OpenVPN errors
-
Hi guys, ive almost setup my VPN, and can connect a test client ok.
but i got the following errors showing up in the OpenVPN log:
lots of:
*TLS Error: incoming packet authentication failed from [AF_INET]
*Authenticate/Decrypt packet error: packet HMAC authentication failed
*WARNING: No server certificate verification method has been enabledi get the errors even though no vpn clients are connected
secondly, only 2 of 5 clients show in the "export client" list.
ive tried restarting all CA, OpenVPN services etc, but nothing worked.
Sep 11 08:48:48 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:43843 Sep 11 08:48:48 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:46 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:43843 Sep 11 08:48:46 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:46 openvpn 42188 UDPv4 link remote: [AF_INET]#WAN_IP#:1194 Sep 11 08:48:46 openvpn 42188 UDPv4 link local (bound): [AF_INET]#WAN_IP#:0 Sep 11 08:48:46 openvpn 42188 TCP/UDP: Preserving recently used remote address: [AF_INET]#WAN_IP#:1194 Sep 11 08:48:46 openvpn 42188 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 11 08:48:46 openvpn 42188 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sep 11 08:48:39 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:54912 Sep 11 08:48:39 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:36 openvpn 42188 SIGUSR1[soft,ping-restart] received, process restarting Sep 11 08:48:36 openvpn 42188 [UNDEF] Inactivity timeout (--ping-restart), restarting Sep 11 08:48:35 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:59224 Sep 11 08:48:35 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:31 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:54912 Sep 11 08:48:31 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:27 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:20656 Sep 11 08:48:27 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:27 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:54912 Sep 11 08:48:27 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:27 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:59224 Sep 11 08:48:27 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:26 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:42747 Sep 11 08:48:26 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:25 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:54912 Sep 11 08:48:25 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:25 openvpn 93499 UDPv4 link remote: [AF_INET]#WAN_IP#:1194 Sep 11 08:48:25 openvpn 93499 UDPv4 link local (bound): [AF_INET]#WAN_IP#:0 Sep 11 08:48:25 openvpn 93499 TCP/UDP: Preserving recently used remote address: [AF_INET]#WAN_IP#:1194 Sep 11 08:48:25 openvpn 93499 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 11 08:48:25 openvpn 93499 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sep 11 08:48:23 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:59224 Sep 11 08:48:23 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:21 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:59224 Sep 11 08:48:21 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:21 openvpn 61446 UDPv4 link remote: [AF_INET]#WAN_IP#:1194 Sep 11 08:48:21 openvpn 61446 UDPv4 link local (bound): [AF_INET]#WAN_IP#:0 Sep 11 08:48:21 openvpn 61446 TCP/UDP: Preserving recently used remote address: [AF_INET]#WAN_IP#:1194 Sep 11 08:48:21 openvpn 61446 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 11 08:48:21 openvpn 61446 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sep 11 08:48:15 openvpn 93499 SIGUSR1[soft,ping-restart] received, process restarting Sep 11 08:48:15 openvpn 93499 [UNDEF] Inactivity timeout (--ping-restart), restarting Sep 11 08:48:11 openvpn 61446 SIGUSR1[soft,ping-restart] received, process restarting Sep 11 08:48:11 openvpn 61446 [UNDEF] Inactivity timeout (--ping-restart), restarting Sep 11 08:48:11 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:20656 Sep 11 08:48:11 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:10 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:42747 Sep 11 08:48:10 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:07 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:22109 Sep 11 08:48:07 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:03 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:20656 Sep 11 08:48:03 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:48:02 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:42747 Sep 11 08:48:02 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:47:58 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:42747 Sep 11 08:47:58 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:47:58 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:20656 Sep 11 08:47:58 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:47:56 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:42747 Sep 11 08:47:56 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:47:56 openvpn 9149 UDPv4 link remote: [AF_INET]#WAN_IP#:1194 Sep 11 08:47:56 openvpn 9149 UDPv4 link local (bound): [AF_INET]#WAN_IP#:0 Sep 11 08:47:56 openvpn 9149 TCP/UDP: Preserving recently used remote address: [AF_INET]#WAN_IP#:1194 Sep 11 08:47:56 openvpn 9149 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 11 08:47:56 openvpn 9149 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sep 11 08:47:55 openvpn 29667 TLS Error: incoming packet authentication failed from [AF_INET]#WAN_IP#:20656 Sep 11 08:47:55 openvpn 29667 Authenticate/Decrypt packet error: packet HMAC authentication failed Sep 11 08:47:55 openvpn 4266 UDPv4 link remote: [AF_INET]#WAN_IP#:1194 Sep 11 08:47:55 openvpn 4266 UDPv4 link local (bound): [AF_INET]#WAN_IP#:0 Sep 11 08:47:55 openvpn 4266 TCP/UDP: Preserving recently used remote address: [AF_INET]#WAN_IP#:1194 Sep 11 08:47:55 openvpn 4266 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sep 11 08:47:55 openvpn 4266 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
-
screenshot of openvpn server setting below. Has its own OpenVPN CA
screenshot of setting below. i have 5 clients with same settings. each has their own User_CA
-
What is pfSense version on hosts?
secondly, only 2 of 5 clients show in the "export client" list.
it seems these clients don't client certificate, check System / User Manager / Users / Edit - User Certificates
-
ok just figured out .
so i didnt have "System / User Manager / Users" added for the new VPNclients. doh!
ive sorted all of that out.as for
TLS Error: incoming packet authentication failed from [AF_INET]
this was due to the VPNclients not having the same key as VPNserver.
so all TLS keys match. all certs are correctly linkednow where i am confused.
the VPNClient services stop working after TLS key was made the same between VPNclient/server settings. But clients can connect, and Certificate Revocation works....whats the reason for the VPNclients service? i was under the impression that needed to be running for the client to connect?
on the below pic, the U1 client is connected, but doesnt show a C after ip address. and the client service isnt running.
or is the Client instance only for P2P connections and exporting settings to openvpn exe/config etc. -
I made a copy of your configuration in VM and it works OK.
Copy TLS keys from server to clients again and check.
And put here OpenVPN log from server and clients. -
seems to be all working.
think i got confused on what the "OpenVPN clients" are.
kept seeing the services being stopped, so thought it was a error.am i correct in saying its...
-
for either connecting to another vpn server elsewhere (aka p2p router connection)
-
and generally for exporting the config files for win/linux clients, instead of doing it manually.
the client isntance doesnt actually get used for imcoming openvpn conenctions from say a windows client
-