• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN shared key - Authenticate/Decrypt packet error: missing authentication

Scheduled Pinned Locked Moved OpenVPN
5 Posts 4 Posters 16.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    freedrivers
    last edited by Jul 26, 2008, 7:19 PM

    I tried to get connected on my pfSense Alix via OpenVPN for 2 days using windows GUI 1.0.3 and finaly was successfull with a solution based on certs.
    But now i want to have it with shared key and flollowing client.conf:

    float
    proto udp
    dev tap
    remote MYDYNDNS 1194
    secret geheim.key
    cipher AES-256-CBC
    port 1194
    verb 3

    –------------------
    But when i try this i get the following error message in the log:

    Sat Jul 26 21:01:10 2008 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
    Sat Jul 26 21:01:10 2008 Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Sat Jul 26 21:01:10 2008 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jul 26 21:01:10 2008 Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Sat Jul 26 21:01:10 2008 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Sat Jul 26 21:01:11 2008 TAP-WIN32 device [ovpn] opened: \.\Global{5B120D1B-98AC-4383-B8E0-56366A6B016D}.tap
    Sat Jul 26 21:01:11 2008 TAP-Win32 Driver Version 8.4
    Sat Jul 26 21:01:11 2008 TAP-Win32 MTU=1492
    Sat Jul 26 21:01:11 2008 Successful ARP Flush on interface [26] {5B120D1B-98AC-4383-B8E0-56366A6B016D}
    Sat Jul 26 21:01:11 2008 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:4 ET:32 EL:0 ]
    Sat Jul 26 21:01:11 2008 Local Options hash (VER=V4): '4e57d794'
    Sat Jul 26 21:01:11 2008 Expected Remote Options hash (VER=V4): '4e57d794'
    Sat Jul 26 21:01:11 2008 UDPv4 link local (bound): [undef]:1194
    Sat Jul 26 21:01:11 2008 UDPv4 link remote: a.b.c.d:1194
    Sat Jul 26 21:02:59 2008 Authenticate/Decrypt packet error: missing authentication info

    –----------------------

    i found no howto where a solution with pre-shared-key is described well

    does anybody know where the failure is?

    1 Reply Last reply Reply Quote 0
    • R
      razor2000
      last edited by Oct 17, 2008, 2:13 PM

      I too am getting stuck here trying to get a Windows XP machine client connect to pfsense's OpenVPN server using a shared key.  It works just fine using the PKI setup, but totally stuck when using the shared key.

      If anyone can share their thoughts, it would be appreciated.

      1 Reply Last reply Reply Quote 0
      • J
        johii
        last edited by Oct 17, 2008, 2:39 PM

        why are you using shared keys? any particular reason for this?

        this thread is a couple of months old create a new one and describe your problem in a bit more detail maybe with diagram or screenshots

        1 Reply Last reply Reply Quote 0
        • R
          razor2000
          last edited by Oct 17, 2008, 4:20 PM

          @johii:

          why are you using shared keys? any particular reason for this?

          this thread is a couple of months old create a new one and describe your problem in a bit more detail maybe with diagram or screenshots

          I'm using shared keys just to try a different route in getting the setup working.  I am having issues with some things, successes in others.  I'll post a new thread detailing them.

          1 Reply Last reply Reply Quote 0
          • E
            eureka
            last edited by Oct 22, 2008, 8:28 PM

            Im not sure if this will help you guys but i was having a similar problem.

            Where i was getting issues is the TLS stuff. For some reason my system didn't like me just copying the TLS (ta.key) out of the web browser and dumping it to a standard text file. I had to ssh into the pf box and SCP the server1.tls-auth file to a server which i then used winSCP to download it to my windows client.

            1. ssh into pf box
            2. locate the serverX.tls-auth (replace X with the server number.. if you only have one OpenVPN server configured it would be 1, for 2 it would be 2, etc…)
                find / -name server1.tls-auth
            3. Use scp or something similar to move the file Securely to another box.
            4. Get the server1.tls-auth file to your client and configure it to use that file for TLS auth.

            After this i was able to connect properly and no longer was getting these odd auth/decrypt errors.... If your still having problems please PM me or post back and i will attach copies of my working config files.

            -E

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received