Skip to content

Fix: Authenticate/decrypt packet error: packet hmac authentication failed

  • by
  • 2 min read

There are a lot of different VPN providers out there, but only a few allow users to host their own VPN servers with as much freedom and flexibility as OpenVPN. However, that does require a fair bit of setting up, and that can cause problems. 

In this article, we’re talking about the “Authenticate/Decrypt packet error: packet HMAC authentication failed” error when setting up an OpenVPN server, its causes and what you can do to solve the problem. 

Also read: Top 7 VPNs for PC, Android, Mac, iOS and Chrome

What causes this error?

The error is usually caused by installing the wrong ta.key somewhere in the configuration file or cross-pollination between different versions of the OpenVPN server client on your computer. 

How to fix this?

Here are three fixes you can try out. 

Generate the ta.key properly

One of the most common causes of the error is an improperly generated or installed ta.key in your configuration file. Make sure you generated your keys as mentioned below.

openvpn --genkey secret ta.key

This should fix the problem.

Check the authentication standard

Another possible cause of the error can be an incorrect authentication standard. Make sure you use tls-crypt instead of tls-auth. 

This means that instead of writing

tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0

You’re going to write

tls-crypt /etc/openvpn/easy-rsa/pki/ta.key 0

Outside of solving the error, there are other advantages to using tls-crypt as well. For starters, it prevents MITM (Man In The Middle) attacks, is relatively easier to set up and has continued support whereas tls-auth has already been deprecated. 

Check cipher configuration

Last but not least, check to ensure you have the same cipher configuration across both the client and server. This means that you need to include the following line in both the client and server configuration files. 

cipher AES-256-CBC

Also read: Fix: Execution failed due to configuration error: malformed lambda proxy response

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: