OpenVPN Support Forum

Posted: **Wed Jan 10, 2018 11:45 am**

As from my post in the other 1.2.5 tls-auth thread.

I can connect my mobileconfig profile fine from within the OpenVPN app.
But trying to do so from settings app results in the server side showing:

Code: Select all

Jan 10 11:38:31 corto openvpn[1709]: TLS Error: incoming packet authentication failed from [AF_INET]
Jan 10 11:38:32 corto openvpn[1713]: TCP connection established with [AF_INET]
Jan 10 11:38:32 corto openvpn[1713]:  TLS: Initial packet from [AF_INET], sid=45c993e4 bda3daeb
Jan 10 11:38:32 corto openvpn[1713]:  Authenticate/Decrypt packet error: packet HMAC authentication failed
Jan 10 11:38:32 corto openvpn[1713]:  TLS Error: incoming packet authentication failed from [AF_INET]
Jan 10 11:38:32 corto openvpn[1713]:  Fatal TLS error (check_tls_errors_co), restarting
Jan 10 11:38:32 corto openvpn[1713]:  SIGUSR1[soft,tls-error] received, client-instance restarting

When trying to connect via settings app there are no logs in the OpenVPN app

Posted: **Wed Jan 10, 2018 11:56 am**

just catching up on ordex's post in the other thread - adding the key-direction option in the config fixes the on demand issue.

Posted: **Wed Jan 10, 2018 12:47 pm**

markymarrow wrote: ↑
Wed Jan 10, 2018 11:56 am
adding the key-direction option in the config fixes the on demand issue

Explanation is:

When using --tls-auth filename direction .. the correct way is like so:

Server side

server

tls-auth filename.key 0

Client side

client

tls-auth filename.key 1

When you use Inline certs then it looks like this:
Server side
Code: Select all
```
<tls-auth>
  paste your key here
</tls-auth>
key-direction 0
```
Client side
Code: Select all
```
<tls-auth>
  paste your key here
</tls-auth>
key-direction 1
```

OpenVPN Support Forum

[Solved] OpenVPN 1.2.5 tls-auth VoD issue

[Solved] OpenVPN 1.2.5 tls-auth VoD issue

Re: OpenVPN 1.2.5 tls-auth VoD issue

Re: OpenVPN 1.2.5 tls-auth VoD issue