tls-crypt not working with OpenVPN Connect/Android?

Post Reply
vpnhuman
OpenVPN User
Posts: 10
Joined: Sat Jun 24, 2017 8:04 pm

tls-crypt not working with OpenVPN Connect/Android?

Post by vpnhuman » Thu Jul 06, 2017 1:52 am

Hi all, posted this in the Android/OpenVPN Connect form, no answers.

I've googled this and searched these fourms, and wanted to confirm with others: it appears OpenVPN Connect on Android 1.1.17 does not connect when using the new "tls-auth" option. I've tried the exact same client configuration file on windows, linux, and the OpenVPN for Android app and they all connect correctly. So the issue seems to be OpenVPN Connect.

Can anyone else confirm?

The server error message (from two different android devices, one on android 6 and one on android 7, both using OpenVPN Connect) is:
tls-crypt unwrap error: packet too short
TLS Error: tls-crypt unwrapping failed from [AF_INET]x.x.x.x:34258

Running ovpn server on linux, startup message and configs below
OpenVPN 2.4.3 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017
library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Sat Jun 24 13:06:30 2017 TUN/TAP device tun0 opened
Sat Jun 24 13:06:30 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Jun 24 13:06:30 2017 /sbin/ifconfig tun0 x.x.x.x pointopoint x.x.x.y mtu 1500
Sat Jun 24 13:06:30 2017 UDPv4 link local (bound): [AF_INET][undef]:1194
Sat Jun 24 13:06:30 2017 UDPv4 link remote: [AF_UNSPEC]
Sat Jun 24 13:06:30 2017 GID set to nobody
Sat Jun 24 13:06:30 2017 UID set to nobody
Sat Jun 24 13:06:30 2017 Initialization Sequence Completed

server.conf
[oconf=]
port 1194
proto udp4
dev tun0

server x.x.x.x 255.255.255.0
client-to-client

push "dhcp-option DNS y.y.y.y"
push "redirect-gateway"

keepalive 10 60

user nobody
group nobody
persist-key
persist-tun
auth SHA512

cipher AES-256-GCM
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
ncp-disable

<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
:-)
-----END OpenVPN Static key V1-----
</tls-crypt>

ca ca.crt
cert server.crt
key server.key
dh dh4096.pem

[/oconf]

client.conf
[oconf=]
remote x.x.x.y 1194
client

remote-cert-tls server

tls-version-min 1.2

dev tun0
proto udp

cipher AES-256-GCM
auth SHA512

<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
:-)
-----END OpenVPN Static key V1-----
</tls-crypt>

ca ca.crt
cert client.crt
key client.key
[/oconf]

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5863
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls-crypt not working with OpenVPN Connect/Android?

Post by TinCanTech » Thu Jul 06, 2017 12:46 pm

vpnhuman wrote:it appears OpenVPN Connect on Android 1.1.17 does not connect when using the new "tls-auth" option
Openvpn-Connect-Android does not support --tls-crypt.

Use openvpn for android if you want that.

Post Reply