Openvpn TLS Error: cannot locate HMAC in incoming packet

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

粗眉毛的沙滩裤 · 合肥六小荣城分校举行庆六一第十四届校园文化艺 ...· 5 天前 ·

飞翔的领带 · 北川“夹缝男孩”坐轮椅回校拜祭(组图) - ...· 1 月前 ·

有情有义的香烟 · PHP怎么打开多个文件 • Worktile社区· 2 月前 ·

谦逊的跑步机 · 未来一周湖南阴雨持续“抢镜” ...· 3 月前 ·

沉稳的木瓜 · 摩尔庄园10月14日攻略_页游快讯_4399 ...· 3 月前 ·

JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.

Fri Feb 16 20:08:12 2018 us=464870  event_wait returned 0
Fri Feb 16 20:08:12 2018 us=464932 I/O WAIT status=0x0020
Fri Feb 16 20:08:12 2018 us=464944 MULTI: REAP range 224 -> 240
Fri Feb 16 20:08:12 2018 us=464989 SCHEDULE: schedule_find_least NULL
Fri Feb 16 20:08:12 2018 us=464996 PO_CTL rwflags=0x0001 ev=6 arg=0x55f552ba6168
Fri Feb 16 20:08:12 2018 us=465000 PO_CTL rwflags=0x0001 ev=5 arg=0x55f552ba6068
Fri Feb 16 20:08:12 2018 us=465006 I/O WAIT TR|Tw|SR|Sw [10/0]
Fri Feb 16 20:08:14 2018 us=94732 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x55f552ba6168
Fri Feb 16 20:08:14 2018 us=94808  event_wait returned 1
Fri Feb 16 20:08:14 2018 us=94818 I/O WAIT status=0x0001
Fri Feb 16 20:08:14 2018 us=94827 MULTI: REAP range 240 -> 256
Fri Feb 16 20:08:14 2018 us=94843 UDPv4 read returned 42
Fri Feb 16 20:08:14 2018 us=94868 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]xx.xx.xx.xx:2048
Fri Feb 16 20:08:14 2018 us=94883 GET INST BY REAL: xx.xx.xx.xx:2048 [failed]
Fri Feb 16 20:08:14 2018 us=94891 SCHEDULE: schedule_find_least NULL
Fri Feb 16 20:08:14 2018 us=94899 PO_CTL rwflags=0x0001 ev=6 arg=0x55f552ba6168
Fri Feb 16 20:08:14 2018 us=94906 PO_CTL rwflags=0x0001 ev=5 arg=0x55f552ba6068
Fri Feb 16 20:08:14 2018 us=94916 I/O WAIT TR|Tw|SR|Sw [10/0]
Fri Feb 16 20:08:16 2018 us=628073 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x55f552ba6168
Fri Feb 16 20:08:16 2018 us=628135  event_wait returned 1
Fri Feb 16 20:08:16 2018 us=628163 I/O WAIT status=0x0001
Fri Feb 16 20:08:16 2018 us=628170 MULTI: REAP range 0 -> 16
Fri Feb 16 20:08:16 2018 us=628183 UDPv4 read returned 42
Fri Feb 16 20:08:16 2018 us=628199 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]xx.xx.xx.xx:2048
Fri Feb 16 20:08:16 2018 us=628210 GET INST BY REAL: xx.xx.xx.xx.xx:2048 [failed]
Fri Feb 16 20:08:16 2018 us=628215 SCHEDULE: schedule_find_least NULL
Fri Feb 16 20:08:16 2018 us=628220 PO_CTL rwflags=0x0001 ev=6 arg=0x55f552ba6168
Fri Feb 16 20:08:16 2018 us=628224 PO_CTL rwflags=0x0001 ev=5 arg=0x55f552ba6068
Fri Feb 16 20:08:16 2018 us=628230 I/O WAIT TR|Tw|SR|Sw [10/0]

server.conf
server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 cipher AES-256-CBC comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 15 crl-verify crl.pem client.ovpn
into client config and still same error, i've played about with "Extra HMAC authorization (tls-auth) direction"on tomato and again no change (currently set to 1).
I'm sure it's a simple config error but stuck on what it is.

1. tls-auth line should not contain a numeric at the end; key-direction handles that. Remove the 1 from your tls-auth line
2. Server config is missing key-direction 0
3. key-direction clause must come after the tls-auth clause/section
References for my statements are in this post: http://www.linksysinfo.org/index.ph...annot-locate-hmac-udp-only.73979/#post-293725

server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 10 120 cipher AES-256-CBC comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 15 crl-verify crl.pem client.conf

Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: PO_WAIT[0,0] fd=7 rev=0x00000001 rwflags=0x0001 arg=0x5574f12ee168
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]:  event_wait returned 1
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: I/O WAIT status=0x0001
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: MULTI: REAP range 64 -> 80
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: UDPv4 read returned 42
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]xx.xx.xx.xx:2048
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: GET INST BY REAL: xx.xx.xx.xx:2048 [failed]
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: SCHEDULE: schedule_find_least NULL
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: PO_CTL rwflags=0x0001 ev=7 arg=0x5574f12ee168
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: PO_CTL rwflags=0x0001 ev=6 arg=0x5574f12ee068
Feb 17 20:52:35 v22017115227656500 ovpn-server[30670]: I/O WAIT TR|Tw|SR|Sw [10/0]

Since HMAC (tls-auth) is optional (it's just an additional layer of security), why not simplify the config and remove it, if only to get it working. I personally don't use it because I consider it overkill for the average user. In fact, it's primary advantage is to prevent (or at least minimize the effect of) DOS attacks.

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences