OpenVPN shared key - Authenticate/Decrypt packet error: missing authentication
-
I tried to get connected on my pfSense Alix via OpenVPN for 2 days using windows GUI 1.0.3 and finaly was successfull with a solution based on certs.
But now i want to have it with shared key and flollowing client.conf:float
proto udp
dev tap
remote MYDYNDNS 1194
secret geheim.key
cipher AES-256-CBC
port 1194
verb 3–------------------
But when i try this i get the following error message in the log:Sat Jul 26 21:01:10 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Jul 26 21:01:10 2008 Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 26 21:01:10 2008 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 26 21:01:10 2008 Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 26 21:01:10 2008 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 26 21:01:11 2008 TAP-WIN32 device [ovpn] opened: \.\Global{5B120D1B-98AC-4383-B8E0-56366A6B016D}.tap
Sat Jul 26 21:01:11 2008 TAP-Win32 Driver Version 8.4
Sat Jul 26 21:01:11 2008 TAP-Win32 MTU=1492
Sat Jul 26 21:01:11 2008 Successful ARP Flush on interface [26] {5B120D1B-98AC-4383-B8E0-56366A6B016D}
Sat Jul 26 21:01:11 2008 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:4 ET:32 EL:0 ]
Sat Jul 26 21:01:11 2008 Local Options hash (VER=V4): '4e57d794'
Sat Jul 26 21:01:11 2008 Expected Remote Options hash (VER=V4): '4e57d794'
Sat Jul 26 21:01:11 2008 UDPv4 link local (bound): [undef]:1194
Sat Jul 26 21:01:11 2008 UDPv4 link remote: a.b.c.d:1194
Sat Jul 26 21:02:59 2008 Authenticate/Decrypt packet error: missing authentication info–----------------------
i found no howto where a solution with pre-shared-key is described well
does anybody know where the failure is?
-
I too am getting stuck here trying to get a Windows XP machine client connect to pfsense's OpenVPN server using a shared key. It works just fine using the PKI setup, but totally stuck when using the shared key.
If anyone can share their thoughts, it would be appreciated.
-
why are you using shared keys? any particular reason for this?
this thread is a couple of months old create a new one and describe your problem in a bit more detail maybe with diagram or screenshots
-
why are you using shared keys? any particular reason for this?
this thread is a couple of months old create a new one and describe your problem in a bit more detail maybe with diagram or screenshots
I'm using shared keys just to try a different route in getting the setup working. I am having issues with some things, successes in others. I'll post a new thread detailing them.
-
Im not sure if this will help you guys but i was having a similar problem.
Where i was getting issues is the TLS stuff. For some reason my system didn't like me just copying the TLS (ta.key) out of the web browser and dumping it to a standard text file. I had to ssh into the pf box and SCP the server1.tls-auth file to a server which i then used winSCP to download it to my windows client.
1. ssh into pf box
2. locate the serverX.tls-auth (replace X with the server number.. if you only have one OpenVPN server configured it would be 1, for 2 it would be 2, etc…)
find / -name server1.tls-auth
3. Use scp or something similar to move the file Securely to another box.
4. Get the server1.tls-auth file to your client and configure it to use that file for TLS auth.After this i was able to connect properly and no longer was getting these odd auth/decrypt errors.... If your still having problems please PM me or post back and i will attach copies of my working config files.
-E