How to fix OpenVPN "TLS Error: cannot locate HMAC in incoming packet from ..."

Problem:

Your OpenVPN clients can’t connect to your OpenVPN server and the server log shows an error message like

openvpn_tls_error.txt

TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:187.100.14.13:41874 (via ::ffff:25.16.25.29%xn0)

TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:187.100.14.13:41874 (via ::ffff:25.16.25.29%xn0)

Solution

You have enabled a TLS key (tls-auth option) in your OpenVPN configuration, but your client does not know that it should use the additional layer of authentication.

The server is looking for the HMAC in the incoming packets but can’t find it.

Either disable the tls-auth option in your server config. The config line will look like

openvpn_tls_auth_example.txt

tls-auth /var/etc/openvpn/server2.tls-auth 0

tls-auth /var/etc/openvpn/server2.tls-auth 0

Enable the correct tls-auth configuration in your client. Remember that you also need to share the correct key.

Check out similar posts by category: Networking, OpenVPN, VPN

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee