Skip to content →

OpenVPN client TLS-Auth problem on Windows

It seems that the OpenVPN Client on windows does not support TLS-Auth with a separate key file. So instead, you can paste your key contents in your openvpn client’s config file and use some thing like the following (inline ta.key):

client
dev tun
proto udp

# enter the server's hostname
# or IP address here, and port number
remote server_ip port_number

resolv-retry infinite
nobind
persist-key
persist-tun

# Use the full filepaths to your
# certificates and keys
ca "C:\\yabroad.tblk\\ca.crt"
cert "C:\\yabroad.tblk\\client.crt"
key "C:\\yabroad.tblk\\client.key"

key-direction 1

<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END OpenVPN Static key V1-----
</tls-auth>


ns-cert-type server
comp-lzo
verb 1

When not using the above but using something like:

tls-auth ta.key 1  # which works for tunnelblick

The server log shows something like:

Thu Apr 18 20:55:26 2013 TLS Error: incoming packet authentication failed from [AF_INET] IP_ADDRESS:60454
Thu Apr 18 20:55:57 2013 Authenticate/Decrypt packet error: packet HMAC authentication failed

Published in Miscellaneous

20 Comments

  1. Hani Alhabshi

    i got this error on openvpn server when connect

    Tue Jan 30 13:31:15 2018 WARNING: cannot stat file ‘ta.key’: No such file or directory (errno=2)
    Options error: –tls-auth fails with ‘ta.key’: No such file or directory (errno=2)
    Options error: Please correct these errors.
    Use –help for more information.

  2. Hani Alhabshi

    i got this error on openvpn server when connect

    Tue Jan 30 13:31:15 2018 WARNING: cannot stat file ‘ta.key’: No such file or directory (errno=2)
    Options error: –tls-auth fails with ‘ta.key’: No such file or directory (errno=2)
    Options error: Please correct these errors.
    Use –help for more information.

  3. Cyrille Vladimirov

    I confirm this solution as worked.

    Do not forget to put these lines:

    key-direction  0    (on server)

    key-direction  1   (on client)

     

    OpenVPN 2.3.11 (FreeBSD 10.3)

    Great post, thank you very much.

     

  4. Cyrille Vladimirov

    I confirm this solution as worked.

    Do not forget to put these lines:

    key-direction  0    (on server)

    key-direction  1   (on client)

     

    OpenVPN 2.3.11 (FreeBSD 10.3)

    Great post, thank you very much.

     

  5. Eduard

    Hi

    Thank you. This fixed the same problem when connecting to an OpenVPN server  on a QNAP (TS239-PRO II) with the client running on Ubuntu server.

  6. Eduard

    Hi

    Thank you. This fixed the same problem when connecting to an OpenVPN server  on a QNAP (TS239-PRO II) with the client running on Ubuntu server.

  7. Sean

    THANK YOU! I’ve been spending hours trying to figure out this issue… solved it thanks to your post!

  8. Sean

    THANK YOU! I’ve been spending hours trying to figure out this issue… solved it thanks to your post!

  9. Ioannis

    Darn that was good!!! Hours and hours of troubleshooting: removing keys, rebuilding keys, reinstalling openvpn, changing directories, client setting, server setting the whole lot, just to be your solution. Thank you!

  10. Ioannis

    Darn that was good!!! Hours and hours of troubleshooting: removing keys, rebuilding keys, reinstalling openvpn, changing directories, client setting, server setting the whole lot, just to be your solution. Thank you!

  11. pal

    thanks for the solution. Yes I also had to use those tags to enclose the contents of ta.key like Maciej’s case

  12. pal

    thanks for the solution. Yes I also had to use those tags to enclose the contents of ta.key like Maciej’s case

  13. This post is great, it helped me solved exactly that issue.

    However, I had to enclose the tls key with

    <tls-auth>
    </tls-auth>
    • Glad this helps, and thanks for your feedback! 🙂

  14. This post is great, it helped me solved exactly that issue.

    However, I had to enclose the tls key with

    <tls-auth>
    </tls-auth>
    • Glad this helps, and thanks for your feedback! 🙂

Leave a Reply to Cyrille Vladimirov Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.