[Solved] tls-crypt unwrap error: packet too short
Posted: Mon Aug 31, 2020 9:34 pm
Hello openvpn forum,
I try to create a VPN, currently with a server and a client.
My problem is, I have arch linux server for the openVPN server and
a debian server for the openVPN client.
Used packets:
Arch Linux: openvpn (2.4.9-2)
Debian: openvpn (2.4.7-1)
I used the Arch Linux tutorial for the openVPN server side.
https://wiki.archlinux.org/index.php/Op ... ation_file
https://wiki.archlinux.org/index.php/Easy-RSA
=> Elliptic curve cryptography.
For the client side of openVPN the I used the debian tutorial.
https://wiki.debian.org/OpenVPN
To test my setup I started the server side and and then on an other maschine my client.
Server output:
Client output:
Server config:
Client config:
How to fix this problem, or setup my configs correctly?
Greetings, KokosBot.
I try to create a VPN, currently with a server and a client.
My problem is, I have arch linux server for the openVPN server and
a debian server for the openVPN client.
Used packets:
Arch Linux: openvpn (2.4.9-2)
Debian: openvpn (2.4.7-1)
I used the Arch Linux tutorial for the openVPN server side.
https://wiki.archlinux.org/index.php/Op ... ation_file
https://wiki.archlinux.org/index.php/Easy-RSA
=> Elliptic curve cryptography.
For the client side of openVPN the I used the debian tutorial.
https://wiki.debian.org/OpenVPN
To test my setup I started the server side and and then on an other maschine my client.
Server output:
Code: Select all
Mon Aug 31 21:15:07 2020 Initialization Sequence Completed
Mon Aug 31 21:31:00 2020 tls-crypt unwrap error: packet too short
Mon Aug 31 21:31:00 2020 TLS Error: tls-crypt unwrapping failed from [AF_INET]XXXXX:33577
Mon Aug 31 21:31:02 2020 tls-crypt unwrap error: packet too short
Mon Aug 31 21:31:02 2020 TLS Error: tls-crypt unwrapping failed from [AF_INET]XXXXX:33577
Mon Aug 31 21:31:06 2020 tls-crypt unwrap error: packet too short
Mon Aug 31 21:31:06 2020 TLS Error: tls-crypt unwrapping failed from [AF_INET]XXXXX:33577
Code: Select all
Mon Aug 31 19:31:00 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Mon Aug 31 19:31:00 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Mon Aug 31 19:31:00 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Aug 31 19:31:00 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]YYYYY:1194
Mon Aug 31 19:31:00 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Aug 31 19:31:00 2020 UDP link local: (not bound)
Mon Aug 31 19:31:00 2020 UDP link remote: [AF_INET]YYYYY:1194
Mon Aug 31 19:32:01 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Aug 31 19:32:01 2020 TLS Error: TLS handshake failed
Mon Aug 31 19:32:01 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Aug 31 19:32:01 2020 Restart pause, 5 second(s)
Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/openVPN_srv.crt
key /etc/openvpn/server/openVPN_srv.key # This file should be kept secret
tls-crypt /etc/openvpn/server/ta.key
cipher AES-256-CBC
dh none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
cipher AES-256-GCM
cipher AES-256-GCM
auth SHA512
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
Code: Select all
client
port 1194
proto udp
remote mydomain.de 1194 # VPN server IP : PORT
nobind
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/openVPN_client_build.crt
key /etc/openvpn/easy-rsa/keys/openVPN_client_build.key
dev tun
#comp-lzo
#persist-key
#persist-tun
verb 3
Greetings, KokosBot.