OpenVPN 2.4.4 "TLS Error: tls-crypt unwrapping failed from"
Posted: Wed Nov 08, 2017 12:22 am
I'm still seeing the same issue. Running OpenVPN Server 2.4.4 on
RASPBIAN STRETCH LITE.
OpenVPN Client is the latest 2.4.4 on Windows.
When I use tls-auth the VPN connection works fine. So I can verify that OpenVPN works fine when using tls-auth.
When I switch over to tls-crypt I get the following error
client .opvn config snippet: I've tried using tls-auth and tls-crypt tags and still receive the same "tls-crypt unwrapping failed" error
OpenVPN Log:
OpenVPN Client log on Windows 10:
Has anyone gotten a valid tls-crypt set up to work? Am I right in using <tls-crypt> tags around my static key within the .opvn config for the client?
Thanks ahead of time for the help!
RASPBIAN STRETCH LITE.
OpenVPN Client is the latest 2.4.4 on Windows.
When I use tls-auth the VPN connection works fine. So I can verify that OpenVPN works fine when using tls-auth.
When I switch over to tls-crypt I get the following error
server.conf snippetWed Nov 8 00:11:50 2017 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.50.1:59056
Wed Nov 8 00:11:55 2017 tls-crypt unwrap error: packet authentication failed
Code: Select all
remote-cert-tls client
tls-version-min 1.2
#tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
client .opvn config snippet: I've tried using tls-auth and tls-crypt tags and still receive the same "tls-crypt unwrapping failed" error
Code: Select all
<tls-auth>
[KEY REMOVED]
</tls-auth>
Code: Select all
<tls-crypt>
[KEY REMOVED]
</tls-crypt>
Code: Select all
Wed Nov 8 00:09:36 2017 OpenVPN 2.4.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 25 2017
Wed Nov 8 00:09:36 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Wed Nov 8 00:09:36 2017 TUN/TAP device tun0 opened
Wed Nov 8 00:09:36 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Nov 8 00:09:36 2017 /sbin/ip link set dev tun0 up mtu 1500
Wed Nov 8 00:09:36 2017 /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Wed Nov 8 00:09:36 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Nov 8 00:09:36 2017 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Nov 8 00:09:36 2017 UDPv4 link remote: [AF_UNSPEC]
Wed Nov 8 00:09:36 2017 GID set to nogroup
Wed Nov 8 00:09:36 2017 UID set to nobody
Wed Nov 8 00:09:36 2017 Initialization Sequence Completed
Wed Nov 8 00:11:49 2017 tls-crypt unwrap error: packet authentication failed
Wed Nov 8 00:11:49 2017 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.50.1:59056
Wed Nov 8 00:11:50 2017 tls-crypt unwrap error: packet authentication failed
Wed Nov 8 00:11:50 2017 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.50.1:59056
Wed Nov 8 00:11:55 2017 tls-crypt unwrap error: packet authentication failed
Wed Nov 8 00:11:55 2017 TLS Error: tls-crypt unwrapping failed from [AF_INET]192.168.50.1:59056
OpenVPN Client log on Windows 10:
Code: Select all
Tue Nov 07 19:11:47 2017 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Tue Nov 07 19:11:47 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Nov 07 19:11:47 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Tue Nov 07 19:11:50 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Nov 07 19:11:50 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]24.189.83.110:1194
Tue Nov 07 19:11:50 2017 UDP link local: (not bound)
Tue Nov 07 19:11:50 2017 UDP link remote: [AF_INET]24.189.83.110:1194
Tue Nov 07 19:12:50 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 07 19:12:50 2017 TLS Error: TLS handshake failed
Has anyone gotten a valid tls-crypt set up to work? Am I right in using <tls-crypt> tags around my static key within the .opvn config for the client?
Thanks ahead of time for the help!