
push "redirect-gateway def1"
ifconfig-pool-persist /mnt/cache/apps/openvpnserver/ipp.txt
push "dhcp-option DNS 8.8.8.8"
tls-server
verb 9
tls-auth /mnt/cache/apps/openvpnserver/ta.key 0
persist-key
persist-tun
keepalive 10 120
user nobody
group users
cipher aes-256-cbc
client-to-client
auth sha256
comp-lzo
topology subnet
push "route 10.0.1.0 255.255.255.0"
push "resolv-retry infinite"
status /var/log/openvpnserver-status.log 5
log-append /var/log/openvpnserver.log
status-version 2

iphone.ovpn

Code: Select all

remote <HOSTNAME HERE>
cipher aes-256-cbc

client
dev tun
proto udp
port 1194
resolv-retry infinite
tls-client
nobind
persist-tun
comp-lzo
verb 9
route-delay 2
<ca>
-----BEGIN CERTIFICATE-----
CERT TEXT HERE
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
KEY TEXT HERE
-----END OpenVPN Static key V1-----
</tls-auth>
I have checked that the ta.key referenced by the server and the 2048 bit OpenVPN static key inline within the iphone.ovpn file are identical. Please let me know if there is any other useful information I can provide. Thanks in advance!
Top
victovpn
OpenVpn Newbie
Posts: 2
Joined: Wed Nov 06, 2013 7:35 pm

Re: HMAC Authentication Issue

Post by victovpn » Thu Nov 07, 2013 2:55 pm

Thanks for the advice. I changed the client (my iPhone via the Connect client) to read:

Code: Select all

<ca>
</ca>
<key>
</key>
I excluded the <cert></cert> block since it is imported into the iPhone keychain, is this not correct?

However, after these modifications, the client (my iPhone) still cannot connect.
Top
Post Reply

Return to “OpenVPN Connect (iOS)”