I'm trying to migrate an OpenVPN server and I'm running into configuration issues because of an endless string of terrible developer decisions regarding its configuration file format, combined with bad documentation.
It is possible, even? How do I solve: As per OpenVPN: "Authenticate/Decrypt packet error: packet HMAC authentication failed", I get the error message;
Authenticate/Decrypt packet error: packet HMAC authentication failed
TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:[[IP4]] (via ::ffff:[[IP4]]%[[IF]].161)
however, the client config may not be changed. Note: The VPN works on the new server when disabling the TLS PSK (but this involves telling users to put a '#' in a text file, at which point you may have lost), works on the old server both with and without PSK, but doesn't work after a transfer. The VPN config file involves some links to scripts for integration, so can't be copied wholesale.
I've tried changing the auth digest to SHA256 on both sides, which has no effect (same error message).
Can a few tables be provided for all possible combinations of OpenVPN versions what the value for the server settings
auth
tls-auth
data-ciphers
cipher
<anything else that might cause this>
need to be for the following client value?
auth = NOT DEFINED
tls-crypt = <file pointing to static key>
cipher = NOT DEFINED
data-ciphers = NOT DEFINED
Client version unspecified, though most important that it works with recent versions (2.6.x).
The server is running 2.6.8.
