Open VPN Error



  • Hello,

    I get the error message "TLS Error: cannot locate HMAC in incoming packet from[AF_INET]" when trying to establish an OPEN VPN connection. What am I doing wrong? What should this error message tell me?

    I'm trying to build the VPN from a synology to the PFSENSE OPENVPN-Server.

    What approaches are there that I can examine? I followed the instructions exactly…

    Thank you very much.


  • Rebel Alliance Global Moderator

    Without your config and your client config.. Did you want us to look into our magic balls?

    Guessing I would say you have something wrong did you create your key, do you have the direction correct..

    Really need to see your configs of you want us to help.



  • Hi,

    of course. If you can't say anything more about the error message without the client configuration, I will be provide it. Maybe someone knows the error and knows where it is;)

    I have created a CA, then a server certificate for the CA (validity 3650 days, key length 2048 and digest sha256). Then I created a user and password. Insert the user into appropriate groups and then create a user certificate (same settings as above) and export.

    VPN server configuration:
    Server mode: Remote access (SSL/TLS + User Auth)
    Protocol: UDP on IPv4
    Adapter type: do - Layer 3 Tunnel Mode
    Interface: WAN
    Local Port: 1194
    TLS configuration: check (use TLS key)
    TLS key Usage type: TLS authentication
    Certificate authority: The created CA
    Diffie Hellmann Parameter length: 2048 bit
    ECDH curve: Use default value
    Encryption algorithm: AES-256-CFB
    Activate NCP: check
    NCP algorithm: AES-256-GCM and AES-128-GCM
    Auth hash value algorithm: SHA256
    Hardware cryptography: none
    Certificate depth: One (Client & Server)
    Strict user-CN compliance: none

    At the client I simply entered the data and imported the user certificate.

    Thank you:)


  • Rebel Alliance Global Moderator

    Entered what data?

    So your using a tls authentication mode - so the user needs also ta.key, etc.

    So your client would need 3 the CA, the User and the ta.key…  You imported those all into your nas?