Keep getting TLS Error: cannot locate HMAC in incoming packet from [AF_INET]xx.xx.xx.xx:xxxxx

[wongkimshing]

I keep getting TLS Error: cannot locate HMAC in incoming packet from [AF_INET]xx.xx.xx.xx:xxxxx when my OpenVPN client connected to the server. It seems tls-auth /etc/openvpn/pki/ta.key doesn't work.

If I comment this line and it will generate a log message like xx.xx.xx.xx:xxxxx TLS: Initial packet from [AF_INET]xx.xx.xx.xx:xxxxx, sid=a1b9713f 033e1970, but xx.xx.xx.xx:xxxxx TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) & xx.xx.xx.xx:xxxxx TLS Error: TLS handshake failed will be generated after a while. The connection is still failed. Could you please advise the solution? Really appreciate.

[itsmichaelk]

Same here..

[lesca]

Same issue here. To fix this, you can either comment out the tls-auth option from the openvpn.conf file; or add the tls-auth and key-redirection into the end of client configuration file, as below:

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
(contents of ta.key)
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1

[Gabisonfire]

Had to add tls-server to the server.conf for this to work

[greenhorse-effect]

I don't think this is a server issue. It is a client side problem. You should inspect your OpenVPN client configuration especially TLS auth part.