[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] Authenticate/Decrypt packet error: packet HMAC authentication failed?


  • Subject: RE: [Openvpn-users] Authenticate/Decrypt packet error: packet HMAC authentication failed?
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Tue, 20 Jan 2004 20:43:08 -0000

Tyrone Omidi <tyrone.omidi@xxxxxxxxxxxxxxxx> said:

> 
> I don't understand? If the keys are out of sync (different) how can the
> connection still work? 

"HMAC authentication failed" could mean a number of different things:

(1) You are using different keys on both sides of the connection.
(2) Encrypted packets are somehow getting corrupted during network transit.
(3) Non-OpenVPN packets are being sent to OpenVPN's port number.

The connection can still "work" in the sense that there is UDP connectivity,
but OpenVPN will drop any packet with a bad HMAC signature, i.e. one that does
not match the key given in --secret (or the key which is dynamically generated
in TLS mode).

James


> Thanks
> 
> -----Original Message-----
> From: openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx
> [mailto:openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Doug
> Lytle
> Sent: 19 January 2004 23:58
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] Authenticate/Decrypt packet error: packet
> HMAC authentication failed?
> 
> I usually see this when my keys are out of sync.
> 
> Doug
> 
> Tyrone Omidi wrote:
> 
> >Hi,
> >
> >Mon Jan 19 23:09:47 2004 7: Authenticate/Decrypt packet error: packet
> >HMAC authentication failed
> >
> >Can anyone tell me what this means and why it might happen?
> >
> >
> >  
> >
> 
> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 
> 
> ________________________________________________________________________
> Please visit our website for Online Quotations / Bookings
> http://www.sbsworldwide.com
> ________________________________________________________________________
> This email and any files transmitted with it are confidential 
> and intended solely for the use of the individual or entity to 
> whom they are addressed. If you have received this email in 
> error please notify postmaster@xxxxxxxxxxxxxxxx
> 
> This e-mail has been scanned for all viruses by Star Internet. 
> The service is powered by MessageLabs.
> ________________________________________________________________________
> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 



-- 






-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users