How to fix OpenVPN "TLS Error: cannot locate HMAC in incoming packet from ..."

Problem:

Your OpenVPN clients can’t connect to your OpenVPN server and the server log shows an error message like

openvpn_tls_error.txt
TLS Error: cannot locate HMAC in incoming packet from [AF_INET6]::ffff:187.100.14.13:41874 (via ::ffff:25.16.25.29%xn0)

Solution

You have enabled a TLS key (tls-auth option) in your OpenVPN configuration, but your client does not know that it should use the additional layer of authentication.

The server is looking for the HMAC in the incoming packets but can’t find it.

Either disable the tls-auth option in your server config. The config line will look like

openvpn_tls_auth_example.txt
tls-auth /var/etc/openvpn/server2.tls-auth 0

or

Enable the correct tls-auth configuration in your client. Remember that you also need to share the correct key.


Check out similar posts by category: Networking, OpenVPN, VPN