View Full Version : [ubuntu] Suddenly impossible to connect to OpenVPN server

November 28th, 2008, 04:46 PM
Hello forum,
I desperatly need some help now, after googling the web the whole day, without even being close to find a solution.

I have Ubuntu 8.10 running with the OpenVPN server (bridged), and everything ran smoothly for weeks, until suddenly nobody could connect anymore from last night.

The clients (XP/Vista) get's the TLS handshake timeout, while the server (constantly) reports
Fri Nov 28 15:55:01 2008 Authenticate/Decrypt packet error: HMAC authentication failed
Fri Nov 28 15:55:01 2008 TLS Error: incoming packet authentication failed from xxx.xxx.xxx:(random portnmbr)

I found suggestions about this being an issue with the ta.key-file, but I have regenerated it (and also the rest of the keys and certificates) and redistributed them to the clients without being able to solve the problem.

My server.conf looks like this:

port 1194
proto udp

dev tap0

ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key

dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem

ifconfig-pool-persist ipp.txt



keepalive 10 120

tls-auth ta.key 0

cipher AES-128-CBC # AES


status openvpn-status.log

verb 3

# Forces client to have a linux account in order to connect
plugin /usr/lib/openvpn/openvpn-auth-pam.so login
Here is an example of one of my clients *.ovpn:
dev tap
proto udp
# change this to your server's address
remote xxx.xxx.xxx 1194
resolv-retry infinite
# Point the key and crt files to
# the ones for this user
ca ca.crt
cert someone.crt
key someone.key
#ensure that we are talking to a server
ns-cert-type server
#confirm we are talking to the correct server
tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
# Enable compression on the VPN link.
# enable user/pass authentication

If anyone has any idea of what my problems are, please let me know! (I really appreciate the help!)

Primaxx :confused: (Please forgive my lousy English...)

November 29th, 2008, 09:21 PM

December 8th, 2008, 09:18 PM
Did you update your openvpn server? I had the same problem when I updated my 8.04 server. I even tried to take out TLS authentication on both the server and client but it didn't work. I was planning on upgrading to 8.10 anyway so I just started over.