There are a lot of different VPN providers out there, but only a few allow users to host their own VPN servers with as much freedom and flexibility as OpenVPN. However, that does require a fair bit of setting up, and that can cause problems.
In this article, we’re talking about the “Authenticate/Decrypt packet error: packet HMAC authentication failed” error when setting up an OpenVPN server, its causes and what you can do to solve the problem.
What causes this error?
The error is usually caused by installing the wrong ta.key somewhere in the configuration file or cross-pollination between different versions of the OpenVPN server client on your computer.
How to fix this?
Here are three fixes you can try out.
Generate the ta.key properly
One of the most common causes of the error is an improperly generated or installed ta.key in your configuration file. Make sure you generated your keys as mentioned below.
openvpn --genkey secret ta.key
This should fix the problem.
Check the authentication standard
Another possible cause of the error can be an incorrect authentication standard. Make sure you use tls-crypt instead of tls-auth.
This means that instead of writing
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
You’re going to write
tls-crypt /etc/openvpn/easy-rsa/pki/ta.key 0
Outside of solving the error, there are other advantages to using tls-crypt as well. For starters, it prevents MITM (Man In The Middle) attacks, is relatively easier to set up and has continued support whereas tls-auth has already been deprecated.
Check cipher configuration
Last but not least, check to ensure you have the same cipher configuration across both the client and server. This means that you need to include the following line in both the client and server configuration files.