Skip to content →

OpenVPN client TLS-Auth problem on Windows

Published 2013/04/18 by Daoyuan Li

It seems that the OpenVPN Client on windows does not support TLS-Auth with a separate key file. So instead, you can paste your key contents in your openvpn client’s config file and use some thing like the following (inline ta.key):

client
dev tun
proto udp

# enter the server's hostname
# or IP address here, and port number
remote server_ip port_number

resolv-retry infinite
nobind
persist-key
persist-tun

# Use the full filepaths to your
# certificates and keys
ca "C:\\yabroad.tblk\\ca.crt"
cert "C:\\yabroad.tblk\\client.crt"
key "C:\\yabroad.tblk\\client.key"

key-direction 1

<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END OpenVPN Static key V1-----
</tls-auth>


ns-cert-type server
comp-lzo
verb 1

When not using the above but using something like:

tls-auth ta.key 1  # which works for tunnelblick

The server log shows something like:

Thu Apr 18 20:55:26 2013 TLS Error: incoming packet authentication failed from [AF_INET] IP_ADDRESS:60454
Thu Apr 18 20:55:57 2013 Authenticate/Decrypt packet error: packet HMAC authentication failed

Published in Miscellaneous

Tagged in

20 Comments

  1. Hani Alhabshi

    i got this error on openvpn server when connect

    Tue Jan 30 13:31:15 2018 WARNING: cannot stat file ‘ta.key’: No such file or directory (errno=2)
    Options error: –tls-auth fails with ‘ta.key’: No such file or directory (errno=2)
    Options error: Please correct these errors.
    Use –help for more information.

    2018/01/30 Reply
  2. Hani Alhabshi

    i got this error on openvpn server when connect

    Tue Jan 30 13:31:15 2018 WARNING: cannot stat file ‘ta.key’: No such file or directory (errno=2)
    Options error: –tls-auth fails with ‘ta.key’: No such file or directory (errno=2)
    Options error: Please correct these errors.
    Use –help for more information.

    2018/03/14 Reply
  3. Cyrille Vladimirov

    I confirm this solution as worked.

    Do not forget to put these lines:

    key-direction  0    (on server)

    key-direction  1   (on client)

     

    OpenVPN 2.3.11 (FreeBSD 10.3)

    Great post, thank you very much.

     

    2016/08/22 Reply
  4. Cyrille Vladimirov

    I confirm this solution as worked.

    Do not forget to put these lines:

    key-direction  0    (on server)

    key-direction  1   (on client)

     

    OpenVPN 2.3.11 (FreeBSD 10.3)

    Great post, thank you very much.

     

    2018/03/14 Reply
  5. Eduard

    Hi

    Thank you. This fixed the same problem when connecting to an OpenVPN server  on a QNAP (TS239-PRO II) with the client running on Ubuntu server.

    2015/05/20 Reply
  6. Eduard

    Hi

    Thank you. This fixed the same problem when connecting to an OpenVPN server  on a QNAP (TS239-PRO II) with the client running on Ubuntu server.

    2018/03/14 Reply
  7. Sean

    THANK YOU! I’ve been spending hours trying to figure out this issue… solved it thanks to your post!

    2014/04/19 Reply
  8. Sean

    THANK YOU! I’ve been spending hours trying to figure out this issue… solved it thanks to your post!

    2018/03/14 Reply
  9. Ioannis

    Darn that was good!!! Hours and hours of troubleshooting: removing keys, rebuilding keys, reinstalling openvpn, changing directories, client setting, server setting the whole lot, just to be your solution. Thank you!

    2014/04/09 Reply
  10. Ioannis

    Darn that was good!!! Hours and hours of troubleshooting: removing keys, rebuilding keys, reinstalling openvpn, changing directories, client setting, server setting the whole lot, just to be your solution. Thank you!

    2018/03/14 Reply
  12. pal

    thanks for the solution. Yes I also had to use those tags to enclose the contents of ta.key like Maciej’s case

    2013/12/25 Reply
  14. pal

    thanks for the solution. Yes I also had to use those tags to enclose the contents of ta.key like Maciej’s case

    2018/03/14 Reply
  15. Maciej Soltysiak

    This post is great, it helped me solved exactly that issue.

    However, I had to enclose the tls key with

    <tls-auth>
</tls-auth>
    2013/10/14 Reply
    • Daoyuan Li

      Glad this helps, and thanks for your feedback! 🙂

      2013/10/14 Reply
  16. Maciej Soltysiak

    This post is great, it helped me solved exactly that issue.

    However, I had to enclose the tls key with

    <tls-auth>
</tls-auth>
    2018/03/14 Reply
    • Daoyuan Li

      Glad this helps, and thanks for your feedback! 🙂

      2018/03/14 Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.