I have my IPFire setup in a lab within my house. I have IPFire up and running and traffic passing to/from the Internet. Trying to get the OpenVPN working now and running into this error messages.

Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 TLS: Initial packet from [AF_INET]192.168.1.125:50721, sid=08bd0f1a faa2ee1a
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 Authenticate/Decrypt packet error: packet HMAC authentication failed
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.125:50721
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 Fatal TLS error (check_tls_errors_co), restarting
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 SIGUSR1[soft,tls-error] received, client-instance restarting

Can anyone point me to a document/link that show just how the client *.ovpn configuration file should be?
My client is an Windows 11 Pro
OpenVPN client 3.3.6 (2752)
Here is my OpenVPN client configuration file
#OpenVPN Client conf
tls-client
client
nobind
dev tun
proto tcp
tun-mtu 1400
remote 10.xxx.xxx.1 443
pkcs12 EdmundsonRemote4.p12
cipher AES-256-CBC
auth SHA512
tls-auth ta.key 1
verb 3
remote-cert-tls server
verify-x509-name ipfire1.localdomain name
mssfix 0
auth-nocache
auth-token-user USER
auth-token TOTP
auth-retry interact

-----BEGIN CERTIFICATE-----
MIIGqjCCBJKgAwIBAgIUNlDnL0Qx9+BsS45ksGAhLQXtzmMwDQYJKoZIhvcNAQEN
x
+9LpxemrdOhCln3/OOweU1nBK6bZhCO1LrcvYumLXn8xiHdiPX9ByTKP0s4DWSNg
TR8yQEwM/y4tBu9C1sisItnQJi8w/ipqG1ptyXU5
-----END CERTIFICATE-----

2048 bit OpenVPN static key

-----BEGIN OpenVPN Static key V1-----
38029b7e9a88ed49db2f678d721ab5ca
x
c235e4366ce22fdf43659b5af8bef164
-----END OpenVPN Static key V1-----

Here is my IPFire OpenVPN server side configuration
#OpenVPN Server conf

daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare OpenVPN for listening on blue and orange
;local 10.xxx.xxx.1
dev tun
proto tcp
port 443
script-security 3
ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600
client-config-dir /var/ipfire/ovpn/ccd
tls-server
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
server 10.30.5.0 255.255.255.0
tun-mtu 1400
mssfix 0
keepalive 10 60
status-version 1
status /var/run/ovpnserver.log 30
ncp-disable
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-auth /var/ipfire/ovpn/certs/ta.key
max-clients 100
tls-verify /usr/lib/openvpn/verify
crl-verify /var/ipfire/ovpn/crls/cacrl.pem
auth-user-pass-optional
reneg-sec 86400
user nobody
group nobody
persist-key
persist-tun
verb 3

Log clients connecting/disconnecting

client-connect “/usr/sbin/openvpn-metrics client-connect”
client-disconnect “/usr/sbin/openvpn-metrics client-disconnect”

Enable Management Socket

management /var/run/openvpn.sock unix
management-client-auth

Please point out what I am missing.
Thanks for the help in advance.

you have this entry in your .ovpn configuration file:

auth-token TOTP

this means that your OpenVPN server expects a second factor authentication, which your client is not providing. The official free software version of OpenVPN connect client in any platform has no 2FA available at the moment.

Two solutions, get rid of auth-token-user USER and auth-token TOTP and give up the use of the 2FA in the server as well, or install as a client the windows client community edition, that is the only free software client that has integrated the 2FA.

First thank you CFusco. After I cleared all the configuration to start over fresh.
I then downloaded the OpenVPN-2.5.3 from OpenVPN . Installed it on my Window10.
I then create a new Certificate Authorities and -Key.
I then create a new Connection Status and -Control connection.
Downloaded the Client Pack
Create a new directory on my Window 10 laptop.
Copied all file to the new directory that I just created.
Edit the *.ovpn modified the pkcs12 and the tls-auth line to include the directory path.
pkcs12 **C:\OpenVPN3\**RemoteUser4.p12
tls-auth **C:\OpenVPN3\**ta.key

Import the configuration from file.
Select the Connect, and yes I have a VPN connection.