Site to Site (preshare) not working different versions
-
One of our Netgate devices failed and so I swapped it with another.
Server side is running 2.4.5-RELEASE (OpenVPN 2.4.9 with OpenSSL 1.0.2u-freebsd)
Client side is running 2.5.2 (OpenVPN 2.5.2 with OpenSLL 1.1.1k)
The Client side was the side that was replaced with a newer appliance from Netgate.
I followed the Site to Site with Pre-Share key instructions found in the documentation. I have a screen shot of the actual settings from the dead client device and it matches. It doesn't work. The only error I get on the server side is:
" Authenticate/Decrypt packet error: packet HMAC authentication failed"I've auto created new pre-share key and copied to both server and client. Nothing.
I've checked all of the settings in the pfSense GUI a dozen times and they are accurate. They are exactly what they were before.
I have an inkling that it has to do with version's being different and apparently not backward compatible.
Is this a known issue or what do you suggest I do from here?
-
It had to do with cipher differences between the two versions.
https://community.openvpn.net/openvpn/wiki/CipherNegotiation
Had to edit some settings in both server and client side.