[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

RE: [Openvpn-users] Authenticate/Decrypt packet error: packet HMAC authentication failed?


  • Subject: RE: [Openvpn-users] Authenticate/Decrypt packet error: packet HMAC authentication failed?
  • From: "Tyrone Omidi" <tyrone.omidi@xxxxxxxxxxxxxxxx>
  • Date: Thu, 22 Jan 2004 10:03:02 -0000

Well I tried to find out why for a while longer but decided to give up.
Despite the errors, the tunnels never seemed to work any worse at all,
or any better when they're gone?  Guess it must be either (2) or (3).

Just for info the errors would pop up every 10 seconds and the same with
verb 9 and no mute.
Server is Linux-2.4.22 client WinXP.  The other 12 clients never had
this trouble.
HOWEVER my client is running XP SP2 (hadn't thought of that at the
time), which could possibly have something to do with it as a few other
programs are showing strange behavior. Also with the new firewall turned
off, a few programs cant connect out but I think this is when they're
using scripts/activeX.

I'll uninstall SP2 later and let you know if anything happens.

Many thanks for your help

-----Original Message-----
From: James Yonan [mailto:jim@xxxxxxxxx] 
Sent: 20 January 2004 20:43
To: Tyrone Omidi
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [Openvpn-users] Authenticate/Decrypt packet error: packet
HMAC authentication failed?

Tyrone Omidi <tyrone.omidi@xxxxxxxxxxxxxxxx> said:

> 
> I don't understand? If the keys are out of sync (different) how can
the
> connection still work? 

"HMAC authentication failed" could mean a number of different things:

(1) You are using different keys on both sides of the connection.
(2) Encrypted packets are somehow getting corrupted during network
transit.
(3) Non-OpenVPN packets are being sent to OpenVPN's port number.

The connection can still "work" in the sense that there is UDP
connectivity,
but OpenVPN will drop any packet with a bad HMAC signature, i.e. one
that does
not match the key given in --secret (or the key which is dynamically
generated
in TLS mode).

James


> Thanks
> 
> -----Original Message-----
> From: openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx
> [mailto:openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Doug
> Lytle
> Sent: 19 January 2004 23:58
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] Authenticate/Decrypt packet error: packet
> HMAC authentication failed?
> 
> I usually see this when my keys are out of sync.
> 
> Doug
> 
> Tyrone Omidi wrote:
> 
> >Hi,
> >
> >Mon Jan 19 23:09:47 2004 7: Authenticate/Decrypt packet error: packet
> >HMAC authentication failed
> >
> >Can anyone tell me what this means and why it might happen?
> >
> >
> >  
> >
> 
> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 
> 
>
________________________________________________________________________
> Please visit our website for Online Quotations / Bookings
> http://www.sbsworldwide.com
>
________________________________________________________________________
> This email and any files transmitted with it are confidential 
> and intended solely for the use of the individual or entity to 
> whom they are addressed. If you have received this email in 
> error please notify postmaster@xxxxxxxxxxxxxxxx
> 
> This e-mail has been scanned for all viruses by Star Internet. 
> The service is powered by MessageLabs.
>
________________________________________________________________________
> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 



-- 






________________________________________________________________________
Please visit our website for Online Quotations / Bookings
http://www.sbsworldwide.com
________________________________________________________________________
This email and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to 
whom they are addressed. If you have received this email in 
error please notify postmaster@xxxxxxxxxxxxxxxx

This e-mail has been scanned for all viruses by Star Internet. 
The service is powered by MessageLabs.
________________________________________________________________________


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users