TLS-auth problems with openvpn on debian

TLS-auth problems with openvpn on debian

0

1

I have a raspberry pi which I intend to use as a vpn proxy while on public networks. I followed this guide (http://www.raspberrypi.org/forums/viewtopic.php?f=36&t=81657) to set up openvpn on the PI, but I can not connect to it. I have tried connecting from both OS X and Ubuntu and have the correct ports open. The PI responds to ping as well.

Can anyone tell me what I am missing? The shared key is present on both the server and client and the .conf files are just the way the are given in the tutorial.

The logs are given in a comment below:

joakimb

Posted 2014-12-10T13:31:28.937

Reputation: 133

Edit: was not allowed to post more link in question. Here is the client log from a connection attempt:

http://pastebin.com/U3Qgr4Vs

And here is the server log:

http://pastebin.com/xM3miDqy

– joakimb – 2014-12-10T13:32:11.400

Answers

2

The server config in the tutorial is missing the reference to the tls-auth key, so you client is sending tls packets with an extra HMAC, but your server is not expecting that extra HMAC. Using tls-auth is a very good idea, so to fix this, add the following line to you server config to enable tls-auth:

tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0

This adds the tls-auth key with 'key-direction 0' (which should be the opposite of the client, which has 'key-direction 1' in the client config file of your tutorial).

Steffan Karger

Posted 2014-12-10T13:31:28.937

Reputation: 551

Asked: 2014-12-10T13:31:28.937

Viewed: 6 061 times

Active: 2017-05-31T21:01:37.180