HMAC key (ta.key) not working with PKCS11
Posted: Mon Dec 23, 2019 5:25 am
When I try to use tls-auth on the client (pointing it to a ta.key file), my OpenVPN server logs say:
On my server.conf file, I have:
Any ideas? Thanks!
Dec 22 18:18:26 ... ovpn-server[31133]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:63448I've attached an image of my client config. It behaves this way whether I set the Direction as "Default" or as "1".
Dec 22 18:18:28 ... ovpn-server[31133]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:63448
Dec 22 18:18:32 ... ovpn-server[31133]: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]<ip>:63448
On my server.conf file, I have:
tls-auth /etc/openvpn/tls/ta.key 0 # This file is secretIf I manually open the connection file generated by Viscosity at ~/Library/Application\ Support/Viscosity/1/config.conf, I see:
tls-auth ~/client-configs/files/ta.keyI've verified the shasums of the ta.key files are the same on the client and server. The only other variable here is that I'm using PKCS11 for this connection (connecting with a Yubikey). The PKCS11 connection works when I remove the tls-auth requirement (when I use the newest beta version of Viscosity, PKCS11 works).
Any ideas? Thanks!