RASPBIAN STRETCH LITE.
OpenVPN Client is the latest 2.4.4 on Windows.
When I use tls-auth the VPN connection works fine. So I can verify that OpenVPN works fine when using tls-auth.
When I switch over to tls-crypt I get the following error
server.conf snippetWed Nov 8 00:11:50 2017 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.50.1:59056
Wed Nov 8 00:11:55 2017 tls-crypt unwrap error: packet authentication failed
Code: Select all
remote-cert-tls client
tls-version-min 1.2
#tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
client .opvn config snippet: I've tried using tls-auth and tls-crypt tags and still receive the same "tls-crypt unwrapping failed" error
Code: Select all
<tls-auth>
[KEY REMOVED]
</tls-auth>
Code: Select all
<tls-crypt>
[KEY REMOVED]
</tls-crypt>
Code: Select all
Wed Nov 8 00:09:36 2017 OpenVPN 2.4.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 25 2017
Wed Nov 8 00:09:36 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Wed Nov 8 00:09:36 2017 TUN/TAP device tun0 opened
Wed Nov 8 00:09:36 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Nov 8 00:09:36 2017 /sbin/ip link set dev tun0 up mtu 1500
Wed Nov 8 00:09:36 2017 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Wed Nov 8 00:09:36 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Nov 8 00:09:36 2017 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Nov 8 00:09:36 2017 UDPv4 link remote: [AF_UNSPEC]
Wed Nov 8 00:09:36 2017 GID set to nogroup
Wed Nov 8 00:09:36 2017 UID set to nobody
Wed Nov 8 00:09:36 2017 Initialization Sequence Completed
Wed Nov 8 00:11:49 2017 tls-crypt unwrap error: packet authentication failed
Wed Nov 8 00:11:49 2017 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.50.1:59056
Wed Nov 8 00:11:50 2017 tls-crypt unwrap error: packet authentication failed
Wed Nov 8 00:11:50 2017 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.50.1:59056
Wed Nov 8 00:11:55 2017 tls-crypt unwrap error: packet authentication failed
Wed Nov 8 00:11:55 2017 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.50.1:59056
OpenVPN Client log on Windows 10:
Code: Select all
Tue Nov 07 19:11:47 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Tue Nov 07 19:11:47 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Nov 07 19:11:47 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Tue Nov 07 19:11:50 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Nov 07 19:11:50 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]24.189.83.110:1194
Tue Nov 07 19:11:50 2017 UDP link local: (not bound)
Tue Nov 07 19:11:50 2017 UDP link remote: [AF_INET]24.189.83.110:1194
Tue Nov 07 19:12:50 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 07 19:12:50 2017 TLS Error: TLS handshake failed
Has anyone gotten a valid tls-crypt set up to work? Am I right in using <tls-crypt> tags around my static key within the .opvn config for the client?
Thanks ahead of time for the help!