Key mismatches
OpenVPN offers extra protection for its TLS control channel in the form of HMAC keys. These keys are exactly the same as the static "secret" keys used in Chapter 1, Point-to-Point Networks, for point-to-point style networks. For multi-client style networks, this extra protection can be enabled using the tls-auth
directive. If there is a mismatch between the client and the server related to this tls-auth
key, then the VPN connection will fail to get initialized.
Getting ready
Set up the client and server certificates using the first recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.3.11. The client was running Fedora 22 Linux and OpenVPN 2.3.11. Keep the configuration file, basic-udp-server.conf
, from the Server-side routing recipe from Chapter 2, Client-server IP-only Networks.
How to do it...
Start the server using the configuration file,
basic-udp-server.conf
:[root@server]# openvpn --config...