OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

TLS Error: cannot locate HMAC in incoming packet

https://forums.openvpn.net/viewtopic.php?t=33590

Page 1 of 1

TLS Error: cannot locate HMAC in incoming packet

Posted: Mon Jan 17, 2022 10:16 am
by dnilgreb
Hi,

I am running an OpenVPN 2.5.1 server. It´s running fine, and works as intended. No problems connecting or anything like that.

I have more of a general question on how to handle these messages:

Code: Select all

TLS Error: cannot locate HMAC in incoming packet from [AF_INET] xxx.xxx.xxx.xxx:XXX
The x-s represent an IP address and port. I get about 5 - 10 of these daily in the message log on my OpenVPN server. They are coming from a lots of different IP addresses from all over the world. I assume this is someone trying to connect without a valid certificate?
Should I simply diregard these, or should I take some measures to stop these attempts? Or could it be something else entirely?

Re: TLS Error: cannot locate HMAC in incoming packet

Posted: Mon Jan 17, 2022 3:10 pm
by TinCanTech
Ignore it, they are from internet scanners..

Re: TLS Error: cannot locate HMAC in incoming packet

Posted: Tue Jan 18, 2022 6:46 am
by dnilgreb
is it safe to ignore though? can something be done as a defense?

Re: TLS Error: cannot locate HMAC in incoming packet

Posted: Tue Jan 18, 2022 4:30 pm
by TinCanTech
It is safe to ignore, technically, the packet is dropped (although no message to point that out).

Openvpn is doing the best defense already.

Re: TLS Error: cannot locate HMAC in incoming packet

Posted: Tue Jan 18, 2022 7:06 pm
by dnilgreb
Ok, thank you for explaining.

Re: TLS Error: cannot locate HMAC in incoming packet

Posted: Tue Jan 18, 2022 7:11 pm
by TinCanTech
If you feel like trying something new you could try --tls-crypt or --tls-crypt-v2 keys.

This may help: https://github.com/TinCanTech/easy-tls
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/