Hi Thelma, I think you need tls-server And tls-client In your respective configs below.
Reference: https://askubuntu.com/questions/594868/openvpn-hmac-authentication-failure-no-matter-what-i-do And https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/ Grep for tls-server. On 22 February 2020 11:08:02 PM NZDT, the...@sys-concept.com wrote: >When I try to start openVPN on a client I see this error on a server: > >Sat Feb 22 02:32:10 2020 Authenticate/Decrypt packet error: packet HMAC >authentication failed >Sat Feb 22 02:32:10 2020 TLS Error: incoming packet authentication >failed from [AF_INET] > >cat server.conf >proto udp >port 9000 >dev tun >mode server >ca /etc/openvpn/cert/ca.crt >cert /etc/openvpn/cert/clinic_atom.crt >key /etc/openvpn/cert/clinic_atom.key >dh /etc/openvpn/cert/dh.pem >topology subnet >server 192.168.141.0 255.255.255.0 >client-to-client >ifconfig-pool-persist ipp.txt >client-config-dir ccd >keepalive 10 120 >tls-auth vpn_clinic.key 0 >tun-mtu 1500 >tun-mtu-extra 32 >mssfix 1200 >duplicate-cn >comp-lzo >max-clients 100 >persist-key >persist-tun >status openvpn-status.log >log /var/log/openvpn.log >log-append /var/log/openvpn.log >verb 3 > >On client-config: >clinic_atom.conf >client >dev tun >proto udp >port 9070 >topology subnet >remote xxx.xx.xx.xx 9070 # static IP >resolv-retry infinite >tun-mtu 1500 >tun-mtu-extra 32 >mssfix 1200 >persist-key >persist-tun >remote-cert-tls server >ca "/etc/openvpn/clinic_atom/ca.crt" >cert "/etc/openvpn/clinic_atom/syscon7.crt" >key "/etc/openvpn/clinic_atom/syscon7.key" >tls-auth "/etc/openvpn/clinic_atom/ta.key" 1 >comp-lzo >log /var/log/openvpn.log >log-append /var/log/openvpn.log >verb 3 > >-- >Thelma -- Kind regards, Roger