--tls-auth: is direction needed?

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • x-yuri
    Junior Member
    • Apr 2024
    • 4
    #1

    --tls-auth: is direction needed?

    Hi there,

    I wanted to put the tls-auth key into the client config (<tls-auth></tls-auth>), but this way there are supposedly no way to specify the direction. And with direction 0 on the server, and unspecified on the client it doesn't work:

    Code:
    Apr 03 11:32:34 hostname openvpn[1598]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Apr 03 11:32:34 hostname openvpn[1598]: TLS Error: incoming packet authentication failed from [AF_INET]xx.xxx.xx.xxx:35966
    If I have it unspecified on both the client and the server it works. Is that okay to not specify the direction? Or should I keep the tls-auth key in a separate file and always specify the direction?
    Tags: key-direction
    • Answer selected by Pippin at 2024-04-08, 09:22 AM.
      x-yuri
      Junior Member
      • Apr 2024
      • 4
      Indeed, this way it doesn't work:

      Code:
      server: tls-auth-key ta.key 0
client: <tls-auth-key>...</tls-auth-key>
      This way it does:

      Code:
      server: tls-auth-key ta.key 0
client: <tls-auth-key>...</tls-auth-key>
        key-direction 1
      Thanks.
        • Selected Answer

        Comment

        • Pippin
          Administrator
          • Dec 2023
          • 19
          #2
          Originally posted by x-yuri
          Hi there,

          I wanted to put the tls-auth key into the client config (<tls-auth></tls-auth>), but this way there are supposedly no way to specify the direction.
          Please see
          Code:
          --tls-auth args
--key-direction
          in manual 2.6:
          openvpn
          https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html

            Comment

            • x-yuri
              Junior Member
              • Apr 2024
              • 4
              #3
              Indeed, this way it doesn't work:

              Code:
              server: tls-auth-key ta.key 0
client: <tls-auth-key>...</tls-auth-key>
              This way it does:

              Code:
              server: tls-auth-key ta.key 0
client: <tls-auth-key>...</tls-auth-key>
        key-direction 1
              Thanks.
                • Selected Answer

                Comment

                Previous template Next
                Working...
                😀
                😂
                🥰
                😘
                🤢
                😎
                😞
                😡
                👍
                👎