OpenVPN shared key - Authenticate/Decrypt packet error: missing authentication



  • I tried to get connected on my pfSense Alix via OpenVPN for 2 days using windows GUI 1.0.3 and finaly was successfull with a solution based on certs.
    But now i want to have it with shared key and flollowing client.conf:

    float
    proto udp
    dev tap
    remote MYDYNDNS 1194
    secret geheim.key
    cipher AES-256-CBC
    port 1194
    verb 3

    –------------------
    But when i try this i get the following error message in the log:

    Sat Jul 26 21:01:10 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
    Sat Jul 26 21:01:10 2008 Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Sat Jul 26 21:01:10 2008 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jul 26 21:01:10 2008 Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Sat Jul 26 21:01:10 2008 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jul 26 21:01:11 2008 TAP-WIN32 device [ovpn] opened: \.\Global{5B120D1B-98AC-4383-B8E0-56366A6B016D}.tap
    Sat Jul 26 21:01:11 2008 TAP-Win32 Driver Version 8.4
    Sat Jul 26 21:01:11 2008 TAP-Win32 MTU=1492
    Sat Jul 26 21:01:11 2008 Successful ARP Flush on interface [26] {5B120D1B-98AC-4383-B8E0-56366A6B016D}
    Sat Jul 26 21:01:11 2008 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:4 ET:32 EL:0 ]
    Sat Jul 26 21:01:11 2008 Local Options hash (VER=V4): '4e57d794'
    Sat Jul 26 21:01:11 2008 Expected Remote Options hash (VER=V4): '4e57d794'
    Sat Jul 26 21:01:11 2008 UDPv4 link local (bound): [undef]:1194
    Sat Jul 26 21:01:11 2008 UDPv4 link remote: a.b.c.d:1194
    Sat Jul 26 21:02:59 2008 Authenticate/Decrypt packet error: missing authentication info

    –----------------------

    i found no howto where a solution with pre-shared-key is described well

    does anybody know where the failure is?



  • I too am getting stuck here trying to get a Windows XP machine client connect to pfsense's OpenVPN server using a shared key.  It works just fine using the PKI setup, but totally stuck when using the shared key.

    If anyone can share their thoughts, it would be appreciated.



  • why are you using shared keys? any particular reason for this?

    this thread is a couple of months old create a new one and describe your problem in a bit more detail maybe with diagram or screenshots



  • @johii:

    why are you using shared keys? any particular reason for this?

    this thread is a couple of months old create a new one and describe your problem in a bit more detail maybe with diagram or screenshots

    I'm using shared keys just to try a different route in getting the setup working.  I am having issues with some things, successes in others.  I'll post a new thread detailing them.



  • Im not sure if this will help you guys but i was having a similar problem.

    Where i was getting issues is the TLS stuff. For some reason my system didn't like me just copying the TLS (ta.key) out of the web browser and dumping it to a standard text file. I had to ssh into the pf box and SCP the server1.tls-auth file to a server which i then used winSCP to download it to my windows client.

    1. ssh into pf box
    2. locate the serverX.tls-auth (replace X with the server number.. if you only have one OpenVPN server configured it would be 1, for 2 it would be 2, etc…)
        find / -name server1.tls-auth
    3. Use scp or something similar to move the file Securely to another box.
    4. Get the server1.tls-auth file to your client and configure it to use that file for TLS auth.

    After this i was able to connect properly and no longer was getting these odd auth/decrypt errors.... If your still having problems please PM me or post back and i will attach copies of my working config files.

    -E


Log in to reply