I have my IPFire setup in a lab within my house. I have IPFire up and running and traffic passing to/from the Internet. Trying to get the OpenVPN working now and running into this error messages.
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 TLS: Initial packet from [AF_INET]192.168.1.125:50721, sid=08bd0f1a faa2ee1a
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 Authenticate/Decrypt packet error: packet HMAC authentication failed
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.125:50721
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 Fatal TLS error (check_tls_errors_co), restarting
Dec 3 10:12:35 ipfire1 openvpnserver[1219]: 192.168.1.125:50721 SIGUSR1[soft,tls-error] received, client-instance restarting
Can anyone point me to a document/link that show just how the client *.ovpn configuration file should be?
My client is an Windows 11 Pro
OpenVPN client 3.3.6 (2752)
Here is my OpenVPN client configuration file
#OpenVPN Client conf
tls-client
client
nobind
dev tun
proto tcp
tun-mtu 1400
remote 10.xxx.xxx.1 443
pkcs12 EdmundsonRemote4.p12
cipher AES-256-CBC
auth SHA512
tls-auth ta.key 1
verb 3
remote-cert-tls server
verify-x509-name ipfire1.localdomain name
mssfix 0
auth-nocache
auth-token-user USER
auth-token TOTP
auth-retry interact
-----BEGIN CERTIFICATE-----
MIIGqjCCBJKgAwIBAgIUNlDnL0Qx9+BsS45ksGAhLQXtzmMwDQYJKoZIhvcNAQEN
x
+9LpxemrdOhCln3/OOweU1nBK6bZhCO1LrcvYumLXn8xiHdiPX9ByTKP0s4DWSNg
TR8yQEwM/y4tBu9C1sisItnQJi8w/ipqG1ptyXU5
-----END CERTIFICATE-----
2048 bit OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
38029b7e9a88ed49db2f678d721ab5ca
x
c235e4366ce22fdf43659b5af8bef164
-----END OpenVPN Static key V1-----
Here is my IPFire OpenVPN server side configuration
#OpenVPN Server conf
daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare OpenVPN for listening on blue and orange
;local 10.xxx.xxx.1
dev tun
proto tcp
port 443
script-security 3
ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600
client-config-dir /var/ipfire/ovpn/ccd
tls-server
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
server 10.30.5.0 255.255.255.0
tun-mtu 1400
mssfix 0
keepalive 10 60
status-version 1
status /var/run/ovpnserver.log 30
ncp-disable
cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-auth /var/ipfire/ovpn/certs/ta.key
max-clients 100
tls-verify /usr/lib/openvpn/verify
crl-verify /var/ipfire/ovpn/crls/cacrl.pem
auth-user-pass-optional
reneg-sec 86400
user nobody
group nobody
persist-key
persist-tun
verb 3
Log clients connecting/disconnecting
client-connect “/usr/sbin/openvpn-metrics client-connect”
client-disconnect “/usr/sbin/openvpn-metrics client-disconnect”
Enable Management Socket
management /var/run/openvpn.sock unix
management-client-auth
Please point out what I am missing.
Thanks for the help in advance.