It seems that the OpenVPN Client on windows does not support TLS-Auth with a separate key file. So instead, you can paste your key contents in your openvpn client’s config file and use some thing like the following (inline ta.key):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
client dev tun proto udp # enter the server's hostname # or IP address here, and port number remote server_ip port_number resolv-retry infinite nobind persist-key persist-tun # Use the full filepaths to your # certificates and keys ca "C:\\yabroad.tblk\\ca.crt" cert "C:\\yabroad.tblk\\client.crt" key "C:\\yabroad.tblk\\client.key" key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -----END OpenVPN Static key V1----- </tls-auth> ns-cert-type server comp-lzo verb 1 |
When not using the above but using something like:
1 |
tls-auth ta.key 1 # which works for tunnelblick |
The server log shows something like:
1 2 |
Thu Apr 18 20:55:26 2013 TLS Error: incoming packet authentication failed from [AF_INET] IP_ADDRESS:60454 Thu Apr 18 20:55:57 2013 Authenticate/Decrypt packet error: packet HMAC authentication failed |